[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security

wojtek@ifirma.pl wojtek@ifirma.pl
Thu, 22 Mar 2001 15:08:08 +0100 

There is no software-only solution to this problem. Two factor
authorization is required i.e. an USB token and password. There are tokens
currenty under development, where your private key never leaves the token.
This takes security two steps ahead.

Wojek



                                                                                                                            
                    "Mark S. Miller"                                                                                        
                    <markm@caplet.com>            To:     "John C. Randolph" <jcr@idiom.com>                                
                    Sent by:                      cc:     eros-arch@eros-os.org, Miriam Walker <mwalker@cs.berkeley.edu>    
                    eros-arch-admin@mail.e        Subject:     Re: [EROS-Arch] Re: [E-Lang] Re: Interaction Design for      
                    ros-os.org                    End-User Security                                                         
                                                                                                                            
                                                                                                                            
                    22-03-01 14:20                                                                                          
                                                                                                                            
                                                                                                                            




At 06:09 PM Wednesday 3/21/01, John C. Randolph wrote:

>On Wednesday, March 21, 2001, at 05:44 PM, Mark S. Miller wrote:
>[snippage]
>
>>This leaves stock desktop machines in unlocked offices in an untenable
>>situation.  Software by itself can do nothing to repair the situation.
>>This
>>may be the strangest argument yet for telecommuting -- separation of
>>physical vulnerabilities.
>
>What about encrypted filesystems?

Encrypted filesystems prevent the attacker from obtaining the data at the
time of the break-in.  However, as with Seth's keyghost example, the
attacker can corrupt your system so that any further use of it gives them
everything. Hardware attacks like keyghost are cool but aren't necessary.
Given stock hardware, the attacker can reboot your machine from an inserted

floppy, corrupt the software that would revive it from the encrypted file
system, send the contents of the encrypted file system over the internet to

themselves for decryption later, remove their floppy, and reboot again.

When you reenter your office, you find the machine is no longer in your
locked screen saver.  Instead, it's rebooted and is asking for the
passphrase for unlocking the encrypted file system.  No cause for alarm,
your machine reboots more often than you'd like anyway. Even if you're
paranoid enough to not be sure you're looking at the genuine reboot-prompt
state, you reboot again and are prompted again.  You type in the
passphrase,
and game over.


        Cheers,
        --MarkM

_______________________________________________
eros-arch mailing list
eros-arch@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/eros-arch