Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ever seen a dead-man switch?

from [Yvan G.J. Boily] Network Security [Permanent Link]
Subject: RE: Ever seen a dead-man switch?
Date: Wed, 20 Oct 2004 17:41:02 -0500 
FreeBSD's GBDE (GEOM Based Disk Encryption) has the capability to have
multiple users access an encrypted drive in a reasonably secure fashion.  It
also provides (via the command line interface) the ability to destroy all
keys associated with the GBDE partition, and the ability to use detached
lockfiles.

These abilities make the creation of a "dead-man-switch" trivial; I already
keep my private keys for asymmetric crypto on a USB key in my pocket; It
would be reasonably trivial to create a shell script and store it on the USB
drive which would create an in-memory file system, copy the keys to that
filesystem and use that.  If the system is every powered down then the keys
should be essentially unrecoverable.

http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf

<-- Excerpt from paper -->
The ever increasing mobility of computers has made protection of data on
digital storage media an important
requirement in a number of applications and situations. GBDE is a strong
cryptographic facility for denying unauthorised access to data stored on a
''cold'' disk for decades and longer. GBDE operates on the disk(-partition)
level allowing any type of file system or database to be protected. A
significant focus has been put on the practical aspects in order to make it
possible to deploy GBDE in the real world.



-----Original Message-----
From: Glenn_Everhart@bankone.com [mailto:Glenn_Everhart@bankone.com] 
Sent: Wednesday, October 20, 2004 9:37 AM
To: volker.tanger@detewe.de; forensics@securityfocus.com
Subject: RE: Ever seen a dead-man switch?

<snip>

Interestingly, if a cryptodisk ever got to be part of the OS, or any one
cryptodisk package became overwhelmingly dominant, it might be expected that
part of the routine for powering down a box would be to check for the
package and attempt to grab its keys from memory. As it is, there are enough
different packages that this activity is probably not widely done.

<snip>


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Ever seen a dead-man switch?, Sean Davis
Next by Date:  RE: Ever seen a dead-man switch?, Mark Ahlers
Previous by Thread:  RE: Ever seen a dead-man switch?, Glenn_Everhart
Next by Thread:  RE: Ever seen a dead-man switch?, Lachniet, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]