creating a secret-carrying box

Discussion in 'Java' started by Roedy Green, Jan 8, 2013.

  1. Roedy Green

    Roedy Green Guest

    The closest thing I have found to what I want is a Kanguru AES
    Encrypted Flash drive. I key a password to open it. I can then fill
    it will secret files which are hardware-encrypted. Then I close it and
    nobody can read the files without the password.

    HOWEVER, when I take it to another machine, enter the password, it
    opens up, but TOO open. ANY app can read it, including spyware.

    I am curious about how you might design such a beast without that
    problem.

    It would be open, but only to one APP. That one app might have to
    jump through hoops to retrieve or change data.

    One idea I had was to put a little linux OS on the flash drive that
    talked HTTPS. It would be like a portable secure server. The app
    could pass through a password over HTTPS keyed in. All its
    communications would be encrypted.

    Another idea I had was to run the app inside the USB drive, and have
    it talk to a device driver that would display and accept keystrokes
    and mouse strokes for it.

    Another related idea was putting some private keys in inaccessible
    ROM, and a CPU that could encrypt/decrypt.
    --
    Roedy Green Canadian Mind Products http://mindprod.com
    Students who hire or con others to do their homework are as foolish
    as couch potatoes who hire others to go to the gym for them.
     
    Roedy Green, Jan 8, 2013
    #1
    1. Advertising

  2. Roedy Green

    Arne Vajhøj Guest

    On 1/7/2013 9:00 PM, Roedy Green wrote:
    > The closest thing I have found to what I want is a Kanguru AES
    > Encrypted Flash drive. I key a password to open it. I can then fill
    > it will secret files which are hardware-encrypted. Then I close it and
    > nobody can read the files without the password.
    >
    > HOWEVER, when I take it to another machine, enter the password, it
    > opens up, but TOO open. ANY app can read it, including spyware.
    >
    > I am curious about how you might design such a beast without that
    > problem.
    >
    > It would be open, but only to one APP. That one app might have to
    > jump through hoops to retrieve or change data.
    >
    > One idea I had was to put a little linux OS on the flash drive that
    > talked HTTPS. It would be like a portable secure server. The app
    > could pass through a password over HTTPS keyed in. All its
    > communications would be encrypted.
    >
    > Another idea I had was to run the app inside the USB drive, and have
    > it talk to a device driver that would display and accept keystrokes
    > and mouse strokes for it.
    >
    > Another related idea was putting some private keys in inaccessible
    > ROM, and a CPU that could encrypt/decrypt.


    I believe the simplest way is to change from file system
    level encryption to app encryption.

    Now you have some data encrypted on disk, but when you enter the
    password the file system automatically decrypt for all access
    both the desired app and other apps.

    If it is a normal file system but with files encrypted and
    decryption being done by the app decrypting, then other apps
    can not read the data directly.

    There may still be some risk that they hook into the app
    that knows how to decrypt.

    Arne
     
    Arne Vajhøj, Jan 8, 2013
    #2
    1. Advertising

  3. On Mon, 07 Jan 2013 18:00:07 -0800, Roedy Green wrote:

    > The closest thing I have found to what I want is a Kanguru AES
    > Encrypted Flash drive. I key a password to open it. I can then fill
    > it will secret files which are hardware-encrypted. Then I close it and
    > nobody can read the files without the password.
    >
    > HOWEVER, when I take it to another machine, enter the password, it
    > opens up, but TOO open. ANY app can read it, including spyware.
    >
    > I am curious about how you might design such a beast without that
    > problem.
    >
    > It would be open, but only to one APP. That one app might have to
    > jump through hoops to retrieve or change data.
    >
    > One idea I had was to put a little linux OS on the flash drive that
    > talked HTTPS. It would be like a portable secure server. The app
    > could pass through a password over HTTPS keyed in. All its
    > communications would be encrypted.
    >
    > Another idea I had was to run the app inside the USB drive, and have
    > it talk to a device driver that would display and accept keystrokes
    > and mouse strokes for it.
    >
    > Another related idea was putting some private keys in inaccessible
    > ROM, and a CPU that could encrypt/decrypt.


