Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.programmer > #21178 > unrolled thread
| Started by | Roedy Green <see_website@mindprod.com.invalid> |
|---|---|
| First post | 2013-01-07 18:00 -0800 |
| Last post | 2013-01-08 00:44 -0800 |
| Articles | 4 — 3 participants |
Back to article view | Back to comp.lang.java.programmer
creating a secret-carrying box Roedy Green <see_website@mindprod.com.invalid> - 2013-01-07 18:00 -0800
Re: creating a secret-carrying box Arne Vajhøj <arne@vajhoej.dk> - 2013-01-07 21:27 -0500
Re: creating a secret-carrying box Twirlip of the Mists <twirlip@killfile.me.now.invalid> - 2013-01-07 23:12 -0500
Re: creating a secret-carrying box Roedy Green <see_website@mindprod.com.invalid> - 2013-01-08 00:44 -0800
| From | Roedy Green <see_website@mindprod.com.invalid> |
|---|---|
| Date | 2013-01-07 18:00 -0800 |
| Subject | creating a secret-carrying box |
| Message-ID | <6oume8lgqc1mg3qh0sellmhiss4n73qmti@4ax.com> |
The closest thing I have found to what I want is a Kanguru AES Encrypted Flash drive. I key a password to open it. I can then fill it will secret files which are hardware-encrypted. Then I close it and nobody can read the files without the password. HOWEVER, when I take it to another machine, enter the password, it opens up, but TOO open. ANY app can read it, including spyware. I am curious about how you might design such a beast without that problem. It would be open, but only to one APP. That one app might have to jump through hoops to retrieve or change data. One idea I had was to put a little linux OS on the flash drive that talked HTTPS. It would be like a portable secure server. The app could pass through a password over HTTPS keyed in. All its communications would be encrypted. Another idea I had was to run the app inside the USB drive, and have it talk to a device driver that would display and accept keystrokes and mouse strokes for it. Another related idea was putting some private keys in inaccessible ROM, and a CPU that could encrypt/decrypt. -- Roedy Green Canadian Mind Products http://mindprod.com Students who hire or con others to do their homework are as foolish as couch potatoes who hire others to go to the gym for them.
[toc] | [next] | [standalone]
| From | Arne Vajhøj <arne@vajhoej.dk> |
|---|---|
| Date | 2013-01-07 21:27 -0500 |
| Message-ID | <50eb8404$0$289$14726298@news.sunsite.dk> |
| In reply to | #21178 |
On 1/7/2013 9:00 PM, Roedy Green wrote: > The closest thing I have found to what I want is a Kanguru AES > Encrypted Flash drive. I key a password to open it. I can then fill > it will secret files which are hardware-encrypted. Then I close it and > nobody can read the files without the password. > > HOWEVER, when I take it to another machine, enter the password, it > opens up, but TOO open. ANY app can read it, including spyware. > > I am curious about how you might design such a beast without that > problem. > > It would be open, but only to one APP. That one app might have to > jump through hoops to retrieve or change data. > > One idea I had was to put a little linux OS on the flash drive that > talked HTTPS. It would be like a portable secure server. The app > could pass through a password over HTTPS keyed in. All its > communications would be encrypted. > > Another idea I had was to run the app inside the USB drive, and have > it talk to a device driver that would display and accept keystrokes > and mouse strokes for it. > > Another related idea was putting some private keys in inaccessible > ROM, and a CPU that could encrypt/decrypt. I believe the simplest way is to change from file system level encryption to app encryption. Now you have some data encrypted on disk, but when you enter the password the file system automatically decrypt for all access both the desired app and other apps. If it is a normal file system but with files encrypted and decryption being done by the app decrypting, then other apps can not read the data directly. There may still be some risk that they hook into the app that knows how to decrypt. Arne
[toc] | [prev] | [next] | [standalone]
| From | Twirlip of the Mists <twirlip@killfile.me.now.invalid> |
|---|---|
| Date | 2013-01-07 23:12 -0500 |
| Message-ID | <kcg6c4$hh6$1@news.mixmin.net> |
| In reply to | #21178 |
On Mon, 07 Jan 2013 18:00:07 -0800, Roedy Green wrote: > The closest thing I have found to what I want is a Kanguru AES > Encrypted Flash drive. I key a password to open it. I can then fill > it will secret files which are hardware-encrypted. Then I close it and > nobody can read the files without the password. > > HOWEVER, when I take it to another machine, enter the password, it > opens up, but TOO open. ANY app can read it, including spyware. > > I am curious about how you might design such a beast without that > problem. > > It would be open, but only to one APP. That one app might have to > jump through hoops to retrieve or change data. > > One idea I had was to put a little linux OS on the flash drive that > talked HTTPS. It would be like a portable secure server. The app > could pass through a password over HTTPS keyed in. All its > communications would be encrypted. > > Another idea I had was to run the app inside the USB drive, and have > it talk to a device driver that would display and accept keystrokes > and mouse strokes for it. > > Another related idea was putting some private keys in inaccessible > ROM, and a CPU that could encrypt/decrypt. If the drive sends file contents unencrypted to the PC, once the password has been sent to it, then untrusted apps on the PC can read the drive. So, you'll need the data to be encrypted in one way or another all the way into the application you're using it in. Furthermore, you will need the PC's operating system and all other kernel-mode code on it to be trusted, as well as the application. Kernel-mode code can see the contents of the application's address space, including the data post-decryption, and can also do things like keylogging while you type in the password. Your options, as I see them: 1. Only use it from a specific, trusted PC with clean installs of everything, minimal stuff installed, and preferably no network connection. Malware either can't get on it or can't phone home with what it saw. 2. More elaborate: use drive with trusted PC that runs some sort of server. Less-trusted PC connects to trusted PC via HTTPS or other encrypted protocol. So, data is encrypted entering less-trusted PC. Both machines are behind a firewall that will not accept traffic routed to or from the trusted PC, so the trusted PC can't talk to the internet directly (or be hacked from it). The semi-trusted PC runs a vetted Linux kernel and kernel modules, and use of the HTTPS connection is done from an unprivileged account. That account isn't used for anything else and its home directory is mounted on a ram drive so anything not saved to the encrypted drive evaporates every time that machine is reset, limiting the ability of any malware that infects that account to record anything for phoning home later. Disconnect the internet before using the drive and reboot before reconnecting the internet, and malware can't preserve anything to phone home with. Or, disable networking privileges for that account (launch a browser sudo root if you need to consult google, or use your phone or pad or a third computer). -- Hexapodia is the key insight.
[toc] | [prev] | [next] | [standalone]
| From | Roedy Green <see_website@mindprod.com.invalid> |
|---|---|
| Date | 2013-01-08 00:44 -0800 |
| Message-ID | <1fmne8tif6314ka6nivc29gpmle47vbb0o@4ax.com> |
| In reply to | #21192 |
On Mon, 7 Jan 2013 23:12:47 -0500, Twirlip of the Mists <twirlip@killfile.me.now.invalid> wrote, quoted or indirectly quoted someone who said : >can also do things like keylogging >while you type in the password. The Kanguru people came up with a clever dodge. You can key the password with your mouse. But the virtual keyboard mutates, so even if a snoop logs mouse click positions it gives him nothing. He would have to trap screen contents as well. When you start thinking about a properly fiendish opponent, it all becomes hopeless. The most common snoop is a keyboard logger hidden inside the keyboard where no software security check can find it. It gets rather amusing. What I have inside my flash drive are files full of true random numbers, for one-time pad encryption. So it is sort of nuts to protect them with a lower quality encryption. Every type of attack you can fend off makes it more costly for some third party to snoop. If you getting serious, you might install Linux from purchased CD and never attach the machine that does any encrypting/decrypting to the Internet or to a LAN. It would be like the machines the certificate companies use to guard their master private certificate keys. -- Roedy Green Canadian Mind Products http://mindprod.com Students who hire or con others to do their homework are as foolish as couch potatoes who hire others to go to the gym for them.
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.java.programmer
csiph-web