OK, shall we savage another security solution?

Anyone know anything about the Yoggie Pico (www.yoggie.com)?
 It claims
to do much more than the Ironkey, though the language is a
bit less
"marketing-speak".  On the other hand, once I got
through the
marketing stuff to the technical discussions at Ironkey, I
ended
up with much more in the way of warm fuzzies than I do with
Yoggie.

 							-- Jerry

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Hi Jerry,
 
On Tuesday, September 18, 2007, at 07:24PM, "Leichter,
Jerry" <leichter_jerroldemc.com> wrote:
>Anyone know anything about the Yoggie Pico
(www.yoggie.com)?  It claims
>to do much more than the Ironkey, though the language is
a bit less
>"marketing-speak".  On the other hand, once I
got through the
>marketing stuff to the technical discussions at Ironkey,
I ended
>up with much more in the way of warm fuzzies than I do
with Yoggie.

Here's another secure USB flash drive: <h
ttp://www.kingston.com/flash/DTSPdemo/eval.asp> with
minimal marketing-speak.

Regards,
Aram

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On 18 September 2007 23:22, Leichter, Jerry wrote:

> Anyone know anything about the Yoggie Pico
(www.yoggie.com)?  It claims
> to do much more than the Ironkey, though the language
is a bit less
> "marketing-speak".  On the other hand, once I
got through the
> marketing stuff to the technical discussions at
Ironkey, I ended
> up with much more in the way of warm fuzzies than I do
with Yoggie.
> 
>  							-- Jerry

  Effectively, it's just an offload processor in fancy
dress.

  It relies on diverting all your network traffic out to the
USB and back just
before/after the NIC, which it presumably has to do with
some sort of filter
driver, so it's subject to all the same problems vs. malware
as any desktop
pfw.

  Unless your box is so overloaded that the pfw is starved
of cpu cycles, I
can't see the use of it myself.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

| >Anyone know anything about the Yoggie Pico
(www.yoggie.com)?  It
| >claims to do much more than the Ironkey, though the
language is a bit
| >less "marketing-speak".  On the other hand,
once I got through the
| >marketing stuff to the technical discussions at
Ironkey, I ended up
| >with much more in the way of warm fuzzies than I do
with Yoggie.
| 
| Here's another secure USB flash drive:
| <h
ttp://www.kingston.com/flash/DTSPdemo/eval.asp> with
minimal
| marketing-speak.
This is a representative of yet another class of
"secure" USB devices:

	- The Kingston encrypts data stored on it.  (Note that you
		have to enter the decryption key from the system
		keyboard when you plug the thing in.  If your threat
		scenarios include usage in a compromised system, this
		is not the device for you.

	- The Ironkey does the same thing - though they don't
emphasize
		that aspect of things; such devices are pretty common.
		(There are a bunch of companies that have USB memory
		sticks with fingerprint sensors.  Who knows how easy
		they are to spoof - likely not very).  Ironkey's claim
		to fame is that it also acts as a key store that can be
		used with on-device programs like a browser and to
		connect to a Tor network.  In this configuration -
		assuming it's implemented correctly - you can have a
		secure connection to a remote site even if you plug the
		USB into a compromised machine.  (Of course, this
		doesn't solve the whole problem: You have to use the
		machine for I/O.  The network traffic is secured between
		the remote endpoint and the program in the key, but the
		path from the key to the keyboard and screen is
		unsecured.  A sophisticated attack could sniff or modify
		the keyboard stream and replace the on-screen data.
		We're probably talking about a highly targetted attack
		here to get any useful information that way.  Certainly
		possible, but a lot harder than simply sniffing the
		password used to unlock the on-device memory and/or
		copying all the contents once they've been unlocked.)

	- The Yoggie is kind of a fancy firewall in a USB stick. 
I
		don't think there's any user-writable memory in it -
		certainly not for files, probably not even for
		secure storage of passwords.

Historically, NSA has apparently never liked software
implementations of
cryptography - they wanted protected hardware.  Such
hardware has been
prohibitively expensive until quite recently.  These devices
show that
the price of such hardware is no longer a problem:  We can
build very
secure, very small pieces of hardware for not a lot of
money.  What to
*do* with those hardware capabilities is another question. 
It's not
easy to fit them safely into systems - and what problems can
they solve
in those systems.  Kingston and many other similar devices
are a great
solution to a problem very real problem:  When my 2GB memory
stick falls
out of my pocket, have I just given away 2GB of highly
sensitive data
to anyone who finds the thing?  They are *not* any kind of
solution to
the "how can I access my data safely on a
possibly-compromised system"?

The Ironkey guys have attacked a broader problem, and while
they haven't
completely solved it - it's not clear any solution exists! -
they've
provided a capability that is potentially useful.  (They
aren't unique -
people have built a bunch of devices that are basically
outboard
Linux boxes that rely on a guest box to provide network
connectivity,
a keyboard, and a screen.  But they have a commercially
available low-
cost product.)

