[tor-talk] WSJ- Google- Sonic Mr. Applebaum

Jeroen Massar jeroen at unfix.org
Tue Oct 11 12:30:01 UTC 2011 

On 2011-10-11 10:07 , Eugen Leitl wrote:
> On Mon, Oct 10, 2011 at 11:20:05PM +0200, Jeroen Massar wrote:
> 
>>> Use your own servers at the co-lo. Use TPM and tamper-proof systems.
>>
>> Does not matter, given enough power/money/force your adversary can walk
> 
> Au contraire, it does matter very much in practice. By controlling
> your hardware instead of relying on vendors or even "teh cloud" 
> you're raising the bar for attacks considerably. Consider that 
> nobody can know which exactly security measures you've taken.

Of course you are raising the bar, but that is the only thing you are
doing, as the adversary can still walk in, be that with a warrant making
it legal, or just by going in. Criminals don't ask for your Ok.

>> into that colo and use vampire taps to replug (both power and network)
> 
> Did you catch the part with the video, also streamed off-site?

How exactly does that matter? It will already be too late and your full
hardware will be off site in a location that you don't control, still
running fully and no way for you to stop them from doing what they want
to do with it, be that freeze the memory or any component needed.

Or do you watch that video screen 24/7 like in the movies with the
guards on duty being shown a replay? :)

Yes, nice things like mercury switches, glueing the whole thing together
and other such tricks can even deny physical access, but really, what
are you trying to protect there? :)


> If there's a convenient temporal lacune on multiple probes, you know 
> your hardware is no longer trusted.

I am surprised if you are that paranoid that you trust the hardware in
the first place. You do realize where the designs come from and where
they are built right? :)

Yes, you will know that your hardware from that point is untrusted, but
who says it was not before?

>> your box without you noticing anything and monitor the rest from there on.
> 
> They are welcome to tap the network. It's what they already can do,
> by mirroring the incoming switch port and packet capturing there.
> This is not relevant to accessing secrets locked in hardware, or
> present at runtime.

Nope, but that is why a vampire tap can also do power, so they can
remove the box from the rack/location that you have as 'secure' and then
they can do whatever time consuming things you want.

Unless you have a full remote kill switch in there packed with some C4
or so.

But that is why I mention rubberhose: if they want to get the info in
there, they will politely ask you for them instead.

>> As for TPM, who build that piece of hardware and are you sure that a
>> copy of your keys are not kept elsewhere?
> 
> Because you generated the key itself, of course, and using a
> physically secured TPM token you installed yourself.

Did you build that TPM token? I am just trying to give obvious hints
here and above etc...

For that matter, did you write and audit 100% of the code, oh and not to
forget the compiler that you are using for that code? And what about
that little video camera just behind your screen, did you notice it
already? ;)

Like everything in live, it just depends on how much you care.

For most people though, unless you are doing super secret evil stuff,
just using a Gmail account with PGP in combo with SMTP/IMAP is good
enough(tm) a security measure.

> It can be rather hard to access a piece of hardware hotglued into
> an internal USB port, with hardware with live IPMI monitoring,
> including chassis intrusion detection, including motion-detected
> streaming video streaming to cryptographically secured local
> filesystem and also off-site.

Local filesystem does not matter, as you won't see it. Thus if the video
cuts, the only lesson you learned is that the box is not to be trusted
anymore, but then it is already too late in most cases as they also
likely know who is footing the bill, just follow the money and thus
where your bed lives.

> It is all doable, but it won't be done in practice or ordinary
> threat models.
>  
>>> I used to store crypto secrets on USB smartcards, and have
>>> streaming video in the rack, all on UPS. Nowadays, it's even easier.
>>>
>>> No point to make it too easy. Mallory should earn his keep.
>>
>> At one point or another they just apply rubberhose crypto thus don't
>> make it too difficult.
> 
> Why do you bother breathing? You'll die, anyway.

I don't have to bother breathing, not everybody is Darth Vader, it
happens automatically more or less as a reflex for most people and there
is so much fun in the world without having to consider conspiracy
theories ;)

Greets,
 Jeroen

More information about the tor-talk mailing list