It's great watching someone tell an audience everything they already know about security as if its some amazing realization whilst he has spyware attached to his face.
Can dusters are feeble things. If you can bring a "liquid withdrawal" CO2 cylinder or invert a vapor withdrawal cylinder you have far more CO2. A suitable container or bag could let you freeze a machine for as long as you can maintain gas flow. "Kegerator" size cylinders aren[t large. One could easily disguise one as a fire extinguisher, or use an extinguisher filled with CO2 only.
Well, it should be. Otherwise the encryption scheme is useless. Think about it. If you, the user, have to provide absolute physical security of the system, what is the point of using disk encryption? Either you succeed in which case it doesn't matter if your disk is unencrypted because no one will be able to physically access it anyway, or you fail in which case the encryption will be defeated so you might as well not bother encrypting your drive in the first place. The whole point of disk encryption is protecting your data against physical access. It is not meant to do anything else. So if it fails to do this, what is it good for?
***** Lets try this from a different perspective, the statement, as it sounded to me, has the implication that the program should somehow stop someone from grabbing your hard disk from the computer. This is obviously not possible. You are correct, the encryption does make physical access more difficult, and indeed has the bonus of wasting a potential thief's time. To simplify my ideology: The user is responsible for physical security, where the encryption is the fail safe(long?*) in case the user is unwilling/unable/dead/etc (pick one or make your own). The encryption, in theory, should not become part of your mainline security plan, it's something that is in place in the event your user fails. *most current encryption technologies will fail before we die, just making the red team take longer to get the data (long enough to change passwords, and such) is a win in my book.
Phil Thomas I absolutely agree that disk encryption should not be your primary line of defense, it should be a failsafe. But what good is a failsafe which is very likely to fail the moment your primary system fails? I don't want the software to prevent someone from someone physically taking the disc. That can happen and that's why I'm encrypting the drive in the first place. But I do want the software to protect me from at least the easiest forms attacks which require physical access. Like DMA attacks. DMA attacks are ridiculously easy to perform, but, as demonstrated in this panel, also easy to prevent in software. So why shouldn't the encryption software protect me from them? Of course, if someone takes apart my keyboard and hides a keylogger inside, no software can protect me, but is that a valid excuse to not cover as much ground as possible?
What about hw hd encryption, like the samsung 840 pro ssd series? This video might have covered that, but I'm not proficient enough to understand if it did.
There is a practical matter. If an attacker is sufficiently powerful, there are no steps that you can take to secure your data. It is more practical to secure a device physically than to expect the encryption to overcome a physically insecure system. Because, even if you do everything this guy wants you to do, whoever broke into your computer might simply have replaced the CPU. They've got a special one that acts just like a normal one, except that it saves the contents of the debug registers so that they can have your key. Let's face it. If your adversary is that powerful, you are already sunk. If you can't trust that your RAM is secure, if you think it is being imaged, then you might as well not even try. It is easier to watch you type in your password when you think no one is watching than to pull something like that off.
Right now Intel and AMD are the only two entities physically capable of manufacturing malicious CPUs. And even for them it would still take large teams working for months on it (modifying the design, verifying the new design, making new masks, creating a few test CPUs, finding mistakes, fixing them, creating new masks and finally producing the one malicious CPU that will be used to attack you). So unless you _really_ piss off someone very high up in Intel/AMD, you should be fine. RAM, on the other hand, is a very real concern because of DMA. Anyone can do it. You don't even need special hardware, you can repurpose existing hardware to do it.
***** "Right now Intel and AMD are the only two entities physically capable of manufacturing malicious CPUs." Nonsense, any government spy agency can do the same. AMD and Intel are the only ones able to produce such chips commercially, due to patent restrictions. But when we are talking about malicious actors, we are talking about people who don't care about patent restrictions. For someone like myself, the whole thing is a non-issue. I am not a big enough target for someone to want to change out the hardware to get the contents of RAM. But, if someone _is_ a big enough target to worry about the attack in the video, the attack I mention is just as problematic. If you assume an all-powerful attacker who can get at your system while you are still using it, there is nothing you can do to secure yourself.
John Undefined The attackers may not be concerned with legal restrictions but they are not exempt from economical restrictions. Implementing the manufacturing processes used by (especially) Intel and (also) AMD would cost billions of dollars. *And* you would need to get your hands on the original Intel/AMD designs so that you could modify them. And if governments have their own microchip manufacturing lines, why are they outsourcing all of their microchip manufacturing needs to private businesses?
***** "And you would need to get your hands on the original Intel/AMD designs so that you could modify them." As I recall, the chip pinouts are public record (so that computer manufacturers can easily be compatible.) The instruction sets are definitely public record. That's all an attacker needs as far as knowledge of the chip. "And if governments have their own microchip manufacturing lines, why are they outsourcing all of their microchip manufacturing needs to private businesses?" Just because they are willing to spend $100 million on a chip to spy on a target doesn't mean that want to spend that much on chips for their own direct use. Now, I don't know what attack vectors our government is actually using. I do know that they could do what I described if they wanted, it's just a matter of time and money. And they certainly have the budget for it. And there's a very interesting thing about your comments. They seem to seek to persuade people that the "solution" proposed in the video is sufficient against all attackers and not to bother worrying about anything that might bypass that security. But the "solution" proposed in the video creates a single point of failure. Someone who uses it is a sitting duck for anyone who swaps the CPU with such a counterfeit. And a distraction such as yours is precisely what I would expect if some nameless agency were actively using the technique or preparing to do so. Again, I think that physically securing your computer is the most practical solution. If you are not able to do that, nothing you can do will give you the security you want. But if you are sufficiently concerned about a DMA attack in which an attacker has to identify a 32-byte key in 4G or more of memory (and I am _not_ going to tell you not to worry about that) then you should also be concerned about a counterfeit chip which causes you to hand your key over on a platter because they are the only 32 bytes used in the proper capacity in the special instruction.
I already had to bypass IBM BIOS' password and fail for the first time due to an EPROM called 'security chips'. That's why i'm using Lenovo at the moment. I also use RAM and HDD encryption running Linux on AES Capable CPU. I guess anyone to decrypt my laptop... well except attacking me with a gun, it's almost impossible!
You do know that Lenovo is IBM right? IBM sold their PC and Laptop divisions to Lenovo. The only thing that's changed is who's name is printed on the device.
GGigabiteM Yes of course. I'm having a Lenovo Twist, great laptop except that the wireless card does not support injection. It even come with a GPS aactivatedin the bios to trace it even when it's not on the internet! I tried to remove it, to protect my privacy, but I even couldn't find it on the motherboard! I guest others companies are offering such option, but IBM is quite the most reputed one. I'm finally comfortable with the GPS since I'm operating a system that contain no personal identification. Sensible information, sure, but nothing to identify my-self.
Sonny Champagne Computrace is an option ROM stored in the BIOS chip. The only way to remove it permanently is to decompile the BIOS image, remove the Computrace option ROM and recompile a new BIOS image. You need specialized tools to do this though and there's the likely possibility you could brick the laptop doing it.
Except for deniable encryption schemes that let you set up a "false key" that when entered, looks like it decrypts the drive but also triggers a wipe of the sensitive information first. Then if you're being tortured, you just give up the false key. Presto, everything looks all well and dandy to the attacker (provided you left *some* less valuable but still secretive information so it doesn't look suspicious) and the really dangerous information is still hidden/destroyed.
+DigGil3 That makes sense. When your attackers can be assumed to possess the resources to interrogate you, encryption schemes that don't include *some* sort of support for false keys would probably fail abysmally.
Not necessarily, and not necessarily of all kinds. Encryption that works with hidden partitions is possible with TrueCrypt and a few other systems, where it's impossible to create partitions of dummy data and hidden inside those partitions are yet more partitions that are mathematically impossible to prove through disk analysis. This means "rubber hose cryptography", AKA torture to get encryption keys is somewhat mitigated. Since you can't ever prove you've found the "real" hidden data yet and you can't really indefinitely torture someone. It allows people a chance to survive even a gun to the head if they have the balls to do so.
Is this guy butthurt because he applied for a job at truecrypt and they rejected him or something? Of course tryecrypt isn't going to protect from an attacker kidnapping the user and forcing them to reveal their password, or from somebody putting a hardware keylogger on their keyboard. How would they?
elmateo77 > or from somebody putting a hardware keylogger on their keyboard. That's why we have things like Yubikey. Then again, I have 2 passwords, both decrypt but the latter will remove anything potentially sensitive. This _can_ pose a problem if the user AKA me, has had one too many brews! :)
elmateo77 those are actual concerns regarding authentication. Yes, you know the password, but if the police threatens you with violence or jail time or fines or whatever, the password is useless. In fact, because encryption technology is typically "better" than decryption counter technology, governments have gone with the path of least resistance - threatening punishments, waving 'warrants' in your face, etc It's all an arms race.
Wow. Honestly, I'm not trying to be a jerk here, but if there was ever a guy needing to get laid, this is him. Also, 5mins in it seams his whole thesis is based on software encryption not good enough for physical attacks. Well thank you captain obvious! Hello? Common sense calling? It kind of makes the last 40mins of this talk pointless. Who in their right minds is saying to themselves, "Gee, I'm going to install TrueCrypt because I think someone's going to sneak into my bedroom at night and hot wire around my security"
![[Full Episode] MasterChef Junior Thailand มาสเตอร์เชฟ จูเนียร์ ประเทศไทย Season 3 Episode 10](http://i.ytimg.com/vi/8kldrPPsDZs/mqdefault.jpg)
It's not a Defcon talk without technical difficulties
It's great watching someone tell an audience everything they already know about security as if its some amazing realization whilst he has spyware attached to his face.
^
@Nunya Business HackSumer... Wannabe.
purple text on pink background....
RGB cable is missing the G.
Looks like a broken VGA connector...
Def a broken connector. Evidence @ 3:55 & 5:15, where the picture says it all.
We could try to reconstruct the G channel by averaging out the R and B values... it'd look better.
It's the next big thing in crypto. Store your text in a colour nobody can read
Fuck ya, this guy was ahead of the times. TPM is now actively used for anti evil maid on various systems
Cool Idea to use GGlasses for notes or similar stuff
Intense physical pain will get the password/key location from him/her/other; but I get the point of the talk.
Pushing TPM??? FEDFEDFED!!!!!!!
David Hope-Ross Trusted Platform Module.
@Saquez hardware implemented encryption with instructions for the assembly language
Can dusters are feeble things. If you can bring a "liquid withdrawal" CO2 cylinder or invert a vapor withdrawal cylinder you have far more CO2. A suitable container or bag could let you freeze a machine for as long as you can maintain gas flow. "Kegerator" size cylinders aren[t large. One could easily disguise one as a fire extinguisher, or use an extinguisher filled with CO2 only.
It's almost like he is describing Qubes OS!
When you have your disk in a strongbox you still need encryption for when the feds get it out :p
is he related to mootles
he looks like a relative
Is the speaker wearing a Google Glass or what?
Turned it off after he stated physical security was the responsibility of the encryption program, and not the user.
Well, it should be. Otherwise the encryption scheme is useless. Think about it. If you, the user, have to provide absolute physical security of the system, what is the point of using disk encryption? Either you succeed in which case it doesn't matter if your disk is unencrypted because no one will be able to physically access it anyway, or you fail in which case the encryption will be defeated so you might as well not bother encrypting your drive in the first place.
The whole point of disk encryption is protecting your data against physical access. It is not meant to do anything else. So if it fails to do this, what is it good for?
*****
Lets try this from a different perspective, the statement, as it sounded to me, has the implication that the program should somehow stop someone from grabbing your hard disk from the computer. This is obviously not possible.
You are correct, the encryption does make physical access more difficult, and indeed has the bonus of wasting a potential thief's time.
To simplify my ideology:
The user is responsible for physical security, where the encryption is the fail safe(long?*) in case the user is unwilling/unable/dead/etc (pick one or make your own). The encryption, in theory, should not become part of your mainline security plan, it's something that is in place in the event your user fails.
*most current encryption technologies will fail before we die, just making the red team take longer to get the data (long enough to change passwords, and such) is a win in my book.
Phil Thomas I absolutely agree that disk encryption should not be your primary line of defense, it should be a failsafe. But what good is a failsafe which is very likely to fail the moment your primary system fails?
I don't want the software to prevent someone from someone physically taking the disc. That can happen and that's why I'm encrypting the drive in the first place. But I do want the software to protect me from at least the easiest forms attacks which require physical access. Like DMA attacks. DMA attacks are ridiculously easy to perform, but, as demonstrated in this panel, also easy to prevent in software. So why shouldn't the encryption software protect me from them?
Of course, if someone takes apart my keyboard and hides a keylogger inside, no software can protect me, but is that a valid excuse to not cover as much ground as possible?
+Phil Thomas Your logic is warped.....
You do not seem to understand everything about this subject.
holy shit its..that year..
What about hw hd encryption, like the samsung 840 pro ssd series? This video might have covered that, but I'm not proficient enough to understand if it did.
vinkuu tomshardware those ssd are broken
Here is a great talk from 35C3: th-cam.com/video/C5hLTk5MyGU/w-d-xo.html
There is a practical matter. If an attacker is sufficiently powerful, there are no steps that you can take to secure your data. It is more practical to secure a device physically than to expect the encryption to overcome a physically insecure system. Because, even if you do everything this guy wants you to do, whoever broke into your computer might simply have replaced the CPU. They've got a special one that acts just like a normal one, except that it saves the contents of the debug registers so that they can have your key. Let's face it. If your adversary is that powerful, you are already sunk. If you can't trust that your RAM is secure, if you think it is being imaged, then you might as well not even try. It is easier to watch you type in your password when you think no one is watching than to pull something like that off.
Or just hire some guys to beat you till the gig's up.
Right now Intel and AMD are the only two entities physically capable of manufacturing malicious CPUs. And even for them it would still take large teams working for months on it (modifying the design, verifying the new design, making new masks, creating a few test CPUs, finding mistakes, fixing them, creating new masks and finally producing the one malicious CPU that will be used to attack you). So unless you _really_ piss off someone very high up in Intel/AMD, you should be fine.
RAM, on the other hand, is a very real concern because of DMA. Anyone can do it. You don't even need special hardware, you can repurpose existing hardware to do it.
*****
"Right now Intel and AMD are the only two entities physically capable of manufacturing malicious CPUs."
Nonsense, any government spy agency can do the same. AMD and Intel are the only ones able to produce such chips commercially, due to patent restrictions. But when we are talking about malicious actors, we are talking about people who don't care about patent restrictions.
For someone like myself, the whole thing is a non-issue. I am not a big enough target for someone to want to change out the hardware to get the contents of RAM. But, if someone _is_ a big enough target to worry about the attack in the video, the attack I mention is just as problematic. If you assume an all-powerful attacker who can get at your system while you are still using it, there is nothing you can do to secure yourself.
John Undefined The attackers may not be concerned with legal restrictions but they are not exempt from economical restrictions. Implementing the manufacturing processes used by (especially) Intel and (also) AMD would cost billions of dollars. *And* you would need to get your hands on the original Intel/AMD designs so that you could modify them.
And if governments have their own microchip manufacturing lines, why are they outsourcing all of their microchip manufacturing needs to private businesses?
*****
"And you would need to get your hands on the original Intel/AMD designs so that you could modify them."
As I recall, the chip pinouts are public record (so that computer manufacturers can easily be compatible.) The instruction sets are definitely public record. That's all an attacker needs as far as knowledge of the chip.
"And if governments have their own microchip manufacturing lines, why are they outsourcing all of their microchip manufacturing needs to private businesses?"
Just because they are willing to spend $100 million on a chip to spy on a target doesn't mean that want to spend that much on chips for their own direct use.
Now, I don't know what attack vectors our government is actually using. I do know that they could do what I described if they wanted, it's just a matter of time and money. And they certainly have the budget for it.
And there's a very interesting thing about your comments. They seem to seek to persuade people that the "solution" proposed in the video is sufficient against all attackers and not to bother worrying about anything that might bypass that security. But the "solution" proposed in the video creates a single point of failure. Someone who uses it is a sitting duck for anyone who swaps the CPU with such a counterfeit. And a distraction such as yours is precisely what I would expect if some nameless agency were actively using the technique or preparing to do so.
Again, I think that physically securing your computer is the most practical solution. If you are not able to do that, nothing you can do will give you the security you want. But if you are sufficiently concerned about a DMA attack in which an attacker has to identify a 32-byte key in 4G or more of memory (and I am _not_ going to tell you not to worry about that) then you should also be concerned about a counterfeit chip which causes you to hand your key over on a platter because they are the only 32 bytes used in the proper capacity in the special instruction.
defcon yup yup any in UK 2016
what is with the all the pinks in the power point. My eyes HURT.
It looks like the VGA cable/connector isn't seated properly - Green color is missing, so the picture is pink.
***** Good call. Which side are the green pins on? Left or right?
Which side ? Pin 1 is Red, 2 is Green and 3 is Blue. Just google "VGA Pinout" ...
I guess it's because of a bad video cable.
I already had to bypass IBM BIOS' password and fail for the first time due to an EPROM called 'security chips'. That's why i'm using Lenovo at the moment. I also use RAM and HDD encryption running Linux on AES Capable CPU. I guess anyone to decrypt my laptop... well except attacking me with a gun, it's almost impossible!
You do know that Lenovo is IBM right? IBM sold their PC and Laptop divisions to Lenovo. The only thing that's changed is who's name is printed on the device.
GGigabiteM Yes of course. I'm having a Lenovo Twist, great laptop except that the wireless card does not support injection. It even come with a GPS aactivatedin the bios to trace it even when it's not on the internet! I tried to remove it, to protect my privacy, but I even couldn't find it on the motherboard! I guest others companies are offering such option, but IBM is quite the most reputed one. I'm finally comfortable with the GPS since I'm operating a system that contain no personal identification. Sensible information, sure, but nothing to identify my-self.
Sonny Champagne Computrace is an option ROM stored in the BIOS chip. The only way to remove it permanently is to decompile the BIOS image, remove the Computrace option ROM and recompile a new BIOS image.
You need specialized tools to do this though and there's the likely possibility you could brick the laptop doing it.
Sonny Champagne who set it up for you?
GGigabiteM 👋
45 mins and not once did he mention a gun to the head is the best way to break encryption of all kinds.
Except for deniable encryption schemes that let you set up a "false key" that when entered, looks like it decrypts the drive but also triggers a wipe of the sensitive information first. Then if you're being tortured, you just give up the false key. Presto, everything looks all well and dandy to the attacker (provided you left *some* less valuable but still secretive information so it doesn't look suspicious) and the really dangerous information is still hidden/destroyed.
Jack Firth I've found out that Julian Assange made an encryption program that does that.
+DigGil3 That makes sense. When your attackers can be assumed to possess the resources to interrogate you, encryption schemes that don't include *some* sort of support for false keys would probably fail abysmally.
Not necessarily, and not necessarily of all kinds. Encryption that works with hidden partitions is possible with TrueCrypt and a few other systems, where it's impossible to create partitions of dummy data and hidden inside those partitions are yet more partitions that are mathematically impossible to prove through disk analysis.
This means "rubber hose cryptography", AKA torture to get encryption keys is somewhat mitigated. Since you can't ever prove you've found the "real" hidden data yet and you can't really indefinitely torture someone. It allows people a chance to survive even a gun to the head if they have the balls to do so.
Once we have the perfect security we just need to keep our heads away a from the confidential data.
Google glasses
Google glasses lol
Is this guy butthurt because he applied for a job at truecrypt and they rejected him or something? Of course tryecrypt isn't going to protect from an attacker kidnapping the user and forcing them to reveal their password, or from somebody putting a hardware keylogger on their keyboard. How would they?
elmateo77
> or from somebody putting a hardware keylogger on their keyboard.
That's why we have things like Yubikey. Then again, I have 2 passwords, both decrypt but the latter will remove anything potentially sensitive. This _can_ pose a problem if the user AKA me, has had one too many brews! :)
elmateo77 those are actual concerns regarding authentication. Yes, you know the password, but if the police threatens you with violence or jail time or fines or whatever, the password is useless. In fact, because encryption technology is typically "better" than decryption counter technology, governments have gone with the path of least resistance - threatening punishments, waving 'warrants' in your face, etc
It's all an arms race.
+James Bos And Yubikey worked so well for Mt.Gox, Didn't it?
Wiping my disk by typing in the wrong password? Sure, why not!
James Bos will it help from making full byte image of the disk?
pgp
Wow. Honestly, I'm not trying to be a jerk here, but if there was ever a guy needing to get laid, this is him. Also, 5mins in it seams his whole thesis is based on software encryption not good enough for physical attacks. Well thank you captain obvious! Hello? Common sense calling? It kind of makes the last 40mins of this talk pointless. Who in their right minds is saying to themselves, "Gee, I'm going to install TrueCrypt because I think someone's going to sneak into my bedroom at night and hot wire around my security"
'I'm not trying to be a jerk here'
You must be naturally very gifted then.
Why does one install TrueCrypt then?
Jupiter Nine shut up, fed
Jupiter Nine yrah