I fully agree that the goal of storing private keys on removable media is to
reduce the likelihood of recoverability. To this end it becomes relatively
trivial to (relatively permanently) eliminate the potential for recovery of
the private keys.
Fortunately I carry a very nice Buck knife which was a gift from my
girlfriend. It is terribly effective, due to the heavy handle, at breaking
plastic casings on things, followed by a good solid jab or two with the
business end of said knife to the flash memory on the USB drive will prevent
all but the most sophisticated labs from recovering the data.
Poul-Henning Kamp introduces the term "vault dynamite" (a quick google
didn't show any relevant hits on the term so I attribute it to him).
Basically, this refers to the ability to effectively destroy the
information; it references the situation where you have a set of event
suspended explosives inside your vault. If you perfom the required event in
the required period, the explosives detonate with enough force to destroy
the contents of the vault while leaving the surrounding infrastructure. By
implementing sufficiently strong encryption by modern standards (crypto IS
an arms race, after all!) and retaining the ability to destroy the keys you
have the ability to effectively destroy the information quickly and easily.
Destroying my USB storage device would be a very effective implementation
Off-loading crypto keys to removeable storage also makes the "dead-man
switch" a lot less fatal. It may be the case that you wish your dead-man
switch to protect private information, however the information on your drive
is of an exculpatory nature. In a traditional case where the information is
actually deleted or destroyed, recovering the exculpatory evidence which can
be more damaging than a loss of privacy or confidentiality.
In this case retaining the backup copy is vital, especially considering that
the failure to produce the private keys or admitting to the destruction of
them can be a criminal offense in and of itself (contempt of
court/obstruction of justice, or spoliation of evidence). In either case
the existance of the appropriately hidden backup encryption keys can be very
useful.
Just my thoughts on the matter...
-----Original Message-----
From: Mark Ahlers [mailto:mahlers2@jhmi.edu]
Sent: Monday, October 25, 2004 7:24 AM
To: Glenn_Everhart@bankone.com; volker.tanger@detewe.de;
yboily@seccuris.com; forensics@securityfocus.com
Subject: RE: Ever seen a dead-man switch?
Good Morning,
One good point regarding Private keys store on removable media is that
in most cases the key should be able to be recovered. If we can get a
warrant for a suspects computer equipment, then it shouldn't be hard to get
the USB key also. If not, then "Most" computer savvy users keep a backup or
backup key somewhere for redundancy purposes. Of course there are always
exception to the rule and cases where no recovery is possible.
Mark
"Yvan G.J. Boily" <yboily@seccuris.com> 10/20/2004 6:41:02 PM >>>
FreeBSD's GBDE (GEOM Based Disk Encryption) has the capability to have
multiple users access an encrypted drive in a reasonably secure fashion. It
also provides (via the command line interface) the ability to destroy all
keys associated with the GBDE partition, and the ability to use detached
lockfiles.
These abilities make the creation of a "dead-man-switch" trivial; I already
keep my private keys for asymmetric crypto on a USB key in my pocket; It
would be reasonably trivial to create a shell script and store it on the USB
drive which would create an in-memory file system, copy the keys to that
filesystem and use that. If the system is every powered down then the keys
should be essentially unrecoverable.
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
<-- Excerpt from paper -->
The ever increasing mobility of computers has made protection of data on
digital storage media an important requirement in a number of applications
and situations. GBDE is a strong cryptographic facility for denying
unauthorised access to data stored on a ''cold'' disk for decades and
longer. GBDE operates on the
disk(-partition)
level allowing any type of file system or database to be protected. A
significant focus has been put on the practical aspects in order to make it
possible to deploy GBDE in the real world.
-----Original Message-----
From: Glenn_Everhart@bankone.com [mailto:Glenn_Everhart@bankone.com]
Sent: Wednesday, October 20, 2004 9:37 AM
To: volker.tanger@detewe.de; forensics@securityfocus.com
Subject: RE: Ever seen a dead-man switch?
<snip>
Interestingly, if a cryptodisk ever got to be part of the OS, or any one
cryptodisk package became overwhelmingly dominant, it might be expected that
part of the routine for powering down a box would be to check for the
package and attempt to grab its keys from memory. As it is, there are enough
different packages that this activity is probably not widely done.
<snip>
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking
system please see: http://aris.securityfocus.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
