From owner-freebsd-security@FreeBSD.ORG Sun Jul 30 23:09:28 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8EF716A4DA for ; Sun, 30 Jul 2006 23:09:28 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC02143D46 for ; Sun, 30 Jul 2006 23:09:27 +0000 (GMT) (envelope-from brett@lariat.net) Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id RAA04365; Sun, 30 Jul 2006 17:09:04 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <7.0.1.0.2.20060730165700.0948e898@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Sun, 30 Jul 2006 17:08:38 -0600 To: Jonathan M Bresler , Mike Tancsa From: Brett Glass In-Reply-To: <20060711170817.X94314@newgate.bresler.org> References: <77192.1152649343@critter.freebsd.dk> <20060711204521.80198.qmail@web30304.mail.mud.yahoo.com> <6.2.3.4.0.20060711165223.04bce500@64.7.153.2> <20060711170817.X94314@newgate.bresler.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailman-Approved-At: Mon, 31 Jul 2006 00:02:16 +0000 Cc: freebsd-security@freebsd.org, Poul-Henning Kamp , "R. B. Riddick" Subject: Re: Integrity checking NANOBSD images X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jul 2006 23:09:28 -0000 At 03:22 PM 7/11/2006, Jonathan M Bresler wrote: >If the box is subject to tampering and not in a tamper-proof container, >then it may be impossible to know whether or not the device has been >tampered with or modified. It's true. Any attacker with sufficient knowledge of what you were doing and sufficient motivation could spoof the correct response. And of course relying upon the attacker not knowing what you're doing is "security by obscurity," which often works but might not provide the level of confidence you want. It occurs to me that there are two ways to deal with this sort of problem. One way is to make it unrewarding for the attacker to hack the boxes. The other is to make it too logistically difficult for the attacker to bother. For example, you could have two or more boxes in the same area checking one another in a sort of "tag team" arrangement. The communications links from all of them back to you might be slow, but the links between them could be lightning fast. If something odd happened (e.g. one of them suddenly did not respond or acted funny even for a millisecond) one or more of them could sound the alarm. The expense and difficulty of hacking them all simultaneously would go up exponentially with the number of "team mates." --Brett Glass