    If the drive sends file contents unencrypted to the PC, once the password
    has been sent to it, then untrusted apps on the PC can read the drive. So,
    you'll need the data to be encrypted in one way or another all the way into
    the application you're using it in.

    Furthermore, you will need the PC's operating system and all other
    kernel-mode code on it to be trusted, as well as the application.
    Kernel-mode code can see the contents of the application's address space,
    including the data post-decryption, and can also do things like keylogging
    while you type in the password.

    Your options, as I see them:

    1. Only use it from a specific, trusted PC with clean installs of
    everything, minimal stuff installed, and preferably no network
    connection. Malware either can't get on it or can't phone home
    with what it saw.

    2. More elaborate: use drive with trusted PC that runs some sort of server.
    Less-trusted PC connects to trusted PC via HTTPS or other encrypted
    protocol. So, data is encrypted entering less-trusted PC. Both machines
    are behind a firewall that will not accept traffic routed to or from the
    trusted PC, so the trusted PC can't talk to the internet directly (or be
    hacked from it). The semi-trusted PC runs a vetted Linux kernel and
    kernel modules, and use of the HTTPS connection is done from an
    unprivileged account. That account isn't used for anything else and its
    home directory is mounted on a ram drive so anything not saved to the
    encrypted drive evaporates every time that machine is reset, limiting
    the ability of any malware that infects that account to record anything
    for phoning home later. Disconnect the internet before using the drive
    and reboot before reconnecting the internet, and malware can't preserve
    anything to phone home with. Or, disable networking privileges for that
    account (launch a browser sudo root if you need to consult google, or
    use your phone or pad or a third computer).

    --
    Hexapodia is the key insight.
     
    Twirlip of the Mists, Jan 8, 2013
    #3
  4. Roedy Green

    Roedy Green Guest

    On Mon, 7 Jan 2013 23:12:47 -0500, Twirlip of the Mists
    <> wrote, quoted or indirectly quoted
    someone who said :

    >can also do things like keylogging
    >while you type in the password.


    The Kanguru people came up with a clever dodge. You can key the
    password with your mouse. But the virtual keyboard mutates, so even if
    a snoop logs mouse click positions it gives him nothing. He would have
    to trap screen contents as well. When you start thinking about a
    properly fiendish opponent, it all becomes hopeless.

    The most common snoop is a keyboard logger hidden inside the keyboard
    where no software security check can find it.

    It gets rather amusing. What I have inside my flash drive are files
    full of true random numbers, for one-time pad encryption. So it is
    sort of nuts to protect them with a lower quality encryption.

    Every type of attack you can fend off makes it more costly for some
    third party to snoop.

    If you getting serious, you might install Linux from purchased CD and
    never attach the machine that does any encrypting/decrypting to the
    Internet or to a LAN. It would be like the machines the certificate
    companies use to guard their master private certificate keys.
    --
    Roedy Green Canadian Mind Products http://mindprod.com
    Students who hire or con others to do their homework are as foolish
    as couch potatoes who hire others to go to the gym for them.
     
    Roedy Green, Jan 8, 2013
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ani
    Replies:
    1
    Views:
    385
    Mike Moore [MSFT]
    Oct 28, 2003
  2. ani
    Replies:
    1
    Views:
    328
    Stephan Bour
    Oct 28, 2003
  3. JezB
    Replies:
    5
    Views:
    581
    Rick Spiewak
    May 26, 2004
  4. tshad
    Replies:
    5
    Views:
    450
    Scott M.
    May 13, 2005
  5. jamezw

    Session not carrying over

    jamezw, Jun 21, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    439
    Bruce Barker
    Jun 21, 2005
Loading...

Share This Page