Prevent cold boot attacks using TRESOR (opens in new tab)

(www1.informatik.uni-erlangen.de)

29 pointsthomas-st13y ago10 comments

10 comments

7 comments · 2 top-level

rdl13y ago· 5 in thread

TreVisor and TRESOR are some of the most amazing things going on. Combine that with QUBES out of Invisible Things, and you could conceivably trust a computer built of untrustworthy hardware operated by your worst adversary, as long as you trust a tiny subset of it -- potentially just the Intel CPU.

The nice thing about trusting just a latest-edition Intel CPU is that they're so far ahead of everyone else in process that most attacks would be technically difficult for anyone except Intel, NSA, etc. Chris Tarnovsky isn't going to be able to extract keys out of Intel E5 CPUs in 6 hours with even a 10x bigger than $1.5mm lab, so as long as you deal with a machine which disappears faster than 6h (rotating keys, releasing the hounds, etc.), you should be safe.

One of the few things (along with the takeover of mobile OSes vs. legacy crappy desktop OSes) which makes me hopeful for security.

JoachimSchipper13y ago

I'm not dissing TRESOR, which is really neat, but your "build a trusted machine out of untrusted parts" is very overblown. Among many, many other problems, neither TRESOR nor QUBES protects you from a compromised bootloader/BIOS, neither TRESOR nor QUBES protects you from a hardware keylogger, and neither TRESOR nor QUBES protects you from malicious or compromised PCI devices. (Also, TRESOR apparently uses passwords - people cannot be trusted to choose good passwords.)

pgeorgi13y ago

TRESOR or QUBES don't protect from compromised bootloader/BIOS. coreboot does (and I'm working on it for that reason).

But you can't use current generation Intel CPUs as devised by the GP since those (or rather their chipsets) come with embedded controllers (running updateable code signed by someone else) with way too much access to the hardware to be trustworthy.

To protect against malicious PCI devices use an IOMMU set up early (eg. while still running code from flash)

There are also facilities against hardware keyloggers, but with today's hardware integration, that's mostly a matter of physically locking down the notebook chassis.

2 more replies

rdl13y ago

I care about servers, not clients.

TRESOR plus TreVisor or an equivalent hypervisor is a necessary but not sufficient step to protecting a virtual machine from the physical server hardware or server operator. You also need trusted EFI (coreboot), Intel TXT, and a separation kernel (of which there are ~3 DOD funded ones, and a few more.

conductor13y ago

> as long as you trust a tiny subset of it -- potentially just the Intel CPU.

http://www.xakep.ru/post/58104/ (use Google Transalte)

TL;DR

The author has found an undeclared software module (backdoor?) working as a hypervisor in the System Management Block chip on the South Bridge working with Intel CPU with VT virtualization technology.

rdl13y ago

Yes -- it's pretty feasible for there to be lots of evil chips on a normal motherboard. It's not feasible for anyone but Intel to attack an E5 CPU right now, and probably not for the next ~2y, unless there's an implementation bug -- no one else can make a chip that dense and fast right now.

The BIOS is probably the lowest hanging fruit for an attacker now. Most trusted boot doesn't even really check the BIOS in any real way, it starts sometime after the BIOS.

gingerlime13y ago

Sounds interesting. Very clever thinking.

Just hope it doesn't get turned on its head for some yet-another layer of DRM that stops us from accessing our own content.

I guess (or hope) that seeding the key into the CPU in the first place is what's going to make it hard for content owners to use for DRM?

j / k navigate · click thread line to collapse

10 comments

7 comments · 2 top-level

rdl13y ago· 5 in thread

One of the few things (along with the takeover of mobile OSes vs. legacy crappy desktop OSes) which makes me hopeful for security.

JoachimSchipper13y ago

pgeorgi13y ago

TRESOR or QUBES don't protect from compromised bootloader/BIOS. coreboot does (and I'm working on it for that reason).

To protect against malicious PCI devices use an IOMMU set up early (eg. while still running code from flash)

There are also facilities against hardware keyloggers, but with today's hardware integration, that's mostly a matter of physically locking down the notebook chassis.

2 more replies

rdl13y ago

I care about servers, not clients.

conductor13y ago

> as long as you trust a tiny subset of it -- potentially just the Intel CPU.

http://www.xakep.ru/post/58104/ (use Google Transalte)

TL;DR

rdl13y ago

The BIOS is probably the lowest hanging fruit for an attacker now. Most trusted boot doesn't even really check the BIOS in any real way, it starts sometime after the BIOS.

gingerlime13y ago

Sounds interesting. Very clever thinking.

Just hope it doesn't get turned on its head for some yet-another layer of DRM that stops us from accessing our own content.

I guess (or hope) that seeding the key into the CPU in the first place is what's going to make it hard for content owners to use for DRM?

j / k navigate · click thread line to collapse