um.... you've got a lot of requirements that Linux may or may not be able to
meet. I think the biggest problem you're going to have is that if the user
has hardware access, the game is over anyway. Really, truly, and completely
over. Trusted hardware tends to combat this inability to be able to
withstand attack by co-opting environmental factors that change the equation
to be more balanced (or hopefully, favourable to the defender). Examples of
environmental factor defense mechanisms include (but are not limited to):
Placing ATMs in brick walls or recessing them
Placing ATMs in well light and traveled locations
enforcing physical access controll with gaurds and the like
enacting laws that shift the risk ratio out of the realm of acceptable
risk for attackers (i.e., death penalties, etc...)
Bank vaults are a great way to look at the problem. A bank vault isn't rated
to be "uncrackable", it's rated for a certian ammount of time against a
certian class of attack. By garunteeing a level of integrity and
confidentiality for a certain ammount of time, banks can then schedule
gaurds to check only every so often and can be sure of catching or deterring
said classes of attackers.
Moving the discussion to a hardened Linux box, you are disucssing several
different forms of attack, each of which is going to need seperate asessment
and analysis. Crypto (smartcard based or otherwise) is only a small fraction
of the solution and only gaurds against a small subset of your threat vector
here. Also, you've yet to begin classifying who you want to defend against
("very skilled hackers" isn't a valid classification) and for how long,
because in the end, everything is crackable.
If you want help identifying classifications of attackers, threat vectors,
and the like, feel free to contact me offline from the list, as that
discussion reasonably belongs elsewhere.
HTH,
Alex
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
----- Original Message -----
From: "Patrick Valsecchi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 21, 2001 3:39 PM
Subject: MUSCLE Disk encryption and more
> Hi
>
> My company is working for another company (let call it C) that is going to
> provide Linux boxes to its customers. As C is going to give them free or
for a
> small fee, C doesn't want the customers to use the boxes for another
purpose
> that the one specified by C.
>
> C doesn't want the user to be able to:
> - run another kernel than the one S provides
> - run executables that have not been signed by authorized developpers or
that
> have been modified (signed executables)
> - change or alter the dynamic libraries (signed .so files)
> - have access to the binary of some executables (for avoiding reverse
> engineering)
> - save a file and give the disk to a friend (encrypted files, but I need
to
> be fast on read and write, here)
>
> All that by using:
> - a SmartCard
> - a modified kernel
> - a specialised hardware for encryption
> - maybe a modified loader (lilo)
>
> And that mustn't be just simple tricks, we must protect those boxes
against
> very skilled hackers.
>
> Is there existing projects on those subjects? Is anybody already worked on
it?
>
> Thanks for your help.
>
> ---
> -°) Patrick Valsecchi
> /\\
> _\_v
> ***************************************************************
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***************************************************************
>
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
