Slashdot Mirror
Protecting a Laptop From Sophisticated Attacks
mike_cardwell sends in a detailed writeup of how he went about protecting a Ubuntu laptop from attacks of varying levels of sophistication, covering disk encryption, defense against cold boot attacks, and even simple smash-and-grabs. (He also acknowledges that no defense is perfect, and the xkcd password extraction tool would still work.) Quoting:
"An attacker with access to the online machine could simply hard reboot the machine from a USB stick or CD containing msramdmp to grab a copy of the RAM. You could password protect the BIOS and disable booting from anything other than the hard drive, but that still doesn't protect you. An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead. The first defense I used against this attack is procedure based. I shut down the machine when it's not in use. My old Macbook was hardly ever shut down, and lived in suspend to RAM mode when not in use. The second defense I used is far more interesting. I use something called TRESOR. TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM. The laptop I purchased works perfectly with TRESOR as it contains a Core i5 processor which has the AES-NI instruction set."
The real enemy, which is the alien space zebra vampires that are out to suck your blood.
Seriously, this much effort is excessive considering the value of what anybody in a normal situation should have on their laptop. If you have a genuine need for this, you should be on the level of the person carrying the Football, and as such, you would be better investing in the Secret Service equivalent.
I must be new here, I thought it was traditional to at least RTFS, if not RTFA.
Gee, I wonder how that link got planted into your mind...
INCEPTION
What time is it/will be over there? Check with my iPhone app!
Doesn't protect you from Murlocs or Aquaman.
Aquaman is out to get you, that's why he has been using his aquatic telepathy to convince you to throw your laptop overboard.
The concrete is to protect it from the pressure.
He's very cunning. You have to be with such a lame power.
I agree that it's just too much hassle to go through to secure a standard laptop. It's still an interesting experiment and it neatly lays out the attack vectors and potential counters.
you must value your pron a whole lot more than i do.
You and your fancy registers, I use a specially trained hamster to push buttons depending on the bits it sees on an LED board. And the hamster only taps the buttons in the correct way if fed the correct combination of grains!
Although I am having my suspicions that the little bugger is selling information to the north korean hamsters...
Unless they know what they want and don't find it in your primary encrypted drive, in which case they'll continue to beat you. What, you don't think they also know about plausibly deniable encryption?
With pretty much every nation either already being a police state or quickly becoming one, I don't see any scenario in which they would actually avoid the sadistic pleasure of beating on a suspect, whether or not they really think they could get what they want.
More Twoson than Cupertino
The only people who I could reasonably see being at risk for this would be people like national leaders, diplomats and other REALLY IMPORTANT PEOPLE. I can't imagine such an attack being used against average people, and beyond that even in the case of REALLY IMPORTANT PEOPLE, it's going to have to be done pretty bloody quickly, and I still question how much data you're going to get out of it in real world conditions.
I'm putting this under "paranoid schizophrenic".
The world's burning. Moped Jesus spotted on I50. Details at 11.
I was surprised to read that too, but apparently freezing RAM in liquid nitrogen can retain the data stored in it for up to a week. All RAM modules have some data remanence, apparently , and data can last for a few seconds or even minutes in RAM after power loss at room temperature (which is why the hard reset attack works at all) and longer if the modules are cooled (even without liquid nitrogen). I imagine a can of compressed air held upside down would do the trick in a pinch. I was surprised too, but it makes sense. Data isn't held in some magical electrical suspension, it reflects an actual physical state of matter, even in RAM, and while that state may degrade quickly without power, it won't vanish instantly. Higher temperature increases entropy, so cooling it slows that down.
And while these attacks seem unlikely, it is yet another possible attack vector to get at sensitive information. Attacks on PLCs seemed unlikely too, until Stuxnet came around.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Yes.
TFA's a fine intellectual exercise, but as explicitly pointed out, the willingness to commit kidnapping and inflict torture rather pathetically trumps all of that.
Interesting. Not completely practical, but interesting.
Well, it depends on how you define practical - and what kind of situation you're in.
I mean, if it were my laptop? Sure, probably not worth this kind of security. Someone could get credit card numbers, site passwords perhaps, and possibly enough personal information to do some identity theft scheme... Damaging stuff, potentially, but probably not worth their while to extract the data, or worth my while to protect it.
But let's say it contained some sensitive, valuable information from my job - so that stealing my laptop could be a worthwhile target for corporate espionage. Then it might be worth protecting it a little more carefully...
Another thing to consider is that, while the XKCD password cracking algorithm does trump most forms of security, that's only true if someone is actually willing to use it. I could see kidnapping and torture as a real possibility if you were dealing with organized crime or an intelligence agency... Otherwise, the escalation of the crime (from simple theft of a moderately expensive piece of hardware to various forms of felony) would deter most people from attempting it.
If someone has reason to believe it's worth stealing my laptop for the information on it, simply stealing a laptop would be pretty easy. Nick it when I'm at a hotel or something - talk their way past the cleaning staff to get into the room, game over. If a laptop is stolen, police aren't going to care. The machine is simply gone. As long as the initial theft goes off without a hitch, it's a pretty safe crime, especially if they don't try to sell the machine after stealing it.
There's bound to be some level at which information is worth enough to be worth stealing a laptop, but not worth kidnapping and torturing someone for a password... So locking down the machine from those kinds of attacks isn't totally impractical. It just depends on what's on the machine.
Bow-ties are cool.
TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM.
Awesome, its stores the keys in the cpu debug registers when in use. The data to recreate them still has to flow into the CPU from ram, so all you're taking out is the path between ram and the CPU for an intermediate step. So all you get is a speed boost, no security gain since the attacker already knows the algorithm your using and all the data you provided to the CPU. The speed boost is nice if its being used all over the place (like for an encrypted FS) but otherwise its not that big of a deal and its certainly not new.
As for the rest, cryptfs or bitlocker with your screensaver/lock setup to throw out your keys when the screen blanks/suspends/whatever.
So basically Win7 with BitLocker enabled or whatever alternative setup results in the same thing on Linux. Its not even a little hard, and you've already got well past the point where they'll just beat the password out of you.
If you did it to learn, good for you. If you did it for some sort of practical value, then this really is one place where epic fail applies.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Think of it like a hobby. It may not be really practical, but it's interesting to some people.
It is a theoretical possibility and has been shown to be possible.
Lets be honest though.... it is just not that likely of an attack. Lets not forget you can't encrypt your initrd... Unless you store your boot partition on a USB key and carry it with you, then it can be modified by an attacker. All he has to do it reboot the machine, install a key logger in the initrd, and get the passphrase the next time you type it in.
That or install one between the keyboard and machine. Hell, can probably do everything he needs from the USB bus. Did they ever fix that USB bus problem where a USB device could get full DMA without any OS help required? Hell the USB device could even be installed inside the laptop so its active and invisible while you use it.
Thats before we even talk about things like, installing a pinhole camera to record your keystrokes....oh or using audio, as its been demonstrated that you can reliably recover typed information from recordings of the typing.
Without physical security there is no security. You can't prevent your hardware from being booby trapped... and there are people out there with entire labs devoted to producing this sort of clandestine equipment. Hell, the FBI is known in some instances to have put a tarp in front of a whole house at night, with a print of the original house on it...just so they could work undetected.
Its all a matter of who wants your data and what they are willing to get it.
-Steve
"I opened my eyes, and everything went dark again"
?
Care to elaborate? It's really not very hard at all to put the RAM in another machine, and boot that machine with a little bootloader/program that just dumps to contents of RAM to a file.
The dude even linked to the tool and the technical explanation: http://www.mcgrewsecurity.com/tools/msramdmp/
Lets not forget you can't encrypt your initrd...
You can compute its hash, though, and fail to boot if the hash has changed. See TrustedGrub.
I must be new here, I thought it was traditional to at least RTFS, if not RTFA.
Your not the new one.... someone needs to tell Soulskill the obligatory XKCD belongs in the comments not the summary.
Jeez, taco's gone for one day and posters start slacking.
You are thinking of firewire.
Worse. Photos of kittens playing with balls of yarn! Something that he can't let his colleagues see lest he be shamed for the rest of his life.
or one could superglue the DIMMS in place
you don't eat crackers in the bed of your future--or else you'll get all scratchy
Let me put my tinfoil hat on for a moment... Beatings aren't necessary, the US gov't can simply use the NSAKEY to decrypt anything encrypted using Microsoft libraries...
This story is about an Ubuntu laptop. I doubt any Microsoft libraries were used.
alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
as an undergrad, I interfaced a DRAM chip (with internal refresh logic) to an FPGA connected to an ADC and DAC with microphone and speaker. The FPGA was configured to contain a soft processor of my own design, which ran a hard coded program that simply read from the ADC and wrote to sequential ram positions when one button was pressed, and read from ram and wrote to DAC when the other was pressed. The DRAM thus contained uncompressed PCM data.
If I recorded myself saying something, and then pulled the plug and then plugged it back in within 3 minutes, and pushed the play button, you could still make out what I said. It takes a shockingly long time before the ram decays completely to white noise. This is without any cooling of the RAM at all.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
It is a theoretical possibility and has been shown to be possible.
If he is referring to "putting the RAM into another PC" and "booting from the ram", hes full of crap and isnt qualified to defend against these attacks. Every theoretical attack I have heard of relies on specialized hardware to read the RAM without altering it.