Possible data leakage from OpenBSD workstation

[alex_b83]

State agencies can retrieve data from your internet connected OpenBSD workstation.

Do you care about it?

Would you use additional air gapped computer to handle your personal data?

[Oko]

Of course state agencies can retrieve data from my OpenBSD workstation even more so from my other Internet devices (TV, Blue-ray player, Kindel devices, Android phones). Personally I have nothing to hide from those agencies who have the technical knowledge and resources (millions of dollars) to break into my OpenBSD workstation. I am more scared that my data (social security, credit curd numbers and alike) can be leaked from my Android phone or from the computers of my dentist, doctors, and alike by a non skilled crook with a laptop.

I am somewhat familiar with those "additional air gapped" computers and I am 100% sure that neither you nor anyone else on this forum (or even people whom you ever meet) have any access to such technology.

[Head_on_a_Stick]

Quote:

Originally Posted by alex_b83

air gapped computer

I take it you didn't hear about the malware propagated by sound waves then?
http://arstechnica.com/security/2013...jumps-airgaps/

Of particular interest from that article:

Quote:

A computer running the Open BSD [sic] operating system also began to modify its settings and delete its data without explanation or prompting.

I hope the item is FUD but...

[jggimi]

Quote:

Originally Posted by alex_b83

State agencies can retrieve data from your internet connected OpenBSD workstation.

Define the word retrieve. Without context, this isn't a meaningful claim.

1. Any device with an Internet address* will have its communications partially or completely recorded, passively. This isn't news, and in some jurisdictions is a regulatory requirement.
2. Any device with an Internet address* is under a constant barrage of active probes. Whether those probes are from services the device normally communicates with, state actors, or the neighborhood script kiddie is immaterial. How the device responds to these probes is material. Some of these probes are benign. Others are evil. (Sometimes, the determination of benign or evil is entirely subjective. )

I manage multiple OpenBSD systems which are directly connected to the Internet. They respond to probes -- benign or evil -- the way I direct them to, pursuant to policies I have defined in pf.conf(5).

---

* This excludes devices residing on private networks, which may be "behind" a NAT router -- but includes any such router, as it is Internet facing.

[e1-531g]

Quote:

Originally Posted by Oko

Of course state agencies can retrieve data from my OpenBSD workstation even more so from my other Internet devices (TV, Blue-ray player, Kindel devices, Android phones).[..] those agencies who have the technical knowledge and resources (millions of dollars) to break into my OpenBSD workstation.

You misspelled the word. It should be billions

Quote:

Originally Posted by Oko

I am more scared that my data (social security, credit curd numbers and alike) can be leaked from my Android phone or from the computers of my dentist, doctors, and alike by a non skilled crook with a laptop.

+1

Quote:

Originally Posted by jggimi

I manage multiple OpenBSD systems which are directly connected to the Internet. They respond to probes -- benign or evil -- the way I direct them to, pursuant to policies I have defined in pf.conf(5).

I think small groups (not all people, not even one tenth) inside the state agencies of USA and China have technology to break in to OpenBSD on modern PCs too, even if they are managed by professional. And other operating systems like Solaris and networks of computers of differential, diverse operating systems. Some security researchers made me to belive in that. For example:
Loic Duflot's and Yves-Alexis on remotely attacking network cards.
http://www.ssi.gouv.fr/uploads/IMG/p...etworkcard.pdf
and some articles from this domain:
http://theinvisiblethings.blogspot.c...rnels-and.html

[sacerdos_daemonis]

Quote:

Originally Posted by alex_b83

State agencies can retrieve data from your internet connected OpenBSD workstation.

There is always the potential for someone to break into a system via the internet. If one has files that one wants to remain secret, the solution is to not store them on a computer with internet access. If I was in possession of files I did not want government agencies to discover, I would hide them, not put them somewhere that those agencies can easily find and try to protect them from unwanted access. Many people think about security the wrong way. Treat data the same way as as a person. If someone does not want to be taken into custody, which is better; living in the open and surrounding oneself with security measures or hiding from the authorities?

[jggimi]

Quote:

Originally Posted by e1-531g

... attacking network cards.
http://www.ssi.gouv.fr/uploads/IMG/pdf/csw-trustnetworkcard.pdf[

I'm lucky then, because my NICs do not have out-of band controls, so there is no external hardware management layer to be co-opted. That particular attack vector does not exist on my hardware.

Does that mean my systems are 100% "secure"? No, there are no guarantees. Attack vectors might exist of which I am unaware. And threats are ever evolving.

I've not stated this often enough, so I'll state it again:

Security is not a product. Security is not something you can buy, or something you can download and install, or something you can turn on, or something you can enable.

Instead, security is a process: of applying risk mitigations based on risk awareness, and the process must evolve as one's scope of awareness changes. The hard part is ensuring one's risk awareness remains accurate, meaningful, current, and appropriate.

[alex_b83]

Quote:

Originally Posted by Oko

Personally I have nothing to hide from those agencies who have the technical knowledge and resources (millions of dollars) to break into my OpenBSD workstation.

Agencies' technical knowledge allows access to the PC below the OS level, so they can compromise OS using:

1. vulnerabilities in devices' factory firmware;
2. SMM-based rootkits that persist in BIOS;
3. hidden features of Intel AMT, Management Engine (see chapter 4).

Is there open & secure hardware that can be verified & trusted to?

[alex_b83]

Quote:

Originally Posted by jggimi

Define the word retrieve. Without context, this isn't a meaningful claim.

SMM-based rootkit loads from infected BIOS at early boot stage and gains additional privileges via SMM.
Then rootkit can prepare environment suitable for spying, before OS kernel gets loaded into RAM.
After that, OS kernel code can be changed by rootkit to allow attacker to retrieve:

1. files from your PC, for example GnuPG keys;
2. screenshots;
3. keystrokes.

Quote:

Originally Posted by jggimi

How the device responds to these probes is material. Some of these probes are benign. Others are evil. ...
I manage multiple OpenBSD systems which are directly connected to the Internet. They respond to probes -- benign or evil -- the way I direct them to, pursuant to policies I have defined in pf.conf(5).

An excerpt from Intel Active Management Technology wiki page:

"Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents. Hardware-based management works at a different level than software applications, uses a communication channel (through the TCP/IP stack) that is different from software-based communication (which is through the software stack in the operating system). Hardware-based management does not depend on the presence of an OS or locally installed management agent.

AMT is designed into a secondary (service) processor located on the motherboard, and uses TLS-secured communication and strong encryption to provide additional security. AMT is part of the Intel Management Engine, which is built into PCs with Intel vPro technology. ... AMT provides similar functionality to IPMI, although AMT is designed for client computing systems as compared with the typically server-based IPMI."

OS will not even notice out-of-band hardware-based "probes" directed to the server, and malicious low-level firmware will use this covert channel to transmit stolen data.

[alex_b83]

Quote:

Originally Posted by sacerdos_daemonis

There is always the potential for someone to break into a system via the internet. If one has files that one wants to remain secret, the solution is to not store them on a computer with internet access.

This is exactly what I wanted to say.

[Oko]

Quote:

Originally Posted by alex_b83

Is there open & secure hardware that can be verified & trusted to?

No! Such hardware doesn't exist. There exists secure hardware architectures not known to the public in the possession of a nation state designed for security ground up. They run OS you have never heard off.

[jggimi]

Quote:

Originally Posted by alex_b83

SMM-based ... AMT ...

My Internet-exposed devices don't have these service management capabilities, so these particular attack vectors don't exist. On *those* systems.

I'm typing at the moment on an HP laptop with Intel processors. But this workstation is not on the Internet. At the moment it's not even on an Internet connected network -- my only access to the Internet from my current location is via an HTTP proxy. This limited access also mitigates these out-of-band attack vectors.

If I connect via public WiFi, I must trust that out-of-band management services are not possible.

If I connect an Ethernet cable, it will either be to a network I control, or, to a network I trust.

[alex_b83]

I thank everyone for answers!

[e1-531g]

I would like to add some quotes:

Quote:

Originally Posted by BRUCE SCHNEIER

It’s an interesting question, because while encryption is a very powerful too and very strong, computer security is very weak.

Quote:

Originally Posted by BRUCE SCHNEIER

What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.

Schneier advocated hiding over trying to defend computer systems from NSA, when you are seen as high value target.

[jggimi]

I think you need to put Bruce's comments into context. I could find one of the two. The transcript includes the typo you quoted (too for tool), so I believe I've found the right citation.

In regards to Strong vs. weak, Bruce was differentiating between cryptographic primitives and their implementations in software systems. The ciphers are secure, but their use is often insecure. That's due to the inability of non-cryptographers to take those primitives and design secure cryptographic implementations with them, or for IT applications to be developed and deployed with them.

This particular quote was regarding risk assessment of implementing "back door" facilities into cryptographic systems, which many governments want.

Quote:

AMY GOODMAN: Can you talk, Bruce Schneier, about the backdoors that exist, and especially for a completely lay audience around the world, what we should be concerned about right now, now and also what Britain and the U.S. are considering, what Comey will be testifying about today?

BRUCE SCHNEIER: It’s an interesting question, because while encryption is a very powerful too and very strong, computer security is very weak. We, as scientists, don’t know how to build secure computers. So I can protect the encryption of your phone, but I can’t stop someone from hacking into it. And if you look at what the NSA does, what the Chinese government does, what criminals do, they hack into devices. And that’s something that we’re still very much at risk at. The big breaches you’re seeing are not breaches of encryption. They’re hacking. We know the FBI does hacking.

And a lot of us on the group believe that lawful hacking is the solution to Comey’s problem. Don’t break encryption for everybody, but hack into the computers of just the suspects you want to eavesdrop on. That’s more powerful. That’s something we can’t really prevent. And that gives you, the FBI, the U.K. government, the access you need. And that is both a problem and a solution. We do need to get better at it. I mean, all the breaches you’re seeing show how bad it is, whether it’s Office of Personnel Management; whether it’s a cyberweapons arms manufacturer in Italy, Hacking Team, last week; whether it’s Target or Home Depot or any bank. You know, these are all breaches of computer security from these flaws.

The full transcript is available here.

[e1-531g]

I was and I am still thinking, that this first quote is in regard to hacking, pwning operating systems. I think it mean that not only primitives but also implementation of offline encryption (i.e. symmetric encryption using GnuPG) is so good, that government agencies can not break them, but they can get inside OS that is actually working on encrypted copy of that files.
Second quote is from: How to Remain Secure Against the NSA

[jggimi]

Ah, so the context here is TAO. Their services included -- and may still include -- hardware for deployment both in and near their targets, as well as the software-based vectors we've been discussing.

[jggimi]

Quote:

Originally Posted by e1-531g

I was and I am still thinking, that this first quote is in regard to hacking,..

I don't believe so, as Bruce made reference to publicly discussed breaches where implementation weaknesses were exploited.

Let's use your example of a file using a strong cipher. It's encrypted. Without the keys, a brute force attack would take years, perhaps hundreds or thousands of years.

And that would be true, *if* there was no known plaintext, in whole or in part, within your encrypted file.

Let's suppose, for this example, that the file contains millions of userids and passwords, because you run a public service of some kind, and this is your password database. Let us also assume that you set a password policy that requires at least one upper case character, one lower case character, and at least one number, and a minimum length of 7 characters.

Now, the encrypted file is obtained by an attacker. Its a collection of random bits to them. Or ... is it?

You have, in that file, many passwords with known plaintext, because you have millions of records from end users with userids and passwords.

How many records will have "Password1" in the password field? Probably more than the number of records with "October31" but I'll bet among the millions of records will be thousands of passwords with birthdays, pet names, children's names, and other plaintext that can be predicted. Brute force attacks against that file won't take years. They'll take days or even hours.

Your cipher may be very strong, but two flaws with my example implementation undermine it. The first is a policy weakness -- the password policy permits strings of text, which human beings will fill with words. Most do, in whole or in part. The second is a technology weakness of the application where this file is used -- a single cipher was used for all passwords.

As you may notice from this simple example, passwords are a fairly terrible security weakness, as there is really no such thing as a "strong" password when human beings need to remember them, and risk mitigations (such as unique salts or unique keys for each record) are complicated and difficult to get right.

Many of the publicly disclosed data breaches that we read about were (and still are) attacks against password implementations, which is why I chose this as my example weakness.

[e1-531g]

AFAIK there is not publicly known key obtaining attack on AES256 ciphertext, even if you know whole plaintext, in reasonable amount of time using conventional computer. I understand that NSA employs a lot of mathematicians, so maybe they have it, but even Bruce Schneier thinks, that more probable is that they don't know such method to attack well known symmetric encryption methods. More probable is they know methods to decrypt asymmetric methods for example RSA. And RSA can be easily cracked using quantum computers.
Nevertheless GnuPG can use AES256 in CFB mode and it is considered really good.

I don't know how GnuPG uses passwords, but some other tools use passwords to encrypt key and data is encrypted with key. Data is not encrypted with password, even if user needs to provide it to decrypt data.

[jggimi]

I don't know about AES CFB weaknesses, if any, as I'm neither a cryptanalyst nor a cryptographer. I used the file as a relatively simple example, because you mentioned it. And I will admit that the Ashley Madison user database breach was what I was describing when I wrote my example above, though they used bcrypt rather than AES for their cipher. I tried to pick a simple example of an error of IT deployment, rather than in application or operating system, without regard to the specific cipher.

History is full of ciphers which may have been perfectly fine but were deployed with weaknesses. In particular this seems to happen with networking. I'm sure you have heard about weaknesses in WEP and PPTP. (if not, the links discuss them.) These were encryption systems that had significant implementation errors, though the selected cipher chosen (RC4) for these was perfectly adequate at the time. The cipher was not a factor of their weaknesses, if I recall correctly. It's been a few years since I studied the errors of both when I took a a cryptography class, and I only recall that key reuse was the root weakness with PPTP.

SSH version 1 allowed the communicating parties to select from a suite of ciphers. It's vulnerabilities were all in the protocol itself, and most interestingly to me, a fix for one weakness introduced a new weakness.

My point to all of this? I'm trying to support Bruce's thesis: ciphers can be mathematically inspected. Software has bugs. Our deployments can have mistakes.