On 9/10/13, Kailash <listskail...@gmail.com> wrote: > http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance > > We have some software solutions. Could a system be also compromised when > using a generic hardware layer? And if so, what options exist? > > Any pointers would be appreciated.
Regarding Virtual Machines, it is simple logic, as follows: Thought experiment: I assume your question is "virtual machine" (VM) hardware layer: That VM has a disk, that disk is provided by your VM supplier, that disk is viewable by them, thus your private web/vpn keys are exposed. If you use FDE (full disk encryption) then initial minimal kernel with passworded decryption key must still be visible, and to boot your VM, you will have to remote login to the minimal kernel (boot/serial) console (this is often called a side-channel) to enter boot/FDE password (to unlock the FDE key). In either case, we can now get "in" to our VM by "normal" means - eg ssh. Once the VM is running, it is running in memory, on VM manager, which can view the VM memory and therefore access file mounts that way (if you can competently hack such, which we assume here); this obviates the usefulness (to a degree) of your FDE (although FDE still provides some protection against VM image offsite backups, which may not be as secure as one might think). So, one way or another, we ssh into our VM to admin. Now, we embed a tcplay or luks "loopback volume" in our VM. So ssh in, loopback mount the loopback volume, entering decryption key password through the ssh session. Now chroot into loopback volume and run services (eg openvpn, apache) from there. This has advantage over FDE that we no longer need side-channel login to reboot (which often can happen [un-]intentionally without your knowledge, and the side-channel may well be "less secure", have more monitoring on it etc. Because we ssh in, the password is not kept on the VM and we can have a short duration of that password appearing in memory on the VM. BUT, the problem above still is: once eg openvpn private key is unlocked, or apache is started (with its SSL/TLS/HTTPS private certificate), in the chroot, these services are still now running in the VM RAM, so now still accessible to the virtual-machine infrastructure (memory) attack mentioned above. Finally another problem!: Whether using FDE at bootup, or an encrypted loopback volume (containing chroots), in your VM, as mentioned above, some part of your VM begins life unencrypted (eg the initial boot FDE decryption code on startup (with sidechannel login problem above), and/ or the non-FDE'ed operating system installation (normal non-encrypted install) which contains some encrypted loopback volumes for chroot usage, AND in either case, that initial non-encrypted code can be replaced by your VM supplier with similar code which contains a keystroke-logging trojan, which stores your entered password(s) on across the network on some other machine, virtual or otherwise! So, you are reliant totally on the VM supplier and their trust-worthiness as to whether you have any privacy on that VM or not! I hope no-one here deludes themselves otherwise. Unfortunately, dependency implies trust. As said on /., one of the greatest "sad" things in this NSA debacle is the "destruction of trust" or somesuch. But this coin has a flip side! A positive flip side! Long term, but very good positive flip side! </lots more religiously positive fervour for those who want it :)> : The real question is not "how much trust have we lost?" but "who can I trust?" This is an excellent question to be asking. And similar, "who shall I choose to be co-dependent on?" (Whether for food, for energy, for computing, etc). Such blatant disregard for human rights and human dignity as we have seen by NSA, is just awareness possibility for those who were shocked (many have been) - this is a good thing! They get reality pill so to speak :) So now is the time to encourage this global conversation of trust, technology, surveillance, co-dependence etc. Re co-dependence - we have illusion of independence in this modern tech world! We in "modern" tech world have possibility to live like kings of 300yrs ago - eat cheesecake every day, drive amazing chariot (car), communicate instantly, etc etc., and we are intimately inter-dependent (or "co-dependent") on the others in our society, for our illustrious and indulgent way of life - mechanics, computer technicians, supermarket operators, checkout persons, fuel stations, manufacturers etc. the list is very long. Is it possible to choose our inter-dependencies, our co-dependencies? To some degree yes. We can foster relationships with individuals rather than companies, we can choose to do business with those companies who display greater ethics (or "utility" for those who decry ethics - I'm looking at you Ralph :) Long term, if we want infrastructure (host computers) we can trust (at to some degree), we must run them ourselves, or work closely with those who are trustworthy! Long term, if we want a decentralised internet, we must build it - build wifi or LAN links between our neighbours, so that we are not all going through centralised everything! And the beauty is, even small pockets of decentralisation (ie genuine, in-this-physical-world localised decentralisation in particular for communications networks), can be extra-ordinarily disruptive on a global scale. The more localised co-dependencies/ independent inter-dependencies that we build around the world, the greater the privacy we achieve with tools like TOR! Very small and local "independent" computer networks are exactly the requirement for significant and broad disruption to the gorilla network monitors (NSA). While you build your local networks, choose small server platforms (diversity is good), and run a small, physical, controlled-by-you local network of server hosts; more independence, more local inter-dependence, and cryptographically/mathematically, very disruptive of the wanna-be whole-network monitors (including NSA). My expose of this manifesto is unfortunately verbose, probably emotionally laden and clumsy. So I apologise. Please anyone put the above togehter in a more coherent way. Own it by everyone. Live it by many. With every calamity comes great opportunity. (don't remember who this quote?) A small group of thoughtful, committed individuals can change the world, indeed it is the only thing that ever has. (Margaret Meade). Good luck, and may inspiration, aspiration, persistence and joy be with all of good heart, Zenaan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caosgnsrkpxz6cq8yyvrzvumap1uwbk6aicdrbss4h26jj5t...@mail.gmail.com
