Mobile Device Security, Was: Re: Dell BIOS DoS

["Karsten W. Rohrbach" <karsten () rohrbach de>]

Ross Draper(Ross.Draper () musicradio com)@2003.12.09 20:08:31 +0000:
> I agree with your points Jon, but lets be fair here, BIOS passwords do
> have a use - especially on laptops.

They will prevent a certain subset of individuals from starting your
laptop.

x86 BIOSes nowadays are modularized and contain quite a lot of modules to
boot from PCMCIA/CardBus devices or even FireWire. They can netboot,
etc. What they apparently cannot do is check the presence of a USB
token and challenge it for a signature, but this would be an option to
get rid of vendor master passwords and such. Deliver two keys with the
box, store one in a safe location, that's it.

On PowerPC the systems are booted through OpenFirmware, which is even
more complex. On Apple machines the boot ROM contains a graphical
selector for boot devices which has mouse support. On a Mac you do
not have any password protection, although it would be possible to
implement. Apple try to solve the security situation with FileVault
(encrypting the contents of your home directory), but data is not stored
exclusively in the user's home directory.

The main question is: where is the real point of attack?
Answer: there's not just one threat, there are several.

Imagine someone stealing your laptop which is ssecured with some sort of
password. He rips apart the chassis, pulls out the harddrive and takes
the data he's after, no matter how your boot protection looked like.

The crypted harddrive issue is a different one. It also has a lot of
weaknesses, although it is probably more secure in terms of data theft
than any other method for securing mobile devices. The point here is,
that an attacker would break into the running system, thus circumventing
boot protection.

Even worse: what if the attacker stole your token to unlock the drive
crypto? You'd be having no useable laptop at all.

What's missing is true platform integration, which appears quite hard to
do. Boot ROM modifications, HD crypto, software crypto, screensaver
passwords are only one part of the story.

What I'd prefer for mobile use is a system comprised of hard-, firm- and
software that plays together, not side-by-side. Surely, this integration
might increase the attack surface, but it would be capable of delivering
the set of features needed on a mobile unit, protecting the "cold"
(switched-off) device as well as boot stage and running system.

Just a few way unsorted thoughts...

Regards,
/k

-- 
> Beware of bugs in the above code; I have only proved it correct, not
> tried it. --Donald Knuth
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x