LWN: Comments on ""Evil Maid" attack against disk encryption"

"Evil Maid" attack against disk encryption

nybble41 — Thu, 06 May 2010 23:18:43 +0000

> If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.

All your *current* data, yes; I don't see a way around that. The idea was to protect any future data you may put on the device from a different host PC.

> Not if your system is subverted.

The idea was to remove the USB key and re-encrypt it on a known-clean system, not re-encrypt on the compromised PC. Again, this is to protect against future unauthorized access, not to protect any data which may have already been exposed.

> Perhaps, but this doesn't exist today and sounds awfully expensive to develop.

I don't think it would be all that expensive; it's basically just a TPM chip with some trivial input hardware for the password. Internal hard-disk encryption exists today, though I don't know if it's any good. The drives I know of with that feature require full re-encryption to change the password, if they support it at all, but that wouldn't be hard to fix.

"Evil Maid" attack against disk encryption

mcortese — Thu, 26 Nov 2009 19:07:16 +0000

I read the original article, and found the comments particularly interesting. I also think Joanna was a little too severe with those proposing alternative protection schemes against the attack.

For example, keeping the /boot partition in a removable media that you carry with you all the time, does help. Nonetheless such proposal was dismissed as ineffective because it still allows for a BIOS infection.

Now, if I correctly understood the aim of the article, it was not to prove that your hardware is prone to attacks if left unattended, but rather how simple and quick these can be. Re-flashing a BIOS is in no way comparable to plugging in a USB drive and pressing the power button!

Before Joanna's article and proof of concept, we were tempted to overestimate the security level that Full Disk Encryption could grant us. Thank her for the enlightenment. Does this mean that FDE is useless? I don't think so. Alone it is not enough, but with appropriate side measures (like removable /boot) it can secure our system to a reasonable level.

"Evil Maid" attack against disk encryption

robbe — Fri, 06 Nov 2009 13:46:29 +0000

You can't trust your computer after the Evil Maid touched it. It may very
well post your Valuable Secrets to wikileaks once you plugged in your
memory stick containing it.

"Evil Maid" attack against disk encryption

jordanb — Mon, 02 Nov 2009 22:33:56 +0000

I always leave a $5 tip on the bed for the maid. My father (a Union representative) did it too, he explained, because their job sucks and they get paid peanuts. I do it for the same reason, but I also bet I'd be the last person they rip off.

Grammar nitpick

jake — Mon, 02 Nov 2009 22:25:27 +0000

> (These things work better if you mail them to lwn@, btw.)

ah yes, i somehow had missed the parent comment ... all fixed, including the one you emailed, Greg.

i should take the grumpy guy's advice and not try to write articles on Wednesday :)

thanks!

jake

Grammar nitpick

roelofs — Mon, 02 Nov 2009 22:04:04 +0000

"This PoC ... are very useful" is even more painful. ;-)

(These things work better if you mail them to lwn@, btw.)

Greg

"Evil Maid" attack against disk encryption

wolfgang.oertl — Sat, 31 Oct 2009 15:42:57 +0000

Many suggestions revolve around having a separate USB memory stick with passwords or boot loaders and such, and keeping that very safe. How about storing your important data on it (encrypted of course) instead of on the hard drive? This makes the "evil maid" attack useless - doesn't it?

My scheme does not seem to be vulnerable

NAR — Fri, 30 Oct 2009 17:02:36 +0000

The Evil (and Determined) Maid then installs a logger on the BIOS which captures the key from the USB flash drive and from the keyboard...

"Evil Maid" attack against disk encryption

bronson — Fri, 30 Oct 2009 02:11:52 +0000

> You could use one-time passwords

If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.

> Or you could re-encrypt the entire disk

Not if your system is subverted. Sure, it would appear to you that everything is being re-encrypted, but in reality the back door the maid slipped will be used to copy everything the next time you leave your computer behind. (this is just one scenario, the attacker could also weaken the encryption algo, ship your data out over the network, etc etc)

> You could also make the encryption hardware external to the main system

Perhaps, but this doesn't exist today and sounds awfully expensive to develop.

"Evil Maid" attack against disk encryption

sitaram — Fri, 30 Oct 2009 00:30:47 +0000

Certainly, but that takes the attack into a different realm, was always possible anyway, and was always conceptually much easier and cleaner.

"Evil Maid" attack against disk encryption

diederich — Thu, 29 Oct 2009 22:55:09 +0000

I think a talented "Evil Maid" could install a keyboard logger into a laptop in a few minutes.

"Evil Maid" attack against disk encryption

nybble41 — Thu, 29 Oct 2009 21:29:17 +0000

You could use one-time passwords. That would defeat any attempt to simply read the password and store/transmit it for later use. Getting around that would require hardware changes or some kind of resident hypervisor to gain access to the new password.

This obviously assumes that the current password can't be used to gain access to a more permanent key. The permanent key could be made so bulky that it can't be stored in the MBR, and that getting it off the system by other means would take a noticeable amount of time. Or you could re-encrypt the entire disk with the new password every time, and not have a permanent key...

You could also make the encryption hardware external to the main system, and never expose the permanent key to the computer itself at all. That eliminates the need to re-encrypt, but the device has to be tamper-proof (or you have to carry it around all the time). Good built-in drive encryption would qualify, but only if you can change the password of an unlocked drive without clearing it.

"Evil Maid" attack against disk encryption

drag — Thu, 29 Oct 2009 20:31:24 +0000

No.

Even if your using TPM the hardware can still be subverted if you allow
physical access to it. TPM does not solve any "evil maid" related issue
that putting the bootloader in removable media won't solve, except maybe
the BIOS thing.

TPM is useful for detection of problems with malicious software in your
bootloader and kernel. That way you can establish a chain of trust from
initial boot-up to running the OS. This allows you to hash every element
from the BIOS on upwards. This way you can reliably detect things like
rootkits by a simple reboot, which is impossible otherwise. Previously to
TPM you had to use a tool like tripwire or other host-based IDS while the
system was offline (like you were booted up in a live cd) and comparing
that result with last known good hash is the only reliable way to combat
rootkits. TPM can reduce the complexity, expense, and difficulty of that
considerably.

It is not really designed to secure your machine from physical access.

------------------------------------

Really the only solution using current technology is just not to leave your
stuff were other people have access to it when your not around.

My scheme does not seem to be vulnerable

bronson — Thu, 29 Oct 2009 18:59:33 +0000

This sounds really interesting and useful. Do you have an articles or blog posts that describe your setup?

"Evil Maid" attack against disk encryption

bronson — Thu, 29 Oct 2009 18:57:16 +0000

But once you plug your USB key back into your compromised laptop, you're boned.

There's simply no way around it: once you give an attacker physical access, you give him the kingdom.

"Evil Maid" doesn't care about your passwords -- watch out for the thieves though

zzxtty — Thu, 29 Oct 2009 17:35:07 +0000

"Just lock your valuables in a room's safe before you leave the room!"

I suspect a lot of this paranoia is directed at people visiting China and the idea of state sponsored industrial espionage. In such a case you cannot trust the hotel room safe, in fact you cannot trust anything.

Take your own hardened case and 50 or so quality padlocks?

"Evil Maid" doesn't care about your passwords -- watch out for the thieves though

ikm — Thu, 29 Oct 2009 17:00:00 +0000

Just lock your valuables in a room's safe before you leave the room! How hard should that be to understand? Who cares about tinkering and passwords when your hardware is gazillion times more probably would just got plain stolen?

My scheme does not seem to be vulnerable

giggls — Thu, 29 Oct 2009 16:00:47 +0000

All the Linux based laptops on my workplace which I am responsible for use an encryption scheme with a trusted kernel/initrd/key+password combination on personal USB flash drives. People usually carry them seperated from their laptops as keyring or such.

The system itselfs consists of a LUKS encrypted harddrive without any bootloader installed. To get them running the flash drives are used (I offer booting from our cooperate LAN as an additional feature).

The only thing I would like to get worked out is to add kexec. This way I would be able to make this stuff independent of distributions and kernels of the running system.

"Evil Maid" attack against disk encryption

Cyberax — Thu, 29 Oct 2009 15:24:47 +0000

"If your using a laptop, for example, any device that you plug into it that implements DMA access can trivially retrieve your password. Like a firewire cardbus card or something like that."

Not anymore. New platforms (including notebooks) have IOMMU, which separates each device into its own memory protection domain.

"TAKE YOUR BOOTLOADER WITH YOU."

Won't work. 'Evil maid' can infect your BIOS, so your whole Linux will run after 'evil' code is executed. Which can install backdoors into SMM, for example.

In short, TPM is the only real solution. You _need_ to have a hardware you trust as the base of the 'trust chain'.

"Evil Maid" attack against disk encryption

drag — Thu, 29 Oct 2009 15:00:28 +0000

If a normal PC was left on then it makes it even easier to grab passwords.

If your using a laptop, for example, any device that you plug into it that implements DMA access can trivially retrieve your password. Like a firewire cardbus card or something like that. Plug that in, Linux detects it and configures it, and the attacker uses a separate PC running Linux to communicate over the firewire and send DMA requests to systematically shift through your memory until it finds the encryption key.

Even if you block against autodetecting hardware your RAM is still removable so that if the attacker is quick they can pull your RAM out of your machine and then read it before the memory goes all random on them.

And there are other attacks besides that.

Now this is with actual hardware you can actually buy. Theoretically if you have some sort of physical resistant hardware then that may help. For example you can currently purchase hardddrives that have self-destruct mechanisms that get set off if they are tampered with... doing such things as spraying the drive internals with acid mist to etch the platters. So you can do all sorts of stuff theoretically if the hardware supports it, but right now that is not typical consumer hardware most of us can afford.

---------------------------------

Now I can't believe people are avoiding obvious solutions to this particular attack (were they install a trojaned bootloader):

TAKE YOUR BOOTLOADER WITH YOU.

This is Linux. You don't have to boot off of internal media if you don't want to. Use a USB stick and boot from that and take that with you.

Or just take the laptop with you were ever you go. If it is a small device like a "open Linux smartphone" or a netbook that can adequately meet your needs then you can just keep it on your person.

"Evil Maid" attack against disk encryption

MegabytePhreak — Thu, 29 Oct 2009 14:59:55 +0000

Using a USB Key which you keep on your person with a keyfile would seem to protect against this as well. So would using a Smartcard. Sure the attacker can get your password, but without getting the USB Key/Smartcard it is impossible for the attacker to the data.

"Evil Maid" attack against disk encryption

cesarb — Thu, 29 Oct 2009 12:12:48 +0000

Another theoretical way to defend against "hardware keylogger" attacks would be for the system to be always on, and detect attempts to attack it (it could detect keyboards being temporarily removed to install a keylogger in the middle of the cable, hard disks being removed to tamper with their boot sectors, new malicious hardware being added, or even physical movement of the computer using accelerometers).

"Evil Maid" attack against disk encryption

ranmachan — Thu, 29 Oct 2009 10:53:28 +0000

Well obviously it's stupid if you forget to password-protect the system.
This leaves the 'hacker physically removes harddisk' and 'hacker adds hardware keylogger' attack vectors.

At least the first can be worked around by either password-protecting the harddisk (which modern disks support, but I have no idea if there are BIOSes that can boot from protected disks) or even better to always boot from a usb stick you carry with you at all times and not have the boot code on the system at all. :)

The only thing you can do about 'hardware keylogger' attacks is probably to physically lock away the system in a safe or some other safe place.

Grammar nitpick

epa — Thu, 29 Oct 2009 10:47:39 +0000

One still must consider which kinds of threats you are trying to protect against.

Should be either 'One still must consider which kinds of threats one is trying to protect against.', or 'You still must consider...'

"Evil Maid" attack against disk encryption

sitaram — Thu, 29 Oct 2009 06:59:09 +0000

This won't work if you use on-disk encryption, like some of the newer hard drives. You can't write the payload (or indeed anything) to the disk without knowing the password or (possibly) destroying all the contents anyway.

I've heard people say that these sorts of encryptions do not have too much entropy and/or people use weak or guessable passwords, but it's still a pretty good extra layer of security on top of whatever else you may be doing, and at least it makes it *feasible* (if you're sufficiently paranoid and disciplined) to protect your self.

About the only thing that would cause concern here is a backdoor left in the hard disk, for "technical support" reasons or at the behest of agencies with 3-letter acronyms :-) I wouldn't rule out that possibility.