Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Disk Encryption for remote XP machines.

Reply
Thread Tools

Disk Encryption for remote XP machines.

 
 
Mike
Guest
Posts: n/a
 
      01-27-2010
Hi
I'm trying to get around a particularly thorny issue of how to
authenticate an encrypted disk instead of using a password or token.
Remote machines need to be able to reboot and startup (autologon)
without any user input or extra token hardware. I'd like to be able to
somehow tie the authentication to the actual device (CPU id?) or
network that the PC sits on. If the disk is removed from the device
(and hence the network) it should remain unreadable as a boot device
or using an external housing. The disk does not need to be recovered
and is essentially a dispoable item.
Any ideas? Suggestions?

Thanks
Mike
 
Reply With Quote
 
 
 
 
Regis
Guest
Posts: n/a
 
      01-27-2010
Mike <(E-Mail Removed)> writes:
> Hi
> I'm trying to get around a particularly thorny issue of how to
> authenticate an encrypted disk instead of using a password or token.
> Remote machines need to be able to reboot and startup (autologon)
> without any user input or extra token hardware. I'd like to be able to
> somehow tie the authentication to the actual device (CPU id?) or
> network that the PC sits on. If the disk is removed from the device
> (and hence the network) it should remain unreadable as a boot device
> or using an external housing. The disk does not need to be recovered
> and is essentially a dispoable item.
> Any ideas? Suggestions?


Tis an interesting problem. I'm not aware of a solution that's out
there. True Crypt is open source, though, so rolling your own I
assume would be allowed. http://www.truecrypt.org/downloads2


But I'm curious though what situation there is where this security
model makes a lot of sense though.

If the disk gets stolen and you want to be protected by disk
encryption, that's all well and good, but I'm trying to envision a
situation where a disk getting stolen is possible/likely, but the
entire machine getting picked up and taken away is not.







 
Reply With Quote
 
 
 
 
Mike
Guest
Posts: n/a
 
      01-27-2010
On Jan 27, 2:26*pm, Regis <(E-Mail Removed)> wrote:
> Mike <(E-Mail Removed)> writes:
> > Hi
> > I'm trying to get around a particularly thorny issue of how to
> > authenticate an encrypted disk instead of using a password or token.
> > Remote machines need to be able to reboot and startup (autologon)
> > without any user input or extra token hardware. I'd like to be able to
> > somehow tie the authentication to the actual device (CPU id?) or
> > network that the PC sits on. If the disk is removed from the device
> > (and hence the network) it should remain unreadable as a boot device
> > or using an external housing. The disk does not need to be recovered
> > and is essentially a dispoable item.
> > Any ideas? Suggestions?

>
> Tis an interesting problem. I'm not aware of a solution that's out
> there. *True Crypt is open source, though, so rolling your own I
> assume would be allowed. *http://www.truecrypt.org/downloads2


Thanks, I'll take a look.

> But I'm curious though what situation there is where this security
> model makes a lot of sense though.
>
> If the disk gets stolen and you want to be protected by disk
> encryption, that's all well and good, but I'm trying to envision a
> situation where a disk getting stolen is possible/likely, but the
> entire machine getting picked up and taken away is not.


Without wanting to give too much away it's a PC encapsulated in a Safe
which is bolted to the floor. Used by many 'customers' and card
activated in order to perform certain financial transactions (can you
guess what it is yet?).
If an engineer visits to perform an upgrade or repair this is often
acheived by a disk swap, and the old disk may be 'lost' by the
engineer.
 
Reply With Quote
 
Regis
Guest
Posts: n/a
 
      01-27-2010
Mike <(E-Mail Removed)> writes:

> Without wanting to give too much away it's a PC encapsulated in a Safe
> which is bolted to the floor. Used by many 'customers' and card
> activated in order to perform certain financial transactions (can you
> guess what it is yet?).
> If an engineer visits to perform an upgrade or repair this is often
> acheived by a disk swap, and the old disk may be 'lost' by the
> engineer.


Ah ha. In that case indeed, strong physical secrity is in place for
the guts of the machine. Seems like a reasonable approach.

Of course the disk would then have to change (or its encryption) for
swap of whatever hardware is being used to auto, but that's just
maintenance procedure.

Another angle is that there are libraries I think that are used by
software vendors for license validation that key a license to a high
priced piece of software to things like the machine's MAC address, or
the like. I wonder if those might somehow be applicable such that
you could at least implement folder based encryption on the drive
using a key read off a hardware.

I just did a little searching and found there are lots of disk
encryption bits out there. You may want to use one that's GPL or BSD
license depending on what the lawyers say. Lots to choose from it
seems:

http://en.wikipedia.org/wiki/Compari...ption_software

DiskCryptor and CrossCrypt are aimed at XP and have GPL
licenses. DiskCryptor is the only one of the 2 being maintained
however.

Good luck with the project! Sounds like fun.

 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      01-27-2010
Mike <(E-Mail Removed)> wrote in news:ee529650-0f9c-45d4-8d24-ad84aead8d63
@k41g2000yqm.googlegroups.com:

> Any ideas? Suggestions?


