Hi, Ian and
Gisle,
While I was
searching the Internet to solve the similar problem, your email communications
popped up (see the attachment below). Just wondering if you guys can provide me
more progress or information about loading secure binaries? I also face the same
problem that somebody may load and execute malicious code on top of our embedded
Linux OS. If you guys can share some experience on the embedded Linux, I really
appreciate!
Best
regards,
Jason
Re: Loading secure binaries?
- To: "Ian S. Nelson" <ian.nelson@xxxxxxxxxxxx>
- Subject: Re: Loading secure binaries?
- From: Gisle S{lensminde <gisle@xxxxxxxxx>
- Date: Mon, 5 Mar 2001 22:08:43 +0100 (MET)
- cc: linux-crypto <linux-crypto@xxxxxxxxxxxx>
- In-Reply-To: <3A9AE282.147DE47@xxxxxxxxxxxx>
- Sender: owner-linux-crypto@xxxxxxxxxxxx
On Mon, 26 Feb 2001, Ian S. Nelson wrote: > I'm working on an embedded Linux project and the issue of security is > starting to surface and it's beginning to look kind of interesting. > > Is there any plans with Linux-crypto or some other project that somebody > knows of to allow the loading of secure binaries? This have been discussed here earlier, and I do not think there are any such plans. Before any such scheme is implemented, it's allways important to consider what they are meant to protect against. More on this later. > > I was thinking of a scheme like this: > > there would be a new linux executable loader, perhaps one of the > misc binary loaders or an ELF hack, you'd want it to reside inside the > kernel though. > > Then add a new system call to provide a key to the kernel. This > could be pulled down off the internet or out of a secure piece of > hardware. In some applications it could be something the user provides > at login time. > > Then the new binaries would be AES/IDEA/DES encrypted with that key > and the new loader would use that key to decrypt them at load time. It's a bit unclear what you want to protect against. Some threats i can think about for networked embedded systems is: - The binaries/data are transefered/updated via the network, and an attacker should not be able to steal data or programs by listening to the network, or being a man in the middle. This is best protected by SSL, SSH or some other network encryption protocol. - Prevent people with physical access to the device to get any unautorized access. This could also be archived by disk encryption. This is already done in the kernel for whole partitions. A filesystem with one key per user (or anything similar) would be more direct on the target, but is it necessary. - Prevent intruders from executing malicious code. A signing/verification scheme will be the right thing to in that case. Possibly combined with disk encryption. In some case, a scheme like the one I think you describes will be usefull. It's known that attackes have got unathorised access to systems by replacing modules by their own, that can give permanent root acces, backdors etc. This scheme requires somebody to accept each and every executable/module to be executed on the system. This is in practice awkward executables on a workstation, but for systems where the number of executable is more controllable, like for embedded systems or kernel modules, it's archivable. > Anybody know of something like this? A logical extension would be to > embed GPG into the kernel and then you could execute signed and > encrypted binaries but that seems like overkill for what we're doing, we > just don't want a few key pieces of code to ever be decrypted anywhere > other than SDRAM. Not the whole of GPG, but such a scheme require asymetric crypto to be inserted into the kernel, and it will require some work, but it's absolutly archivable, the question is whether it will make systems so much more secure that it's worth the effort. -- Gisle Sælensminde ( gisle@xxxxxxxxx ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
