CFS vs. loopback encryption (was Re: [open-source] File encryption)
Adam Back
adam at cypherspace.org
Tue Feb 12 18:16:17 EST 2002
It's quite hard to guarantee that no one has unattended access to your
machine at any time.
A paranoid user could checksum his binaries, and keep the checksum and
minimal boot image on a flash USB fob, or boot off a CDROM, and keep
the checksum on flash. Then the user could again consider the machine
part of the TCB modulo hardware keyboard sniffers etc.
So it might be nice for an encrypted file system to have native
support for authentication based on the password for this reason also.
Of course said paranoid users could always do their own authentication
using hmac or whatever of the entire file system contents, but
built-in support could more efficiently do this for larger file
systems by MACing parts (sectors?).
Adam
On Tue, Feb 12, 2002 at 09:37:09AM -0500, Ian Goldberg wrote:
> On Mon, 2002-02-11 at 20:55, Jerome Etienne wrote:
> > for information, i released a text which describes a security hole in
> > the encrypted loop device for linux. Because of it an
> > attacker is able to modify the content of the encrypted device
> > without being detected. This text proposes to fix the hole by
> > authenticating the device.
> >
> > the text can be found in http://www.off.net/~jme/loopdev_vul.html
>
> I'm not sure I believe that that's the right threat model. If an
> attacker can modify your encrypted device and return it to you without
> your knowledge, surely he could more easily just patch your losetup to
> record your passphrase, or replace AES with the identity transform,
> or something more fundamental like that?
>
> Once the attacker gets root or physical control over your device, I'd be
> hard-pressed to consider it part of your TCB any more.
>
> That being said, if your encrypted device *isn't* part of your TCB,
> you do have a good point. If you make an encrypted filesystem out of
> an NFS-mounted file, say (I'm not sure this is actually possible),
> or a removable disk, then what you point out is really important.
>
> Many people use an encrypted filesystem in case the machine is lost or
> stolen; once the machine transitions from being in your TCB to out of
> it, I don't think it can come back in very easily.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list