Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-11-02 Thread evado...@gmail.com


> Why not just have an alternate passphrase that, when entered, shuts down 
> the PC (or, as you suggest, wipes the LUKS header)? Why a timer? 
>

At least because it is not constant that attacker will ask you to do 
something and will not begin dump your memory immediately. 

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/65f4719e-f147-42bf-9856-8bc5514c982en%40googlegroups.com.


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-31 Thread Andrew David Wong

On 10/30/20 5:51 AM, evado...@gmail.com wrote:

interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later?


There are a lot of more attack vectors when system is booted and only
protected by xscreensaver.
The attacker can use some hardware backdoors, xscreensaver
bugs/backdoors/kill it to receive access: dump your memory on hardware
level, receive access to memory from vulnerable hardware, guess screensaver
password etc.

If the system will automatically shutdown then there is only one attack
vector: LUKS password



There's no disagreement that shut down is more secure than suspended, 
but the devil is in the details. How exactly is it supposed to work?


1. Attacker forces you to wake up computer (e.g., open laptop lid).
2. Attacker forces you to enter password.
3. You enter incorrect password?
4. Attacker tells you to enter correct password this time?
5. Qubes shuts down because it's been too long?

Why not just have an alternate passphrase that, when entered, shuts down 
the PC (or, as you suggest, wipes the LUKS header)? Why a timer?


Perhaps the alternate passphrase, when entered, also sends out an SOS 
message?




пятница, 30 октября 2020 г. в 07:54:14 UTC, haa...@web.de:


On 10/29/20 11:06 PM, evado...@gmail.com wrote:

Proof of Concept.

github.com/evadogstar/qubes-sleepkeeper

Qubes-Sleepkeeper protects you from physical attack when the attacker
force you to enter the password of your Qubes after it wakeup from sleep
or from password guessing after wakeup. The attacker have very limited
time to do so or Qubes will shutdown automaticaly.


Interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later? Please explain. Rather an evil
maid "attempt detection" (not protection) by "laptop is down instead of
sleeping"? I think it really could help as additional data protection in
case of normal, criminal theft...



--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43f252c2-f34c-202a-9775-37c45cb762c2%40qubes-os.org.


OpenPGP_signature
Description: OpenPGP digital signature


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-30 Thread evado...@gmail.com
if some someone want physical protection from torture. It is possible to 
improve this concept and destroy LUKS disk header before shutdown. Then it 
will be useless to torture.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b2c6469-3df8-46ca-b8dc-f6957fad1be6n%40googlegroups.com.


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-30 Thread evado...@gmail.com
> interesting but threat model unclear. If the attacker can force you to 
> enter one password after suspend, why would he not force you to enter 
> LUKS and user password 5 minutes later?

There are a lot of more attack vectors when system is booted and only 
protected by xscreensaver.
The attacker can use some hardware backdoors, xscreensaver 
bugs/backdoors/kill it to receive access: dump your memory on hardware 
level, receive access to memory from vulnerable hardware, guess screensaver 
password etc.

If the system will automatically shutdown then there is only one attack 
vector: LUKS password


пятница, 30 октября 2020 г. в 07:54:14 UTC, haa...@web.de: 

> On 10/29/20 11:06 PM, evado...@gmail.com wrote:
> > Proof of Concept.
> >
> > github.com/evadogstar/qubes-sleepkeeper
> >
> > Qubes-Sleepkeeper protects you from physical attack when the attacker
> > force you to enter the password of your Qubes after it wakeup from sleep
> > or from password guessing after wakeup. The attacker have very limited
> > time to do so or Qubes will shutdown automaticaly.
>
> Interesting but threat model unclear. If the attacker can force you to
> enter one password after suspend, why would he not force you to enter
> LUKS and user password 5 minutes later? Please explain. Rather an evil
> maid "attempt detection" (not protection) by "laptop is down instead of
> sleeping"? I think it really could help as additional data protection in
> case of normal, criminal theft...
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33d0fc92-a43f-4568-8626-ce3e2761518bn%40googlegroups.com.


Re: [qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-30 Thread haaber

On 10/29/20 11:06 PM, evado...@gmail.com wrote:

Proof of Concept.

github.com/evadogstar/qubes-sleepkeeper

Qubes-Sleepkeeper protects you from physical attack when the attacker
force you to enter the password of your Qubes after it wakeup from sleep
or from password guessing after wakeup. The attacker have very limited
time to do so or Qubes will shutdown automaticaly.


Interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later? Please explain. Rather an evil
maid "attempt detection" (not protection) by "laptop is down instead of
sleeping"? I think it really could help as additional data protection in
case of normal, criminal theft...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d82a76a4-cb86-ebf8-25c7-f6556ba750d5%40web.de.


[qubes-users] [PoC] Qubes SleepKeeper - auto shutdown your Qubes if no password entered after wake up

2020-10-29 Thread evado...@gmail.com
Proof of Concept. 

github.com/evadogstar/qubes-sleepkeeper

Qubes-Sleepkeeper protects you from physical attack when the attacker force 
you to enter the password of your Qubes after it wakeup from sleep or from 
password guessing after wakeup. The attacker have very limited time to do 
so or Qubes will shutdown automaticaly.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a4f4d0a-9e09-4613-8f5f-b29b3118374en%40googlegroups.com.