Slashdot Mirror
Protecting a Laptop From Sophisticated Attacks
mike_cardwell sends in a detailed writeup of how he went about protecting a Ubuntu laptop from attacks of varying levels of sophistication, covering disk encryption, defense against cold boot attacks, and even simple smash-and-grabs. (He also acknowledges that no defense is perfect, and the xkcd password extraction tool would still work.) Quoting:
"An attacker with access to the online machine could simply hard reboot the machine from a USB stick or CD containing msramdmp to grab a copy of the RAM. You could password protect the BIOS and disable booting from anything other than the hard drive, but that still doesn't protect you. An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead. The first defense I used against this attack is procedure based. I shut down the machine when it's not in use. My old Macbook was hardly ever shut down, and lived in suspend to RAM mode when not in use. The second defense I used is far more interesting. I use something called TRESOR. TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM. The laptop I purchased works perfectly with TRESOR as it contains a Core i5 processor which has the AES-NI instruction set."
http://xkcd.com/538/
The real enemy, which is the alien space zebra vampires that are out to suck your blood.
Seriously, this much effort is excessive considering the value of what anybody in a normal situation should have on their laptop. If you have a genuine need for this, you should be on the level of the person carrying the Football, and as such, you would be better investing in the Secret Service equivalent.
Power it down, encase it in concrete, and toss it overboard into the Mariana trench.
I agree that it's just too much hassle to go through to secure a standard laptop. It's still an interesting experiment and it neatly lays out the attack vectors and potential counters.
Yes.
TFA's a fine intellectual exercise, but as explicitly pointed out, the willingness to commit kidnapping and inflict torture rather pathetically trumps all of that.
Interesting. Not completely practical, but interesting.
Welcome to the Panopticon. Used to be a prison, now it's your home.
you must value your pron a whole lot more than i do.
An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead.
Is this the whole "freeze electrons in place" nonsense? I'd love to see a real world example of this actually working.
Sounds like the whole "well if you dont wipe your drive with zeros a hundred times a guy with a tunneling electron microscope could count the off spin of the variant quarks.. blah blah " ie; theoretically possible with infinite funding, but not feasible in real life and only happens on movies.
You and your fancy registers, I use a specially trained hamster to push buttons depending on the bits it sees on an LED board. And the hamster only taps the buttons in the correct way if fed the correct combination of grains!
Although I am having my suspicions that the little bugger is selling information to the north korean hamsters...
Just because of the utter fail.
Tinfoil hat anyone???
Willingless to kidnap and commit torture is not trumped if you're dealing with law enforcement. If they gotten to the point where their only remaining option is beating the information out of you, then you've won, assuming our legal system has any remaining value. Evidence that flows from that beating isn't going to be admissible in court. And why would an ordinary citizen want to hide information from law enforcement? Malum prohibitum .
The frozen RAM trick is a neat concept and all but, let's get real for a moment. How real is the risk? Have you got anything that anyone wants that badly? If you do, is it really worth that much to you to prevent such a desperado from gaining access?
I've go highly sensitive bank(I work there) data on my laptop. It's very important that I prevent the leakage of that data. So much so that I spent an extra $100 to use a hardware encrypted disk(FDE). The baddies would have to grab it while it's running and unlocked or they've got to freeze the memory etcetera. But those are highly unlikely scenarios and they are simply not worth defending against.
Laptops go missing everyday, even in my own company. But, it's usually lost or stolen at an airport or train station, powered off, in its bag and unusable(at least the existing data is) to the person who finds it because of hardware encrypted FDE disks.
All further paranoia is futile. And, for those that say; 'well, I don't have a hardware encrypted disk.' If you're so worried about this stuff and your data isn't worth $100 to protect it with a hardware encrypted disk, then STFU.
falling gargoyles? par for the 'course'. as the never ending chosen ones' geonocidal holycost goes on & on, there's likely to be attacks on us from anywhere in the universe, or, from our also unchosen neighbors, according to our uncle sam. bad history repeats until it's corrected, or corrects itself?
disarm. read the teepeeleaks etchings. according to the genuine natives, 'its' happening again. see you there for sure, as there's no where left to run/hide fro several billion of us. millions of babys etc... continue to starve, &/or wait to be killed, in real time, all over the planet, today, now. must be the 'hard times' are preventing anybody from noticing/caring etc.... maybe it's the way our media portrays fear, & armed conflict, as OUR choice of pertinent information, leaving out pretty much everything else. as it was profitsized, to fit the never ending corepirate nazi holycost passover.
for each of the creators' innocents harmed in any way.... you know the rest by now.
I'd imagine a better honeypot. Just install MoviX with preinstalled Cursed Tape from The Ring. Now, if they steal your laptop, Samara gets them in exactly SEVEN DAYS
Bears.
An attacker could cool the RAM, remove it from
the running machine, place it in a second machine
and boot from that instead.
This is the biggest bunch of bullshit I've ever read. This guy needs slapped.
There's caring about the safety and security of your data, then there's being obsessed about the safety and security of your data, and way over the horizon is this guy.
One of the universal rules of happiness is always be wary of any helpful item that weighs less than its operating manual
this much effort is excessive
Oh let the guy fantasize that he's Johnny Mnemonic or whatever. It's preferable to playing with guns and pretending he's The Terminator
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
its like putting your life savings in your wallet.
Only if you're a Packers or Lions fan.
Learning HOW to think is more important than learning WHAT to think.
Yes.
TFA's a fine intellectual exercise, but as explicitly pointed out, the willingness to commit kidnapping and inflict torture rather pathetically trumps all of that.
Interesting. Not completely practical, but interesting.
Well, it depends on how you define practical - and what kind of situation you're in.
I mean, if it were my laptop? Sure, probably not worth this kind of security. Someone could get credit card numbers, site passwords perhaps, and possibly enough personal information to do some identity theft scheme... Damaging stuff, potentially, but probably not worth their while to extract the data, or worth my while to protect it.
But let's say it contained some sensitive, valuable information from my job - so that stealing my laptop could be a worthwhile target for corporate espionage. Then it might be worth protecting it a little more carefully...
Another thing to consider is that, while the XKCD password cracking algorithm does trump most forms of security, that's only true if someone is actually willing to use it. I could see kidnapping and torture as a real possibility if you were dealing with organized crime or an intelligence agency... Otherwise, the escalation of the crime (from simple theft of a moderately expensive piece of hardware to various forms of felony) would deter most people from attempting it.
If someone has reason to believe it's worth stealing my laptop for the information on it, simply stealing a laptop would be pretty easy. Nick it when I'm at a hotel or something - talk their way past the cleaning staff to get into the room, game over. If a laptop is stolen, police aren't going to care. The machine is simply gone. As long as the initial theft goes off without a hitch, it's a pretty safe crime, especially if they don't try to sell the machine after stealing it.
There's bound to be some level at which information is worth enough to be worth stealing a laptop, but not worth kidnapping and torturing someone for a password... So locking down the machine from those kinds of attacks isn't totally impractical. It just depends on what's on the machine.
Bow-ties are cool.
No, robots. They steal old people's medicine.
TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM.
Awesome, its stores the keys in the cpu debug registers when in use. The data to recreate them still has to flow into the CPU from ram, so all you're taking out is the path between ram and the CPU for an intermediate step. So all you get is a speed boost, no security gain since the attacker already knows the algorithm your using and all the data you provided to the CPU. The speed boost is nice if its being used all over the place (like for an encrypted FS) but otherwise its not that big of a deal and its certainly not new.
As for the rest, cryptfs or bitlocker with your screensaver/lock setup to throw out your keys when the screen blanks/suspends/whatever.
So basically Win7 with BitLocker enabled or whatever alternative setup results in the same thing on Linux. Its not even a little hard, and you've already got well past the point where they'll just beat the password out of you.
If you did it to learn, good for you. If you did it for some sort of practical value, then this really is one place where epic fail applies.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I once worked with an embedded device that demonstrates that nicely. This device didn't clear its display frame buffer on boot. You could power it down, then turn it back on and even several days later and the initial image on the display was recognizable (there was obvious corruption, but you could certainly tell what had been there before).
In general, when law enforcement has an instance where someone won't give up a password, they just put you in jail anyway, effectively that is just as good as finding you guilty, either way, you end up in jail. You lose.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead
Half of my netbook's memory isn't removable and if the author is actually worried about this kind of thing he can get a similar model and bite the bullet on performance by operating it with only the internal ram. I doubt the residual charge would last through unsoldering the chips and attaching them to a board to be put in another machine.
... as the root keys never leave the chip. But hey, trusted computing is eevil right?
If the AES keys never touch the RAM, then whatever is on the RAM is useless to anyone who does not have the keys.
In general, when law enforcement has an instance where someone won't give up a password, they just put you in jail anyway, effectively that is just as good as finding you guilty, either way, you end up in jail. You lose.
If they're set on it, there's nothing you can say that will change an officer's mind about putting you in jail once they've decided they're going to. Give them all the passwords you want. Refuse them. It doesn't really matter.
Incidentally, whenever you ask a lawyer if they've ever had a case helped by the client opening his mouth to police investigators, they just start laughing. Opening your mouth, even about a password, even if you're TRYING to help, cannot possibly help you.
What does he have on his laptop that's so gd important that he has to go through this much hassle to secure it....kiddie porn?
If your laptop is valuable enough that someone would go through the effort of chilling the RAM and booting the machine, you should probably not be laying your laptop out on the table at Starbucks. In fact, if your laptop is that valuable, you've done something incredibly stupid in your systems design.
Encrypt the data (either individual files, your homedir, or the whole drive), and don't use a really stupid password. If that's not good enough for your data, then your data belongs on a system which is not portable and which has actual physical security applied.
What has happened in the past (and was reported on in the news a few weeks ago), is that a judge orders you to divulge the password(s) and if you refuse he sentences you to contempt of court and keeps you in jail/prison until you do reveal the passwords.
9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
You are thinking of firewire.
To jail you they will have to charge you with something, typically contempt of court or obstruction. Neither of these is a felony where I live and the prison terms are modest. Meaning that once released you'd still be young, able to vote, carry a firearm and get a job. Plus by standing up for your privacy you might help change the society we live in.
In the US at least, contempt of court has a prison term of 'until you comply with the court order.'
Still untested for all practical purposes, but...
The fifth amendment here in the US *should* protect you from being compelled to give up passwords that are not written down, including punishment via contempt of court.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Really?
Where was this?
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Federal judges can jail you forever. Terms vary in state courts.
That's still being debated. It depends on the circumstances. It's a new thing for the courts to deal with, and we can all see where this is going.
What has happened in the past (and was reported on in the news a few weeks ago), is that a judge orders you to divulge the password(s) and if you refuse he sentences you to contempt of court and keeps you in jail/prison until you do reveal the passwords.
...
[citation needed]
Failing that you take the Screwed less test:
Will disclosing the key screw me more or less than keeping it secret?
If the answer is less, well, give up the key.
If it is more give up the key with a typo or two.
(Ollie North style)
"I'm sorry sir I don't recall"
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
---Anonymous Coward
Impossible in my jurisdiction.
Free Manning, jail Obama.
It is a neat experiment.
Unfortunately, some people need to have a laptop and move around in the field. I am not talking about executives either. So this is hardly worthless.
Regardless of what he said, I am reminded about the security principle of "Once the equipment is out of your possession, there is no security".
To make sure we have always been secure, we don't store sensitive data on the laptops themselves, but remote in and do work on different machines. Windows Server 2008 remote desktop sessions are nice when you need that platform and then have consistent tools and versions for multiple people.
If we ever lose a laptop, which has happened, there is somebody available 24/7 to change the security credentials to prevent access. Add some low level BIOS services to render the machine useless, report its position, take a picture, and destroy the OS is also nice to have.
We have never been under the impression though that you can truly secure hardware when it is out of your possession, which is why they are primarily used as thin clients to do work elsewhere.
For some people that might not work, and need to work locally, but for what we do work ain't happening without an Internet connection anyways.
Isn't there a truecrypt feature that allows you to have 2 passwords, each one showing a different partition. This allows you plausible deniability. Just hand over the dummy password and they can see the stuff you want them to see.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
(I know I'll get flamed for targeting all the Comment owners) But here's what I think. You guys are sad for all saying the same thing almost (This is insane, this isn't needed, he's playing with guns..etc)...
Well, what you guys are saying is exactly in the lines of "640K ought to be enough for everybody". There was no RSA before RSA came... There was no Captcha (and then the bots made you have Captcha)... and so on.
Making your laptop more secure is good. It's advisable. However much you can make it secure, the better. Because, sooner than later, you'll realize the "freaky" attacks that he'd described will be common-place script-kiddie stuff and then, you'll be scavenging for his post so you can apply the rules!!!
He's done an excellent job in explaining how to do things (I loved the part on running your firefox as a different user and one of the comments on the main article, points out a flaw and gives a better way... I'm going to implement it soon)
Look at the sophisticated attacks by Anonymous and Lul(whatever)... Those "sophisticated" attacks will be common place in a year or 2... And qubes is a great alternative as well... Security by Isolation is a good example. /. is losing edge is because you all have failed to SEE THE AWESOME NERDINESS of the post! Where's your .. love for nerd-shit!
Anyway, why I say the crowd at
I mean, since when have all of you become so oh "practical" and "live real bro".. I bet all of you were checking your facebook without http while posting your silly comments!
We need an overhaul of real geek nerd crowd here to talk real stuff!!! And I hope most of you were through a Linux / BSD Distribution while commenting and not... cheekily using the pre-installed Windows 7 and just posting Love for Linux when you don't know how to run 3 commands through it.
Step up. Just because Rob quit don't mean the good guys go away! (I don't have a /. id, so if you want to personally flame me... omar dot technologies at gmail dot com
Isn't there a truecrypt feature that allows you to have 2 passwords, each one showing a different partition. This allows you plausible deniability. Just hand over the dummy password and they can see the stuff you want them to see.
And if you don't have a second one, they're assume you do anyway, and torture you until you give up the 'other' password.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.Coleman is another famous bran
A tent and is thechristian louboutin knockoffs most important one, you will need to for a hike or camping equipment.
Since I recently set up BitLocker on a Windows 7 laptop (requires Ultimate or Enterprise which are not cheap) - if you have a TPM chip it's convenient to use in the default setup with keys held in the TPM, but if the laptop is stolen it doesn't stop anyone booting it and trying passwords, though it does stop them booting from CD/USB drive to read the disk, or putting the disk in another PC.
TrueCrypt and commercial Windows tools such as PointSec which require a separate disk decryption password every time you boot, which I think is more secure.
"Man, i can't boot anymore, that sucks!"
"How come?"
"A fish ate my USB disk"
Another thing to consider is that, while the XKCD password cracking algorithm does trump most forms of security, that's only true if someone is actually willing to use it. I could see kidnapping and torture as a real possibility if you were dealing with organized crime or an intelligence agency... Otherwise, the escalation of the crime (from simple theft of a moderately expensive piece of hardware to various forms of felony) would deter most people from attempting it.
Not only that, but one also has to consider that most attempts to steal information from say a laptop probably has as an requirement that it is done in stealth which means that they cannot go the XKCD route. Much information gathered would be worthless if the victim knew that it had been stolen.
Okay, I learned about TRESOR, that's cool. Also, running firefox as a different user is an old trick I've been using for a long time.
However, I live by a basic rule that's served me well. Laptops are fundamentally weak places to keep data.
Yes Francis, the world has gone crazy.
Just write some dumbass crypto program that does something no other crypto program is doing. Put some backdoors in the source code but obfuscate them properly. Mike Cardwell will try out the program....mission accomplished.
Hey, wait, this is not fair! Now WE don't have anything to post anymore.
That's why fixing this bug will help more for plausible deniability than Truecrypt's "feature": https://bugs.launchpad.net/ubuntu/+bug/148440
When "everyone" has an encrypted partition/file whether they use it or not, it's much easier to deny using it.
Don't get yourself in the situation where you have to defend yourself from people that want your info that badly. Disk encryption is fine, sure it drains battery. But i'd say 99% of people that get your laptop from there will give up. If you have to worry about the other 1% your life is pretty whacked. Or you are in the military and they have standards you should be following.
Has a profile in its tests for "SSLF Laptop", which really might be of assist here to others in that capacity - it has other test profiles, but the "SSLF" ones ARE the MAIN ONES to use (they push the security settings to the max/limit is why: Why else do securing a system unless you do that after all... imo, @ least!)
This test not only extends to Windows, but also Linux (and many other OS platforms as well), & is VERY comprehensive - based on "best practices" from the security realm! It was also highly acclaimed in COMPUTERWORLD here:
http://www.computerworld.com/s/article/9018362/CIS_tool_aims_to_help_federal_agencies_check_Windows_security_settings
* For those of you interested in acquiring a test license/evaluation (good for 33 days iirc)? Go here:
http://benchmarks.cisecurity.org/en-us/?route=default
(It's "The GOOD STUFF"...)
APK
P.S.=> In fact? Well - I just finished up doing it on my home system (91% score of 100, & would be 98% IF I didn't disagree with a couple settings they espouse, whereas I do not (I will be discussing it w/ they via email shortly/soon this week in fact)), since the folks @ CIS know I've been "championing it" since late 2007, here:
http://www.google.com/#sclient=psy&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&pbx=1&oq=%22HOW+TO+SECURE+Windows+2000%2FXP%22&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=3242l10817l0l11038l35l28l1l0l0l0l373l5510l0.6.15.3l24l0&bav=on.2,or.r_gc.r_pw.&fp=87cd2c56f2a7d925&biw=983&bih=646
And gave me a license recently (very cool of they, imo!)
I did it for my home system, a Windows 7 64-bit based one, using the SSLF Desktop profile (been using this tool for YEARS now, since 2007 or so, because it makes securing a system @ the software/OS level almost "fun-to-do" - like running a performance benchmark test program, albeit for SECURITY PURPOSES!)...
... apk
isn't this, what we have apparmor for?
The real enemy, which is the alien space zebra vampires that are out to suck your blood.
Seriously, this much effort is excessive considering the value of what anybody in a normal situation should have on their laptop. If you have a genuine need for this, you should be on the level of the person carrying the Football, and as such, you would be better investing in the Secret Service equivalent.
I think the education of the author and indirectly those who read the post goes far beyond the value of protecting that particular laptop. I don't have the patience to spend as much time as he did researching and experimenting, but now I can benefit for his work by implementing some of the same protections. The logical extension of this project would be to produce an install disk making it possible for anyone to have the same level of security on her laptop with only slightly more effort than a standard Ubuntu install. The benefit of that would easily outweigh the time spent on the prototype. Such a Ubuntu (or other distribution) installer could be created by the author, since he's already done some work in that direction, or anyone else who reads the post.
One thing that I really like about his technique is the practical application of the honeypot. It would be great for crossing the border back into the U.S.
Customs Agent: Please open and log on to your laptop.
Honeypot Owner: Yessir! (logs on to functional Win 7 partition while his private stuff is nicely hidden away)
The problem for me is that an 8 gig partition is not viable.
When you sympathize with stupidity, you start thinking like an idiot.
USB and Firewire Ports, meet Mister Hot Glue Gun. Mister Hot, the heat is on, do your thing, get some holes lubed up, do the old in-out, fill 'em up good with the creamy goodness.