User: Password:
|
|
Subscribe / Log in / New account

"Evil Maid" attack against disk encryption

"Evil Maid" attack against disk encryption

Posted Oct 29, 2009 21:29 UTC (Thu) by nybble41 (subscriber, #55106)
In reply to: "Evil Maid" attack against disk encryption by bronson
Parent article: "Evil Maid" attack against disk encryption

You could use one-time passwords. That would defeat any attempt to simply read the password and store/transmit it for later use. Getting around that would require hardware changes or some kind of resident hypervisor to gain access to the new password.

This obviously assumes that the current password can't be used to gain access to a more permanent key. The permanent key could be made so bulky that it can't be stored in the MBR, and that getting it off the system by other means would take a noticeable amount of time. Or you could re-encrypt the entire disk with the new password every time, and not have a permanent key...

You could also make the encryption hardware external to the main system, and never expose the permanent key to the computer itself at all. That eliminates the need to re-encrypt, but the device has to be tamper-proof (or you have to carry it around all the time). Good built-in drive encryption would qualify, but only if you can change the password of an unlocked drive without clearing it.


(Log in to post comments)

"Evil Maid" attack against disk encryption

Posted Oct 30, 2009 2:11 UTC (Fri) by bronson (subscriber, #4806) [Link]

> You could use one-time passwords

If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.

> Or you could re-encrypt the entire disk

Not if your system is subverted. Sure, it would appear to you that everything is being re-encrypted, but in reality the back door the maid slipped will be used to copy everything the next time you leave your computer behind. (this is just one scenario, the attacker could also weaken the encryption algo, ship your data out over the network, etc etc)

> You could also make the encryption hardware external to the main system

Perhaps, but this doesn't exist today and sounds awfully expensive to develop.

"Evil Maid" attack against disk encryption

Posted May 6, 2010 23:18 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

> If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.

All your *current* data, yes; I don't see a way around that. The idea was to protect any future data you may put on the device from a different host PC.

> Not if your system is subverted.

The idea was to remove the USB key and re-encrypt it on a known-clean system, not re-encrypt on the compromised PC. Again, this is to protect against future unauthorized access, not to protect any data which may have already been exposed.

> Perhaps, but this doesn't exist today and sounds awfully expensive to develop.

I don't think it would be all that expensive; it's basically just a TPM chip with some trivial input hardware for the password. Internal hard-disk encryption exists today, though I don't know if it's any good. The drives I know of with that feature require full re-encryption to change the password, if they support it at all, but that wouldn't be hard to fix.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds