[cryptography] airgaps in CAs

Steven Bellovin smb at cs.columbia.edu
Mon Jan 9 09:45:52 EST 2012


On Jan 8, 2012, at 11:48 52PM, Alistair Crooks wrote:

> On Sun, Jan 08, 2012 at 09:10:56PM -0500, Steven Bellovin wrote:
>> 
>> On Jan 8, 2012, at 6:29 26AM, Florian Weimer wrote:
>> 
>>> * Eugen Leitl:
>>> 
>>>> Is anyone aware of a CA that actually maintains its signing
>>>> secrets on secured, airgapped machines, with transfers batched and
>>>> done purely by sneakernet?
>>> 
>>> Does airgapping provide significant security benefits these days,
>>> compared to its costs?
>>> 
>>> File systems are generally less robust than network stacks.  USB
>>> auto-detection is somewhat difficult to control on COTS systems.  So
>>> unless you build your own transfer mechanism, a single TCP port
>>> exposes less code, and code which has received more scrutiny.
>> 
>> While I'm uncertain about your precise conclusion -- I know of no
>> attempts to write a USB+file system+OS behavior security sanitizer,
>> so I don't know how easy it is to do -- you're definitely asking
>> the the right question.
> 
> Taken from:
> 
> 	http://www.netbsd.org/docs/rump/
> 
> about Antti Kantee's Runnable Userspace Metaprograms (RUMP) in NetBSD,
> and while (again) this isn't what was asked for, it moves the attack
> point from the kernel to userspace.
> 
> 	Use cases for rump cases include:
> 
> 	[...]
> 
> 	+ security:  rump runs in its own instance in a userspace
> 	process.  For example, it is well-known that all operating
> 	systems are vulnerable to untrusted file system images. 
> 	Unlike on other operating systems, on NetBSD it is possible to
> 	mount untrusted ones, such as those on a USB stick, with an
> 	isolated server.  This isolates attacks and prevents kernel
> 	compromises.
> 

Up to a point.  For one thing, some attacks are easier to launch in
userspace, because it's easier to do things like invoke shells.  More
important, many of the problems are due to higher-level semantics, e.g.,
what happens when you mount the file system -- autorun.inf comes to
mind.  


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list