If you think about this in general terms, we're at the point
where we
can avoid having to trust the CPU, memory, disks, programs,
OS, etc.,
in the borrowed box, except to the degree that they give us
access to
the screen and keyboard.  (The problem of securing
connections that
go through a hostile intermediary we know how to solve.) 
The keyboard
problem is intractable, though it would certainly be a step
forward
if at least security information didn't go through there. 
This could
be done either by having a small data entry mechanism on the
secure
device itself, or by using some kind of challenge/response
(an LCD
on the device supplies a random value - not readable in any
way by
the connected machine - that you combine with your password
before
typing it in.)  Maybe HDMI will actually have some use in
providing
a secure path to the screen?  (Unlikely, unfortunately.)

							-- Jerry

| 
| Regards,
| Aram
| 
|
------------------------------------------------------------
---------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
| 
| 

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On Wed, 19 Sep 2007 09:29:53 +0100
"Dave Korn" <dave.kornartimi.com> wrote:

> On 18 September 2007 23:22, Leichter, Jerry wrote:
> 
> > Anyone know anything about the Yoggie Pico
(www.yoggie.com)?  It
> > claims to do much more than the Ironkey, though
the language is a
> > bit less "marketing-speak".  On the
other hand, once I got through
> > the marketing stuff to the technical discussions
at Ironkey, I ended
> > up with much more in the way of warm fuzzies than
I do with Yoggie.
> > 
> >  							-- Jerry
> 
>   Effectively, it's just an offload processor in fancy
dress.
> 
>   It relies on diverting all your network traffic out
to the USB and
> back just before/after the NIC, which it presumably has
to do with
> some sort of filter driver, so it's subject to all the
same problems
> vs. malware as any desktop pfw.
> 
>   Unless your box is so overloaded that the pfw is
starved of cpu
> cycles, I can't see the use of it myself.
> 
If done properly -- i.e., with cryptographic protection
against new
firmware or policy uploads to it -- it's immune to host or
user
compromise as a way to disable the filter.


		--Steve Bellovin, http://www.cs.columbi
a.edu/~smb

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

| > If you think about this in general terms, we're at
the point where we
| > can avoid having to trust the CPU, memory, disks,
programs, OS, etc.,
| > in the borrowed box, except to the degree that they
give us access to
| > the screen and keyboard.  (The problem of securing
connections that
| > go through a hostile intermediary we know how to
solve.)  The keyboard
| > problem is intractable, though it would certainly be
a step forward
| > if at least security information didn't go through
there.  This could
| > be done either by having a small data entry mechanism
on the secure
| > device itself, or by using some kind of
challenge/response (an LCD
| > on the device supplies a random value - not readable
in any way by
| > the connected machine - that you combine with your
password before
| > typing it in.)  Maybe HDMI will actually have some
use in providing
| > a secure path to the screen?  (Unlikely,
unfortunately.)
| 
| Would it not be possible to solve the keyboard problem by
allowing a
| keyboard (e.g. USB) to be plugged directly into the
device?
Perhaps.  Public systems usually don't have
"unpluggable" keyboards.
If I have to carry my own, I'm well on my way to just having
my
own portable system (which may be the way things end up
anyway).

							-- Jerry

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On 20/09/2007, Nicholas Bohm <nbohmernest.net> wrote:
> Would it not be possible to solve the keyboard problem
by allowing a
> keyboard (e.g. USB) to be plugged directly into the
device?

Evidian (former Bull Soft) built such a gizmo.
I think this is this:
http://www.wcm.bull.com/internet/pr/rend.js
p?DocId=122881&lang=en

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

* Steven M. Bellovin:

> If done properly -- i.e., with cryptographic protection
against new
> firmware or policy uploads to it -- it's immune to host
or user
> compromise as a way to disable the filter.

Some of the models only have got a single USB connector.  I
can't see
how they can ensure that they are always on the forwarding
path.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

On 24 September 2007 18:50, Florian Weimer wrote:

> * Steven M. Bellovin:
> 
>> If done properly -- i.e., with cryptographic
protection against new
>> firmware or policy uploads to it -- it's immune to
host or user
>> compromise as a way to disable the filter.
> 
> Some of the models only have got a single USB
connector.  I can't see
> how they can ensure that they are always on the
forwarding path.

  The first review I read didn't make it clear, but browsing
the
manufacturer's website and glossy pdfs suggests that there
is indeed only a
single USB connector - but there's an ethernet connector
too.  You use it as
an inline device and leave your normal ethernet NIC
unplugged.  This is what
they refer to as "wired" operating mode, and given
Steven's proviso about
controlling the firmware (and let's hope there's no holes or
overflows in the
web admin interface either...) I think that this mode could
just about be made
secure.

  The alternative, "wireless" mode, which was what
initially I thought it did
all the time, does indeed rely on proxying your network
traffic out over the
usb, then back to the main computer, then out over its own
NIC - and that, of
course, can easily be bypassed.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

* Dave Korn:

>   The first review I read didn't make it clear, but
browsing the
> manufacturer's website and glossy pdfs suggests that
there is indeed only a
> single USB connector - but there's an ethernet
connector too.  You use it as
> an inline device and leave your normal ethernet NIC
unplugged.  

The models in the shape of a USB stick haven't got a USB
connector, at
least according to the spec sheet.

> This is what they refer to as "wired"
operating mode, and given
> Steven's proviso about controlling the firmware (and
let's hope
> there's no holes or overflows in the web admin
interface either...)
> I think that this mode could just about be made
secure.

Some malware queues captured data and transmits it when a
network
connection is available again.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com