[OpenAFS-devel] openafs - proposed cache security improvement

Sean O'Malley omalleys@msu.edu
Sun, 1 Apr 2007 02:54:10 -0400 (EDT)


On Sat, 31 Mar 2007, Sean O'Malley wrote:

> On Sat, 31 Mar 2007, Jim Rees wrote:
>
> > I didn't understand most of your message.  But without tamper resistant
> > hardware, I don't see how you can protect the user key.  If I store the key
> > in my iPod, can't someone just copy the key?
> >
> > Tamper resistant hardware allows you to use a private key if you know the
> > PIN, but does not allow you to read the key.  A couple of important
> > advantages are that a thief needs both the hardware and the PIN, and that
> > the theft is apparent because the physical device, not just the data
> > contained in it, must be stolen.
>
> If you just use a USB keychain, then you can just steal the files.
>
> If you use the iPod, and use the hardware serial number, it becomes
> pseudo tamper resistant.
>
Actually we can 1 up this. Because the iPod actually -has- an interface
for security and for entering stuff like passwords for volume control.
If you can tap that interface... then you could actually enter in a number
and have it unlock the container directly from the iPod in combination
with the hardware serial. If you can't maybe you can steal something like
the volume control password and use it as part of the key the container..

It seems like I discussed this a couple of years ago somewhere.
I'm getting weird deja vu feelings about requesting this functionality
already. This feels like a recycled idea..

--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------