[Freedombox-discuss] Encrypted root file systems with Mandos

[Björn Påhlsson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 03/04/2012 08:50 PM, James Vasile wrote:
> The need to enter a key on a headless FreedomBox on reboot has been
> a sticking point on encrypting the fs.  Mandos sounds like a move
> in the right direction.  As an initial matter, FreedomBoxes should
> stand alone (e.g. the key should be on board), but maybe once some
> friends are connected in, dispersing the key (in chunks) to some
> friends with good uptime means you'll be able to retrieve the
> chunks and reassemble them to allow a reboot.  This should happen
> free of user intervention or else FreedomBoxes will be vulnerable
> to reboot DOS attacks.  Obviously this would only be useul to a
> subset of FreedomBox users.
> 
> One question I have is how the booting box authenticates to the 
> key-serving box?  Why does key transfer happen at home but not in a
> lab? Some FreedomBoxes will undoubtedly move with their owners from
> home to dorm to hotel to office.  How does Mandos know it has not
> been captured?
> 
> Regards, James
> 

The answer is a bit complicated, so I will elaborate below after a
quick summary. I have yet to find a good setup for a sole FreedomBox
with no second computer. There are possibilities and I hope ideas get
made, but my goal now is to get the already working code to also work
on this platform.

So the more complex and long answer. The setup with two encrypted
machines in the same room, connected in a local network, has two basic
security properties. First, if both are brought to a lab, A can not
send key to B, and B can not send key to A if both are offline. One of
the machines need to be online to keep the exchanging of key going,
and given the human nature of theft or property apprehending, its very
likely both machines will be taken offline. It is a hack, but the goal
was from the beginning to allow disk encryption to those who would
otherwise run unencrypted servers out of practical reasons.

The other method the key-serving machine asses the authentication of
the client is to keep a close eye on it (any kind of secure heart-beat
system works, default is ping + ipsec). Reboots are quite mechanical
in nature, so the expected downtime can be assumed as small. If the
client goes unexpectedly down too long, the server require manually
confirmation before sending the password.

To bring this to a scheme with lone server connected to peers, the
setup need to be rethought. Its possible that one could rely solely on
the heart-beat system for regular reboots, and then use manually
confirmation by your friends as a fall back or when moving the
machine, but I am uncertain if the drawbacks are not too large even
for the more security aware users. It is also possible to use a smart
phone as key-server, but I am not sure its wise to put your security
there.

/Björn Påhlsson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREDAAYFAk9T9acACgkQC+Cq+bUsy1IBRACfciYL87oxNZ9QQ4nJ9LSFCrhX
0ZIAn3xgJQMFp+pJmK9KKkM/CqYKaDBa
=E9MK
-----END PGP SIGNATURE-----