Re: OTP's

From: Guy Macon (http://www.guymacon.com)
Date: 07/23/04 

Date: Thu, 22 Jul 2004 21:41:24 -0700

Michael Amling <nospam@nospam.com> says...
>
>Guy Macon <http://www.guymacon.com> wrote:
>>
>> Tom St Denis <tomstdenis@iahu.ca> says...
>>
>>>>If you unplug the internet and then boot from your Knoppix CD, it
>>>>doesn't matter whether Knoppix is secure.
>>>
>>>Um, then when you plug the net back in? What SSH/apache/kde/etc
>>>automatically patch themselves?
>>>
>>>Gotcha. Wink Wink.
>>
>> Nope. Not this time. <grin> The Original Poster specified unplugging
>> the internet and then generating his random numbers. Clearly he can
>> unplug the internet, boot Knoppix, generate his random numbers, burn
>> them to CD-R, turn off the computer, then reboot to whatever OS he
>> normally runs. Even if both Knoppix and his regular OS are insecure
>> against internet attacks, the online attacker doesn't know what's on
>> the CDs. He can't get it from Knoppix - no internet connection. He
>> can't get it from the regular OS - the data went poof when the PC was
>> turned off.
>
> Is this secure against firmware modifications, meaning changes made
>to firmware while the susceptible OS is running and connected to the
>Internet? (Note: I don't know how much firmware, if any, there is on
>various brands of PCs.)

I happen to be an expert on the subject of firmware.

No version of Linux and no Microsoft product from NT on uses the
firmware (aka BIOS) for anything other than getting a boot loader
off of the boot device and running it. So once the OS is running,
it does not matter what is in the firmware. (DOS makes extensive
use of the Firmware. Win9X may interact with the firmware in some
situations, but usually not.)

Older PCs have the firmware in ROM, where it cannot be changed.
Newer PCs have it in EEPROM/Flash Memory, which can be changed.
In addition, the Firmware keeps some data (but nothing executable)
in non-volatile RAM - such as which decice to boot from.

The non-volatile RAM is the obvious target. Tell the PC to boot
from the hard disk rather than the CD, and put a modified version
of Knoppix on the hard drive. This will take up a lot of hard
drive space and you might notice that the CD isn't spinning
(especially if you have a noisy CD-ROM drive.)

An attacker could modify the firmware (if it's in EEPROM/Flash) to
make the Knoppix CD spin up as it boots from the modified copy of
Knoppix on the hard drive. This would be very system specific.
The attacker would also want to modify the firmware so that other
CDs boot normally.

>From a practical standpoint, this would be almost impossible to do.
I was a fully qualified PC service technician before I became an
engineer and I still have a hard time adding another OS to a system
that already has an OS that uses the entire hard disk. I shudder at
trying to do it over the Internet, especially without the user
noticing.

If the above attack is a concern, an obvious countermeasure would be
to unplug the hard drive. Better yet, use an old 486 with a ROM
BIOS/Firmware that cannot be changed and with no hard drive - just
a CD-R drive. Boot from the Knoppix CD, save to a CD-R or to a
floppy.
   

-- 
Guy Macon, Electronics Engineer & Project Manager for hire. 
Remember Doc Brown from the _Back to the Future_ movies? Do you 
have an "impossible" engineering project that only someone like 
Doc Brown can solve?  My resume is at http://www.guymacon.com/

Relevant Pages