2

I've come to find Full Disk Encryption to be a rather unsafe method of securing data as standardized tools are becoming available to just read out the encryption key from RAM, where the system needs it to be to make use of the system partition.

The more secure approach I suggest is to have a separate data partition with user data with a separate encryption used as a cold storage and only mounted when files on it is used.

Preferably, the system partition should be secured as well. My best idea for doing this is scripting a time delayed purging of keys from RAM, or shutdown, if the script has not received a timer reset. The timer reset could be anything, like a successful logon within 24 hours for a laptop. I'm guessing that one would normally logon to a personal laptop within 24 hours, but if lost in any way, it will not be in the hands of experts that read out RAM within that time.

Let me know what you think of this?

Improve this question
4
  • What is the threat model you are trying to mitigate? Are you worried about exploits by hostile code while you are using the machine; or are you worried about someone sniffing your master keys off the firewire port when you walk away from the box to get a cup of coffee? Commented Feb 12, 2015 at 16:42
  • I was mostly worried about someone stealing the whole machine and reading out encryption keys from the RAM modules. Commented Feb 12, 2015 at 17:22
  • I guess that using full disk encryption with an external hardware as key is not an option? Like usb flash drives bluetooth devices or smart cards? Commented Feb 13, 2015 at 6:56
  • External hardware key (YUBI?) or key-file on USB seems viable, but isn't the key still in RAM while the computer is powered? Commented Feb 13, 2015 at 9:49

3 Answers 3

Reset to default
5

Rather unsafe is a little exaggerated. It's secure enough for the vast majority of people trying to protect their data from offline attackers.

If you are worried about a malware reading the encryption keys, you are worried about the wrong threat. A malware should be running with root privileges to read the content of the master keys on the memory, but a malware with root privileges would have access to all data anyway.

If you want to protect against someone stealing your machine while you are away, just configure your screen lock to unmount all LUKS partitions during the lock. You can even install blueproximity to automatically lock the machine when your bluetooth-enabled smartphone gets away.

If some agent with the knowledge and resources to be able to use a cold boot attack is targeting you, you will have to think on more than LUKS to protect yourself.

It's easier to get you to fall for a spear-phishing scheme than to use a cold boot attack. If someone is targeting you, and knows how to employ a cold boot attack, they know how to employ a host of targeted attacks before having to resort to a cold boot. Hole-watering, spear phishing, DNS redirection, even phony traffic tickets and USB-drive gifts can be used for tricking you.

A cold boot would require the attacker to get physically close, and at least steal your computer and disassemble it. But if the attacker can get close enough to take your machine, he can take you too, and easily getting your keys employing Rubber-hose cryptanalysis.

Improve this answer
3
  • "If some agent with the knowledge and resources to be able to use a cold boot attack is targeting you, you will have to think on more than LUKS to protect yourself." - please elaborate on that. What I read about cooling RAM and reading it out from another machine using already available apps to identify keys, it seemed so simple I could do that myself, but again, I might have misunderstood it completely. Commented Feb 12, 2015 at 21:01
  • 1
    I edited the question to address that. Commented Feb 12, 2015 at 21:42
  • 2
    Thanks, yeah, if it comes down to the trusty water-boarding, I'd be happy to give up any keys I can. I'm just looking to defend against those cases when the analysis is done of my hardware, not my wetware. Commented Feb 13, 2015 at 9:43
0

Your "periodic key purge" system is a great example of why you need to figure out who and what you're defending against before developing defensive measures.

Who your 24-hour purge will defend against:

  1. A random attacker who happens to find your laptop after you've lost it, and takes their time before dumping RAM.

Who it will not defend against:

  1. Malware scanning RAM for key-like objects.
  2. An intelligence agency taking your laptop and performing a cold-boot attack.
  3. A police agency dumping your RAM through firewire.
  4. A police agency distracting you briefly, stealing your laptop, and keeping it active until they can search it for relevant data.
  5. Etc.
Improve this answer
1
  • Many thanks for your detailed analysis. I'm trying to defend against anything possible without crippling the system. As you says, it comes down to deciding what the threat is, but I've come to find that you can be very surprised of what is really coming at you and wearing the safety belt can be a good choice. Commented Feb 13, 2015 at 9:48
0

There is a more simple solution to this, if you want to go all out with encryption i highly suggest you patch a Linux kernel with TRESOR. This makes it to where sensitive data moves to the CPU and never RAM. A guide on protection and how to use TRESOR can be found here. Two more thing's, Only out two Linux partitions on a hard drive if you want to be safe. Use /root and /home with encryption then put GRUB and /boot on a flash drive, Never use Swap. Lastly: not recommended but you could super glue your screws into the computer and fully strip the tips making it harder to get into to.

Improve this answer
10
  • Thank you, I've been reading up on TRESOR and loved it but considered it a bit over my head and a PITA to patch the kernels. I'll need to hire an expert... Commented Feb 13, 2015 at 9:42
  • Trust me I myself find it overwhelming but i posted a link on protecting a laptop from attacks, go there and just do a search with ctrl+F and type tresor and you will see a few links on how to apply a tresor kernel patch the custom way. Commented Feb 13, 2015 at 9:46
  • Can you script it to autopatch the kernel every time the distro releases a new version? Commented Feb 13, 2015 at 9:50
  • ooh good question, I would contact the developers email or phone of tresor to find out because i have no idea. Commented Feb 13, 2015 at 9:52
  • There are many attacks against a computer, Please note that any Linux machine can get pwned by even a simple java code of a click of a button and it could edit your master boot record if it's on the hard drive or flash dive plugged in. You can set a profile just for Firefox which acts as a isolated sandbox. I have heard of using epoxy on RAM sticks and using thread lock screws as well. Commented Feb 13, 2015 at 9:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.