Why encrypt if I can't prevent physical access to the system?

Discussion in 'privacy problems' started by JohnMatrix, Apr 19, 2012.

Thread Status:
Not open for further replies.
  1. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    Truecrypt developers and other encryption experts argue that you can't really trust a system once an attacker has had physical access to a machine. That basically means that if I ever leave my desktop at home I can no longer trust it. For example, when I come home from work someone could have installed an evil maid attack, making my fully encrypted system vulnerable. An adversary could also modify the bios to log all my keypresses. This brings me to a general question:

    What is a good strategy to employ, and maintain trust, in an encrypted desktop in a public place. Is it possible?
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You can install the boot loader to an external device and keep it with you. As far as the BIOS...no idea. Physical security of your home in the form of cameras is another avenue, as are dogs, etc... Unless you only have one machine, and that's all you can afford, get a laptop for anything 'sensitive' and always keep it with you. Let 'them' look all they want at your YouTube history and 'ilovecatsforum.com' log ons. That threat model is pretty severe...but it does exist depending on where you live and what you do.

    PD
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    No software can provide solid protection from a physical attack. TC (or any other piece of encryption protection) cannot guard against a physical keylogger getting attached to a desktop.

    TC guards against them grabbing that desktop and trying to examine it without any further input from you. For that its great. If an examiner ever held a machine and gave it back I would never trust it again. Sell it and go get a different one.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    If there's substantial risk of clasdestine physical attacks, it's necessary to both hinder and detect them. Ross Anderson's Security Engineering at -http://www.cl.cam.ac.uk/~rja14/book.html is a good place to start.

    Right. More than that, once you detect unauthorized access, the machine is suspect.
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Last edited: Apr 20, 2012
  6. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    The purpose of full disk encryption is to protect data at rest, it is not a, ‘be all end all’ method, more of another layer in your overall security framework. With encryption you have reasonable assurance (depending on how it was implimented) that in the event of theft or damage to the equipment the sensitive information on those devices will be safe.

    You will have to invest in physical layers as well. You also have to apply reason. For a non-governmental/corporate entity such as a personal homeowner, much of physical security is just common sense (Rooms locked when unoccupied, alarm system, 2 factor equipment kept separated, etc), but yes there is always a risk of lock-picking and other forms of covert entry. This is where you will have to define your scope of who you are trying to protect yourself from, do you guard against:

    The junkie looking for an easy mark to steal electronics and sell for his next fix?
    The teenage neighbor practicing his wireless cracking techniques into your networks and system?
    The governmental raid on your place of residence for your violation of country’s law XYZ?
    Or the ongoing monitoring of you from hostile government intelligence agencies?

    I’ll leave it up to you the reader to define your own risk matrix of what the likelihood of these scenarios occurring is. I would estimate most if not all members of this board are going to mainly be protecting the PII on their hard drives from the top 2 mentioned. In that case encryption will protect your devices. The only difference is in case of wireless cracking that is a whole other topic, but I threw it in here for completeness.

    Now let us go the real extreme, JohnMatrix you are a foreign diplomat, a businessman overseas on business for a well-known technological or military contracting company, perhaps a well-known criminal mastermind, etc... You may find yourself trying to protect against the last scenario mentioned. This is when all the fancy toys will be used against you and yes in this case TC is correct if you leave your device alone in a hotel room or in a public place you should consider it compromised. The same if you use it over untrusted networks.

    Though there are some steps you can try to help mitigate software attacks against FDE such as keeping a clean copy of your BIOS and boot records on a separate medium and flashing them both before attaching and booting up a sensitive hard drive. (complex and with risk factors of their own) Keyboard scramblers are also an avenue to explore. Hardware attacks will be harder to detect, you would have to perhaps deploy tamper proof seals around your device though I wouldn’t trust any device after it was taken away by an adversary and returned.

    In conclusion encryption will protect you against most of your potential adversaries when your desktop is powered down. In an extreme case no it would not though that is when you must deploy other security layers and controls such as physical security to mitigate those risks. Hope this helps.

    Remember in this world there is no absolute security, there will always be risk.
     
  7. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343

    TPM is really the only way. While not foolproof, it would stop Evil Maid and other such bootloader attacks. Of course, TPM chips themselves are likely "hackable" but it would be much much harder to pull off.
     
  8. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    Thanks for all the suggestions. I think it will be viable to create a program that runs at boot and checks the boot sector contents and bios checksums to see if anything has been modified. While an attacker would still be able to do some nasty stuff you would always know if that happens.
     
  9. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    See -http://www.tripwire.org/
     
Loading...
Thread Status:
Not open for further replies.