Date: Sat, 5 Mar 2005 21:06:04 +0000 From: "Charles M. Hannum" <abuse@spamalicious.com> To: "ALeine" <aleine@austrosearch.net> Cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE Message-ID: <200503052106.05001.abuse@spamalicious.com> In-Reply-To: <200503041855.j24Itmfa032915@marlena.vvi.at> References: <200503041855.j24Itmfa032915@marlena.vvi.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 04 March 2005 18:55, ALeine wrote: > > 1) If you're doing analysis of a cold disk, it is ~trivial to tell > > the difference between a sector that has been written only once and > > a sector that has been rewritten. > > This is hardly trivial, you are basing your statement on the false > assumption that one cannot or will not do anything to protect the > encrypted image after the initialization. One can do a lot. I'm basing my statement on the assumption that people will use GBDE. I see nothing in GBDE to prevent such analysis. > > 2) When used in a SAN environment, or an environment where > > multiple accesses to the drive can be done over time, it is > > possible to determine this fairly quickly using traffic analysis. > > The GBDE paper even touches on this in section 10.3. Have you > > read it? > > First of all, protection against traffic analysis on a SAN is in > the territory of hot disk protection and GBDE, as you must have > surely read, is designed for cold disk protection. No, actually, it's not. "Hot disk" protection as defined in the GBDE paper refers to breaking the GBDE partition *on the machine that's using it*, where you have the keys in memory. That's not even vaguely what I'm talking about. Furthermore, people *have* discussed using GBDE in a SAN environment. Also, I'm not talking about necessarily using the SAN as direct storage for the GBDE partition. It could, for example, be used to back it up. In either case, traffic analysis will find a lot of information -- e.g. I propose that just by looking at which sectors tend to be modified together, that the sector "rotation" and zone size can be discovered with usually no more than two snapshots (it depends on how much has been modified), and is therefore pretty much useless cryptographically. > SANs are by > definition high availability environments and as such have high > volume traffic, so if you have someone who has access to be able > to monitor that traffic and can also analyze such high volumes > of traffic and can also clone your entire SAN storage devices > unnoticed without causing a service disruption then you have > much bigger problems, so worrying about GBDE should be the > least of your concerns. :-) I am not talking about "cloning your entire SAN storage device". In reality, cloning a user's GBDE partition stored on a SAN would generally be trivial, as it would only be a small fraction of the SAN. > Second of all, the cleaning lady copy attack (described in section > 10.3), where someone can regularly make bit-wise copies of the > entire disk containing the encrypted image and determine the > location of sensitive structures by means of differential analysis > is not very practical. Actually, it's quite practical. It requires no hardware modification that might be noticed, and it only requires intermittent access to the machine. And as I said above, traffic analysis will yield considerable results toward breaking the encryption. Do you keep *your* laptop next to you 24/7? Very few people do. Some laptop manufacturers (e.g. Dell) even make it particularly easy to remove the disk. While you might claim that the dedication to study the user's behavior and mount such an attack is fanciful, I claim that it is not. Under observation, GBDE's additional techniques do not stand up to the claim of being "spook strength".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503052106.05001.abuse>