joeyh

joeyh at

Does LUKS defeat the NSA's IRATEMONK? That depends on what the evil firmware is doing.

  1. It could listen for a particular pattern of traffic. Ie, a write at minutes 3, 1, 4, 1, 5, 9 ... Once it's sure it's detected the traffic pattern, it could destroy the disk. This could be triggered by eg, hitting a web server at specific times and letting it log. LUKS would be unlikely to defeat this unless it writes all the time or delays writes.

  2. It could pretend that the 6 tb drive is a 2 tb drive, and log every write. So things you think you've deleted, are not deleted. While the log would still be of LUKS encrypted blocks, the key can be obtained later. (See relevant xkcd involving wrenches.)

  3. It could listen for a particular pattern of write traffic and then redirect the next read to deliver other data than the OS requested. Use the method in 1. to trigger, and the web server eventually replies with the LUKS header. Which the NSA can then feed into the supercomputer farm which I understand is down the road from me in Oak Ridge TN, and get to work on brute forcing the keys.

  4. It could wait until day N or load cycle N and brick the drive. Hey, if the evil non-US persons are using our technology, at least it should be a worse version than we have, right?

  5. It could generate head movements that allow disk traffic to be intercepted via acoustics by a van in the street with a directional mic. Possibly triggered by 1. Would still be encrypted if LUKS is used, but now you're really a target for wrench-based followup.

  6. It could wait until reboot N and suddenly the computer is booting into HOMELANDOS and becomes a NSA interception point for all network traffic as well as dumping its entire encrypted partition out the network to be retained forever, since only terrorists use encryption. (Note that HOMELANDOS may helpfully run your real system under virtulization, so you can continue to use the computer.)

These all seems doable, and they're what I could come up with in 5 minutes. I guess the NSA has been working on this longer and with more expertise.

~~ To any NSA and FBI agents reading my posts: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example. ~~

Jakukyo Friel, Mike Linksvayer, jrobertson, Charles Stanhope and 2 others likes this.

Christopher Allan Webber, joeyh shared this.

Show all 5 replies
Or 0) intercept the initial key via the keyboard and motherboard's EC, rendering the rest moot.  An alternative would recognize LUKS and replace it as the CPU boots off it.  Also, the NSA isn't the one who makes the disk and its initial firmware.

jasonriedy@fmrl.me at 2015-02-18T20:27:23Z

Yeah, short of writing your own completely custom bios + keyboard firmware and then assuming that there's no below-firmware-firmware there's nothing you can do about that.

tekk at 2015-02-18T21:00:30Z

X11R5 likes this.

@tekk to avoid write caching, the attacker can hit random urls on the web server. Should work as long as it's serving actual files from disk. May need to make strategic use of subdirectories to avoid VFS caching. Or, just make the period be hours, not minutes, so caches go stale.

I also wonder about attacks involving DMA...

joeyh at 2015-02-18T22:01:34Z

tekk likes this.

Another example of the classic "I want to show that I approve of this message but that message is horrible"...

tekk at 2015-02-19T01:08:52Z