[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum

On Mon, Oct 10, 2011 at 11:20:05PM +0200, Jeroen Massar wrote:

> > Use your own servers at the co-lo. Use TPM and tamper-proof systems.
> 
> Does not matter, given enough power/money/force your adversary can walk

Au contraire, it does matter very much in practice. By controlling
your hardware instead of relying on vendors or even "teh cloud" 
you're raising the bar for attacks considerably. Consider that 
nobody can know which exactly security measures you've taken.

> into that colo and use vampire taps to replug (both power and network)

Did you catch the part with the video, also streamed off-site?
If there's a convenient temporal lacune on multiple probes, you know 
your hardware is no longer trusted.

> your box without you noticing anything and monitor the rest from there on.

They are welcome to tap the network. It's what they already can do,
by mirroring the incoming switch port and packet capturing there.
This is not relevant to accessing secrets locked in hardware, or
present at runtime.
 
> As for TPM, who build that piece of hardware and are you sure that a
> copy of your keys are not kept elsewhere?

Because you generated the key itself, of course, and using a
physically secured TPM token you installed yourself.

It can be rather hard to access a piece of hardware hotglued into
an internal USB port, with hardware with live IPMI monitoring,
including chassis intrusion detection, including motion-detected
streaming video streaming to cryptographically secured local
filesystem and also off-site.

It is all doable, but it won't be done in practice or ordinary
threat models.
 
> > I used to store crypto secrets on USB smartcards, and have
> > streaming video in the rack, all on UPS. Nowadays, it's even easier.
> >
> > No point to make it too easy. Mallory should earn his keep.
> 
> At one point or another they just apply rubberhose crypto thus don't
> make it too difficult.

Why do you bother breathing? You'll die, anyway.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk