Re: rootkit and 10 minutes ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Oct 29, 2002 at 04:44:16PM -0500, Michael T. Babcock wrote:
> What you seemed to be presenting is this:
> 
> keysystem <-> kernel fs driver <-> userspace fs display
> 
> What I proposed is this:
> 
> keysystem <-> userspace crypto (loopback) <-> kernel fs driver <-> 
> userspace fs display
> 
> The difference is simply that in my version, the data is en/decrypted 
> outside the kernel.  In both versions, I have to assume that an attacker 
> can, for a much lower budget than crypanalysis, remove the hard drive 
> and start playing with it in another machine with a different kernel.  I 
> also have to assume that they could have written any number of known 
> plaintexts to the drive before doing so.  My version may seem to 
> facilitate such work, but in fact the time / effort requirement 
> presented by your version still seems trivial compared to a full-scale 
> cryptanalytic attack.
> 
> I would be much more impressed by a userspace DRM-style crypto system 
> that did the crypto work in a library directly accessed by the userspace 
> programs trying to deal with the disk files.  Doing an 
> "open('blah.txt')" should call a library function that checks for 
> 'blah.txt' in the current virtual directory of 
> /var/hahayoucantreadthis.dat, tries to decrypt it using the current key 
> (also read directly by the library into secure memory space) and 
> displays / works with it.  Encryption work would similarly happen before 
> any other process got its grubby little hands on my bits & bytes.
> 
> Just FYI ...

You're trying to make water not wet.  You're trying to make software secure
when running on a system you claim to have been comprimized.  This is a
losing proposition.

If you want to have a system that is secure reguardless if your box has been
trojend or comprimized in any other way, then you need a hardware crypto
token.  There's no other way around this.

That being said, it's best to make the system faster, easier, simpler or all
of the above if we agree you can't trust software in your server room.

JLC

-- 
http://www.certainkey.com
Suite 4560 CTTC
1125 Colonel By Dr.
Ottawa ON, K1S 5B6
C: 613.263.2983
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux