 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / November 2005portably encrypting a file system
Hi *, I have firewire and USB devices with partitions/logical drives, whole directories and/or files I would like to encrypt. The thing is that I need to be able to just plug in the thing on any x86 machine running a commercial OS that would just take it (and AFAIK the only filesystem that even a MAC would seamlessly 'mount' is vfat/FAT32) is there anyway to do that? I have read quite a bit about it and I still don't find exactly what I need. Also, why exactly does encryption belong in the kernel? I think once you make it a kernel-depending functionality 'portability' to other OS goes out the window Are there libraries out there (of course, preferably OSS ones) which you could compile for different OS and have access to pluggable devices? thanx otf > I have firewire and USB devices with partitions/logical drives, whole > directories and/or files I would like to encrypt. The thing is that I [quoted text clipped - 3 lines] > > is there anyway to do that? You mean and be able to access the encrypted files? You really don't want to do that on a strange computer, on which you must assume that all the keyboard and screen activity are being recorded. > all the keyboard and screen activity are being recorded Hmm! "screen activity"? How? You are right but for example keyboard activity can be recorded even in a "secure" system through its electromagnetic emissions (each key has its own frequency, even if we acoustically hear "tap-tap-tap" a proper device would distinctively "hear" each key's emission; something more like a piano play) ;-) ... but ..., is it possible for some device to record the electromagnetic differences caused by the photons in their way to the screen? That one would be new to me! otf >> all the keyboard and screen activity are being recorded > [quoted text clipped - 16 lines] > > That one would be new to me! The photons on their way to the screen give off electromagnetic radiation. It is possible to detect this radiation from a distance of several dozen yards through the walls and windows of typical residential construction. It is possible to reconstruct the intercepted signal on another monitor without you knowing that you're being watched. All of this is well known and has been demonstrated many times. There are even screen fonts with softened edges specifically to make it more difficult to reproduce them. I seem to remember a report about reconstructing an image using light reflected by the walls toward which an LCD screen was facing. The main problem is synchronizing the reflected light intensity with the monitor's scan pattern. >> but ..., is it possible for some device to record the >> electromagnetic [quoted text clipped - 12 lines] > There are even screen fonts with softened edges specifically > to make it more difficult to reproduce them. Electromagnetic emissions by keyboards I knew about, but this is new to me. Could you point me to some more info on this? > I seem to remember a report about reconstructing an image > using light reflected by the walls toward which an LCD > screen was facing. The main problem is synchronizing the > reflected light intensity with the monitor's scan pattern. Thanks >>> but ..., is it possible for some device to record the >>> electromagnetic [quoted text clipped - 5 lines] > is new to me. Could you point me to some more info on > this? Wim van Eck, "Computers and Security", 1985 Vol 4(4) pp 269-286 available here: http://jya.com/emr.pdf or here: http://web.archive.org/web/20000830130750/www.shmoo.com/tempest/emr.pdf Van Eck published his paper in 1985 (twenty years ago) with the remark that the technology had been known for twenty years before that. What is less well known about all this is that he also proposed a way of making this monitoring much more difficult using simple cryptographic techniques. Here's a less technical article on the subject from 1999, including various peripheral issues: http://wired-vig.wired.com/news/politics/0,1283,32097,00.html Disclaimer: this subject gets a lot of press from the "black helicopters and tinfoil hats" crowd. Certain subjects, this one included, generate a lot of recycled stories, and some of them get enhanced each time they are re-told. Keywords: "Wim van Eck" "CRT" "electromagnetic" "radiation" "monitor" "eavesdropping" "data security" "privacy" > What is less well known about all this is that he also proposed a way of making this monitoring much more difficult using simple cryptographic techniques. thanks for the links to the parpers but, will we be "better" missing that one! ;-) by the way I could not open this other link: http://web.archive.org/web/20000830130750/www.shmoo.com/tempest/emr.pdf Is this the one in which he explains how to counter the emr eavesdropping? thanx otf >>> but ..., is it possible for some device to record the >>> electromagnetic [quoted text clipped - 15 lines] > Electromagnetic emissions by keyboards I knew about, but this >is new to me. Could you point me to some more info on this? Markus G. Kuhn's doctoral thesis 2003 analyse the Tempest techniques in detail and he also shows being able to observe a LCD display http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf Markus Kuhn's and Ross J. Anderson's Soft- Tempest (1998) describes a low budged attacks, problem scenarios and Tempest counter measures. http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf US military says: "Unclassified estimates place interception ranges at 1 km."(2001) http://www.usace.army.mil/inet/usace-docs/armytm/tm5-692-2/chap28VOL-2.pdf Regards Juuso Hukkanen (to reply by e-mail set addresses month and year to correct) >>>all the keyboard and screen activity are being recorded >> [quoted text clipped - 18 lines] > > The photons on their way to the screen give off The electrons on their way to ... Photons do not give off radiation in flight. > electromagnetic radiation. It is possible to detect this > radiation from a distance of several dozen yards through the [quoted text clipped - 8 lines] > using light reflected by the walls toward which an LCD > screen was facing. CRT screen, yes. You're saying this has also been done with LCD? > The main problem is synchronizing the > reflected light intensity with the monitor's scan pattern. --Mike Amling > but ..., is it possible for some device to record the electromagnetic > differences caused by the photons in their way to the screen? > > That one would be new to me! I thought I read something about that on an antispy website. However, it didn't make sense to me that they wouldn't just broadcast the screen output from the VGA signal. The same site also said that they could monitor keystrokes from electrical impluses sent through the AC power supply, from out on the street. That one seems a little weirder - but hey, I don't doubt it! That's why I encrypt my hard drive to protect from Mallory - not from Uncle Sam! -- LTP :) > > all the keyboard and screen activity are being recorded > Hmm! "screen activity"? How? > You are right but for example keyboard activity can be recorded even in a > "secure" system through its electromagnetic emissions We're talking about ordinary PC's that are controlled by an attacker. Keystrokes entered into the computer and stuff drawn on the screen by application programs all pass through software layers in the operating system. The OS can be patched to log this data to the hard disk. No electromagnetic emission weirdness is needed. > I have firewire and USB devices with partitions/logical > drives, whole [quoted text clipped - 4 lines] > > Also, why exactly does encryption belong in the kernel? Putting the crypto in the kernel or in the surrounding drivers is probably the only way to make the interface "seamless" to the applications that run on the system and to the users of the system. Seamless integration implies that Excel and OpenOffice can share spreadsheets through an encrypted USB or network device without any modifications to the applications themselves and with no change in the way users of the applications do their work. "Getting it right" with crypto is sufficiently difficult that it makes a lot of sense to do it once, put it in the kernel, and make it available as a resource to any driver that needs it. It also makes it easier to integrate and manage a shareable hardware crypto support resource from the kernel. The real downside to putting the crypto at the application level is that it advances the notion that security can successfully be "bolted on" to an insecure system. This almost never works and leaves such gaping holes in the system's security that it becomes a modern variation on the story of "The Emperor's New Clothes." > Hi *, > [quoted text clipped - 19 lines] > thanx > otf This link might provide what you want, assuming what you want is not strong encryption. It is a hardware DES encrypted that goes between the HDD and the interface, for example inside a portable USB drive (but you will have to make a way for physical access to remove the key). Because this device works in ecb mode, a determined attacker will be able to extract some data (particularly text) within a short period of time (hours or days at most)using classical crypto methods. This is way shorter than claimed - but it might be enough to put off or defeat the non-expert. It is completely transparent to the operating system / hardware so it doesn't care what you use. http://www.elkom.com.tw/?section=2&id=13 Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.