Yes, but in the unforgettable words of Deep Thought, "Though I don't think that
you're going to like it."

Bitlocker and a TPM which holds the keys. The TPM provides "platform
authentication." The paranoid will ensure that the the TPM is integral with the
motherboard (i.e., soldered on) or take steps to make it so (e.g., epoxy, etc.).
Only a few MBs have integral TPMs or risers for separate TPMs, however.

A Rube Goldberg version of this can be done with Truecrypt and an Aladdin eToken
epoxied to a USB port directly on the MB (many MBs have such right-on-the-MB USB
ports). Additional hardening can be done by the inventive/paranoid if desired.
Truecrypt directly supports the Aladdin USB key.

Regards,

 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      01-28-2010
On Jan 27, 4:34*pm, Regis <(E-Mail Removed)> wrote:
> Mike <(E-Mail Removed)> writes:
> > Without wanting to give too much away it's a PC encapsulated in a Safe
> > which is bolted to the floor. Used by many 'customers' and card
> > activated in order to perform certain financial transactions (can you
> > guess what it is yet?).
> > If an engineer visits to perform an upgrade or repair this is often
> > acheived by a disk swap, and the old disk may be 'lost' by the
> > engineer.

>
> Ah ha. * In that case indeed, strong physical secrity is in place for
> the guts of the machine. *Seems like a reasonable approach. *
>
> Of course the disk would then have to change (or its encryption) for
> swap of whatever hardware is being used to auto, but that's just
> maintenance procedure. *
>
> Another angle is that there are libraries I think that are used by
> software vendors for license validation that key a license to a high
> priced piece of software to things like the machine's MAC address, or
> the like. * *I wonder if those might somehow be applicable such that
> you could at least implement folder based encryption on the drive
> using a key read off a hardware.
>
> I just did a little searching and found there are lots of disk
> encryption bits out there. *You may want to use one that's GPL or BSD
> license depending on what the lawyers say. *Lots to choose from it
> seems:
>
> http://en.wikipedia.org/wiki/Compari...ption_software
>
> DiskCryptor and CrossCrypt are aimed at XP and have GPL
> licenses. DiskCryptor is the only one of the 2 being maintained
> however.
>
> Good luck with the project! *Sounds like fun.


Thanks Regis. Appreciate your input.
 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      01-28-2010
On Jan 27, 5:09*pm, "nemo_outis" <(E-Mail Removed)> wrote:
> Mike <(E-Mail Removed)> wrote in news:ee529650-0f9c-45d4-8d24-ad84aead8d63
> @k41g2000yqm.googlegroups.com:
>
> > Any ideas? Suggestions?

>
> Yes, but in the unforgettable words of Deep Thought, "Though I don't think that
> you're going to like it."
>
> Bitlocker and a TPM which holds the keys. *The TPM provides "platform
> authentication." *The paranoid will ensure that the the TPM is integral with the
> motherboard (i.e., soldered on) or take steps to make it so (e.g., epoxy, etc.). *
> Only a few MBs have integral TPMs or risers for separate TPMs, however.
>
> A Rube Goldberg version of this can be done with Truecrypt and an Aladdin eToken
> epoxied to a USB port directly on the MB (many MBs have such right-on-the-MB USB
> ports). *Additional hardening can be done by the inventive/paranoid if desired.
> Truecrypt directly supports the Aladdin USB key.
>
> Regards,


Mmm don't really want to go the extra hardware route as there a 9000
of these beasts and that will require actual man in a van visit (aside
from the cost)
I will investigate further though. Thanks
 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      01-28-2010
Mike <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Mmm don't really want to go the extra hardware route as there a 9000
> of these beasts and that will require actual man in a van visit (aside
> from the cost)
> I will investigate further though. Thanks


The problem is this: using ad hoc identifiers (e.g., motherboard serial number or
some such) is a very weak way of authenticating a platform, one which is easily
bypassed or subverted. Hell, even the integral TPM method, while better, is still
pretty weak. Put these in the category of "only keeping honest people honest"
(comparable to a $5 padlock you can buy at the local hardware store).

All the more so if your threat model is someone who is permitted to make
unsupervised site visits (e.g., a maintenance man you fear might steal/swap/copy the
drive/data). That someone (a someone who, for a period of time, has complete
physical control of the computer) is in a position to any number of things to
destroy your security (e.g., he can probe any line on the MB, etc.)

Securing a platform remotely against those who will have direct unsupervised
physical control of it is a "hard" problem - there are no cheap easy solutions
(well, none that work).

Not for nothing were HSMs and cryptographic coprocessors such as the IBM 4764
invented. Not for nothing do they cost thousands of dollars.

