| Rich Freeman on 19 Oct 2014 05:44:24 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Offline apps for Chromebook |
On Sat, Oct 18, 2014 at 10:52 PM, Fred Stluka <fred@bristle.com> wrote: > > Interesting. I especially liked this excerpt about fingerprint > scanners and facial recognition as ways to login: > >> ... We expect these devices to be covered in our >> users' fingerprints, so a low-cost fingerprint scanner could actually >> increase the likelihood of compromise. >> ... >> We were able to break into one >> device that used facial recognition authentication software just by >> holding it up to the user's photo. > Yeah, encryption and biometrics don't always work great together. The ChromeOS solution is to use your password as part of the key, which means that the encryption key isn't stored anywhere on the device. Brute-force is limited by the use of the TPM which only processes maybe an attempt per second (part of the key is in the TPM, so doing a faster brute force of the password portion requires extracting it from the hardware). The other approach which is more common in the Windows world is to just encrypt the entire drive (not just each user profile), store the key for that in the TPM, but then use a trusted boot path to secure it. This is a bit like remote attestation except it is local. The firmware hashes the bootloader and adds that to the TPM before running it, the bootloader hashes the kernel before loading it and adds that to the TPM before running it, etc. Then when the program that wants the disk encryption key asks for it the TPM checks the signature chain and only gives up the key if it matches (I have no idea how upgrades work - obviously there has to be some way for the trusted program to tell the TPM to trust the new version). So, this in theory ensures that only the legitimate OS can read the drive contents, and then the legitimate OS can then use whatever authentication system it wishes. Of course, if the OS has an exploit the data of any user might be accessible. The ChromeOS way ensures that if there is an exploit only the data of any currently logged-on users are accessible (of course there is always the risk of keyloggers). In theory Linux supports all of this stuff, but I've yet to see a distro that does so. There is a version of grub which preserves the signature chain in the TPM module, and Linux has support for doing so in the kernel as well, and for accessing the other TPM functions. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug