[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

John Gilmore gnu at toad.com
Mon Oct 28 04:20:58 EDT 2013


>                    For example, if you assume that the attacker has
> network taps at Fort Meade and in a phone closets of companies like
> AT&T, they are very likely not going to be able to watch your LAN
> traffic.  OTOH, if they have physical access to your LAN such that
> they can drop an agent close to your computer that can monitor all of
> the packets hitting your computer, we have to ask how are they doing
> this?  If they can someone break into your local ethernet switch
> remotely, then you might be in a world of hurt (although usually
> switches generally don't have enough of general purpose CPU that this
> is likely).

What else is on your LAN besides a network switch?  Do you have a
printer with an Ethernet jack?  Or a DSL modem?  Or a cable modem?  Or
a low-end commercial NAS box?  All of these typically run an embedded
system using some old version of Linux, and never get their firmware
updated to close zero-day security holes.  If one of them can be taken
over, and can convince your network switch to send them all the
packets (perhaps by ARP flooding or ARP spoofing), then that embedded
system can wiretap any LAN transaction it likes.  

Many DSL modems contain a small switch, which if it's the only switch
in a small home or office network, would make all packets among local
nodes accessible to malware running in that DSL modem.

Many cheap Ethernet switches are 'intelligent' meaning that they have
an embedded processor that offers a Web configuration interface.
Such devices are fertile malware targets.

Automated global-scale attacks against such embedded systems are
certainly feasible.  Could the injected code be sufficiently subtle to
detect and store or report entropy events like packet timing, without
becoming sufficiently obvious that the malware's presence is detected
on the network?

	John

PS: On the "big iron" rather than "small network" end of things, don't
forget virtual machines, in which a compromised VM hypervisor has full
access to all the packets (and to many other aspects of the machines
running under it).


More information about the cryptography mailing list