Regards,

 
Reply With Quote
 
Regis
Guest
Posts: n/a
 
      01-28-2010
"nemo_outis" <(E-Mail Removed)> writes:

> Mike <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> Mmm don't really want to go the extra hardware route as there a 9000
>> of these beasts and that will require actual man in a van visit (aside
>> from the cost)
>> I will investigate further though. Thanks

>
> The problem is this: using ad hoc identifiers (e.g., motherboard serial number or
> some such) is a very weak way of authenticating a platform, one which is easily
> bypassed or subverted. Hell, even the integral TPM method, while better, is still
> pretty weak. Put these in the category of "only keeping honest people honest"
> (comparable to a $5 padlock you can buy at the local hardware store).
>
> All the more so if your threat model is someone who is permitted to make
> unsupervised site visits (e.g., a maintenance man you fear might steal/swap/copy the
> drive/data). That someone (a someone who, for a period of time, has complete
> physical control of the computer) is in a position to any number of things to
> destroy your security (e.g., he can probe any line on the MB, etc.)
>
> Securing a platform remotely against those who will have direct unsupervised
> physical control of it is a "hard" problem - there are no cheap easy solutions
> (well, none that work).
>
> Not for nothing were HSMs and cryptographic coprocessors such as the IBM 4764
> invented. Not for nothing do they cost thousands of dollars.


No doubt, but... you have to admit that encrypting it with something
key'd to the specific hardware is a hell of a lot better than nothing
at all (which one can assume is where it's at right now). This
particularly true against the "misplaced hard drives" threat that's on
the OP's mind.

You whittle down the means of reading those drives to a much smaller
audience.

And your maintenance guys with physical access are perenially the weak
spot. But at least the people riffling through the maintenance guys
trash or folks servicing his truck won't be able to trivially read the
drives, which does have some value.

Just because a security measure isn't fool-proof doesn't mean it's
worthless. Otherwise, we're all just jerking off because no security
measures are fool proof.


 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      01-28-2010
On Jan 28, 3:51*pm, Regis <(E-Mail Removed)> wrote:
> "nemo_outis" <(E-Mail Removed)> writes:
> > Mike <(E-Mail Removed)> wrote in
> >news:(E-Mail Removed):

>
> >> Mmm don't really want to go the extra hardware route as there a 9000
> >> of these beasts and that will require actual man in a van visit (aside
> >> from the cost)
> >> I will investigate further though. Thanks

>
> > The problem is this: using ad hoc identifiers (e.g., motherboard serial number or
> > some such) is a very weak way of authenticating a platform, one which is easily
> > bypassed or subverted. *Hell, even the integral TPM method, while better, is still
> > pretty weak. *Put these in the category of "only keeping honest people honest"
> > (comparable to a $5 padlock you can buy at the local hardware store).

>
> > All the more so if your threat model is someone who is permitted to make
> > unsupervised site visits (e.g., a maintenance man you fear might steal/swap/copy the
> > drive/data). *That someone (a someone who, for a period of time, has complete
> > physical control of the computer) is in a position to any number of things to
> > destroy your security (e.g., he can probe any line on the MB, etc.)

>
> > Securing a platform remotely against those who will have direct unsupervised
> > physical control of it is a "hard" problem - there are no cheap easy solutions
> > (well, none that work).

>
> > Not for nothing were HSMs and cryptographic coprocessors such as the IBM 4764
> > invented. Not for nothing do they cost thousands of dollars.

>
> No doubt, but... you have to admit that encrypting it with something
> key'd to the specific hardware is a hell of a lot better than nothing
> at all (which one can assume is where it's at right now). *This
> particularly true against the "misplaced hard drives" threat that's on
> the OP's mind. *
>
> You whittle down the means of reading those drives to a much smaller
> audience.
>
> And your maintenance guys with physical access are perenially the weak
> spot. *But at least the people riffling through the maintenance guys
> trash or folks servicing his truck won't be able to trivially read the
> drives, which does have some value.
>
> Just because a security measure isn't fool-proof doesn't mean it's
> worthless. Otherwise, we're all just jerking off because no security
> measures are fool proof.


The PCs are connecting to a network using VPNs, a 3DES key exchange
process goes on next to tie the PIN pad of the machine to the Host
system and the applications and ports are protected by an endpoint
protection system which blocks access to the drive and USB ports for
all but the allowed (whitelisted) items. Disk encryption is required
to effectively render the disk unusable when it's not in the device it
should be (THAT pc core in THAT machine). This is to prevent the
maintenance guys from doing anything other than the prescribed process
required once a disk is removed (bag it seal it and destroy it). So
the misplaced hard drive is all i'm trying to cover off here.

Thanks
Mike
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which hard drive encryption program has the strongest tested encryption & security? =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D=5B:::::::::::::::=BB?= Computer Security 6 02-20-2008 01:35 PM
Remote Assistance fails to connect, remote remote host name could not be resolved Peter Sale Wireless Networking 1 12-11-2004 09:09 PM
REQ INFORMATION: Disk Encryption, free, small (see body) fluk Computer Security 1 10-06-2003 04:10 PM
CompuSec Disk Encryption fluk Computer Security 0 09-28-2003 05:02 AM
Whole disk encryption advice needed ayosha Computer Security 1 09-02-2003 11:56 AM



Advertisments