1993-12-07 - Security of Secure Drive

Header Data

From: edgar@spectrx.saigon.com (Edgar W. Swank)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: cca4127d84e6e603100f94bef24123e03b679423fb1142932ae49b16b9b5e028
Message ID: <4Ns7Dc2w165w@spectrx.saigon.com>
Reply To: N/A
UTC Datetime: 1993-12-07 12:30:19 UTC
Raw Date: Tue, 7 Dec 93 04:30:19 PST

Raw message

From: edgar@spectrx.saigon.com (Edgar W. Swank)
Date: Tue, 7 Dec 93 04:30:19 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Security of Secure Drive
Message-ID: <4Ns7Dc2w165w@spectrx.saigon.com>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern commented:

    > No more Steve Jackson Games cases. I hope this happens.  Computer
    > theft and unreasonable seizure is a real problem.

    As far as I know, a system like SecureDrive, KFS, or CFS, is
    really only as secure as the running machine is.  Generally, when
    a BBS is 'seized' (forfeited?  ;), it is running when the feds get
    there.  Right now, if they have any clue (and from what I hear,
    the FBI has much more of a clue than the SS when it comes to this
    type of investigation), they usually take pictures of the setup to
    make sure they can put the machine back together when they get it
    to wherever they are taking it to.  If encrypting file-systems
    become a problem, a disk could be developed (probably pretty
    easily) to retrieve the key from memory before they power it down.


    andrew
    "Touch that keyboard and die!!"

It's fairly easy to provide a TSR on MSDOS systems to either block
booting from the keyboard or force a memory clear on reboot. I found
these examples on local BBS's:

NOFBOOT.ZIP      2647  08-28-91  Version 1.0 of Padgett Peterson's NOFBOOT.
                                 NoFBoot is a small (500  byte) TSR designed
                                 to prevent inadvertant  booting from a
                                 floppy disk.  It will intercept warm boot
                                 requests (Ctrl-Alt-Del) and check for a
                                 floppy in drive A:  before continuing.  If
                                 a floppy is found in drive A, the request
                                 will be aborted  with  a warning message.
                                 With NoFBoot, a cold  start  (reset button
                                 or cycle power) will be necessary to boot
                                 from a floppy.

BLK213.ZIP      17931  09-22-93  BootLock 2.13 09/06/93 BootLock allows you to
                                 lock out the use of [CTRL][ALT][DEL],
                                 [CTRL]C, and/or [CTRL][BREAK]. New version
                                 can be loaded as a Device Driver or TSR. You
                                 can also define a "user defined" key to lock
                                 out. BootLock can be unloaded and Loaded into
                                 Hi Memory. Shareware registration form and
                                 manual included. From Foley Hi-Tech Systems
                                 (ASP).
                                 (Files: 6 Newest: 09-06-93 Oldest: 03-05-92)

NOCADEL.ZIP     24234  07-07-93  No Boot on control-alt-delete. Simple util
                                 helps disable key boot sequence. Source
                                 included.
                                 (Files: 6 Newest: 02-07-93 Oldest: 02-06-93)

The BBS program should also be patched to re-boot instead of returning
to MSDOS on exit, and should not provide a DOS Shell.  If the FBI
agent is allowed access to an MSDOS command line, he can run a program
which will "fish" out the Secure Drive encryption key from memory.

Note that the pass phrase cannot be reconstructed from the key in
memory and its crypto difficult to reconstruct -any- pass phrase which
would duplicate the key (MD5 is a 1-way function).  But it would be
easy to construct an alternate to LOGIN which would insert the key
into SECTSR directly using hex input.

So it would be a good security practice to provide for an "emergency"
power-off in event of a "surprise" raid.  A foot switch is good for
situations when the operator is present.  This can be activated while
one's hands are in the air. Turning off power upon activation of a
burglar alarm is a good solution for unattended situations.

--
edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






Thread