Re: [dm-crypt] FYI: how to (really) cleanly shutdown the system when root is on multiple stacked block devices

[Arno Wagner <arno@wagner.name>]

On Sun, Jun 27, 2010 at 04:28:35AM +0200, Christoph Anton Mitterer wrote:
> On Sun, 2010-06-27 at 01:34 +0200, Arno Wagner wrote:
> > Hmm. You know, encrypted root is a problem and pretty difficult
> > to do in the rfirt place. Why not just encrypt the critical 
> > parts, like /var /home /root? The rest only holds binaries
> > and config files anyways, which are not that sensitive...
> They're actually very sensitive, against compromise "when I'm not there"
> and the device is e.g. shut down (or even running).

For running, I recomend looking up physical memory freezing.
It allows you to cool down the memory, pull the pwer plug and
read the complete memeory contents up to a few minutes later on 
an external device. The keys are in there.

For not running, there are numerous ways to still attack the system.

> An attacker with access to my device could easily add e.g. a rootkit
> when I'm not there, which just waits until I once decrypt the "important
> stuff" and sends the key/data back home.

The current consensus in much of the security community is that
if an attacker has that level of physical access, you are screwed
anyways.  

> dm-crypte largely protects you from this. 

Only against very low-powered attackers. Against these I reccomend
a better lock on the door.

> Even if it doesn't give you
> mathematical integrity/authenticity, it's still very difficult for an
> attacker to do reasonable attacks (other then destroying your data)
> because he neither know where to change, nor to which value.

There are all kinds of possibilities to install keyloggers and other 
malicious software. Your kernel, for example, cannot be encrypted.
Keyloggers in all sizes and shapes, including inside your keyboard
can be installed. Other things can be done. 

Face it, you are using the wrong tool if protection against 
manipulation with physical access is your goal. For that 
I would recommend a safe that is intended to have a PC running
inside it. Not too cheap, but tamper-obvious. 

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier