Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
There's simply no way around it: once you give an attacker physical access, you give him the kingdom.
"Evil Maid" attack against disk encryption
Posted Oct 29, 2009 21:29 UTC (Thu) by nybble41 (subscriber, #55106)
This obviously assumes that the current password can't be used to gain access to a more permanent key. The permanent key could be made so bulky that it can't be stored in the MBR, and that getting it off the system by other means would take a noticeable amount of time. Or you could re-encrypt the entire disk with the new password every time, and not have a permanent key...
You could also make the encryption hardware external to the main system, and never expose the permanent key to the computer itself at all. That eliminates the need to re-encrypt, but the device has to be tamper-proof (or you have to carry it around all the time). Good built-in drive encryption would qualify, but only if you can change the password of an unlocked drive without clearing it.
Posted Oct 30, 2009 2:11 UTC (Fri) by bronson (subscriber, #4806)
If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.
> Or you could re-encrypt the entire disk
Not if your system is subverted. Sure, it would appear to you that everything is being re-encrypted, but in reality the back door the maid slipped will be used to copy everything the next time you leave your computer behind. (this is just one scenario, the attacker could also weaken the encryption algo, ship your data out over the network, etc etc)
> You could also make the encryption hardware external to the main system
Perhaps, but this doesn't exist today and sounds awfully expensive to develop.
Posted May 6, 2010 23:18 UTC (Thu) by nybble41 (subscriber, #55106)
All your *current* data, yes; I don't see a way around that. The idea was to protect any future data you may put on the device from a different host PC.
> Not if your system is subverted.
The idea was to remove the USB key and re-encrypt it on a known-clean system, not re-encrypt on the compromised PC. Again, this is to protect against future unauthorized access, not to protect any data which may have already been exposed.
> Perhaps, but this doesn't exist today and sounds awfully expensive to develop.
I don't think it would be all that expensive; it's basically just a TPM chip with some trivial input hardware for the password. Internal hard-disk encryption exists today, though I don't know if it's any good. The drives I know of with that feature require full re-encryption to change the password, if they support it at all, but that wouldn't be hard to fix.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds