Monday, May 01, 2006
file recovery, secure erasure, and privacy
post in progress...
Securely erasing a file is not as straightforward as you may think. With the use of journaling file systems, a copy of the data is stored in the journal before committing to the final area on the disk. This vastly improves the performance of the disk writes but now there are essentially 2 places that would need to be expunged to accomplished the erasure. Unfortunately it is not very feasible to erase the journal. Over time the journal will be overwritten as commits are pumped though it but you really cannot be guaranteed that you will overwrite every area sufficiently in a known amount of time.
A good start to reduce this problem is to:
1) not use a journaling file system
2) use a plug-in encrypted file system that is layered on top of the journaled file system; or use a secure container created within the file system; or just using a native encrypted file system.
There is another problem though. Virtual memory. When your processes are running, there is a possibility that the section of memory that contains your unencrypted data may be written to the swap file. The file system journal is a tough enough issue to deal with but it is usually less then 16MB in size. The swap file can be HUGE- many gigabytes even and across many devices as well. The only way to over come this problem is not to use virtual memory.
Ok, so far, the recommendation is: to use an encrypted file system, so that in the event that the data is written somewhere, it is not easily recoverable; and don't use virtual memory. But what about RAM? Well believe it or not, even RAM that has been unpowered for a time can still have electron remnants that may be recoverable. It is highly unlikely, but it is possible. So how do you truly make your transactions secure from snooping?
1) Be the only person on a system while you are accessing sensitive information. A multiuser environment puts you at risk.
2) Use only a trusted system that you feel is under your own control and has not been compromised.
3) Use a portable input device or a virtual keyboard. Bluetooth or touchscreen keyboard
4) Use only RAM based OS's e.g. no DISK BASED virtual memory
5) Save only to encrypted volumes.
6) Only boot off of your own OS. e.g. Only boot off of a known uncompromised USB key or CD Rom.
7) Use a plugin computer that sits on top of your Live-Boot OS. e.g. use something like a ProjectBlackDog since it contains its own processor and RAM.
8) Use a secure wipe erasure program.
Cool Picks of the Day are Slax USB bootable key with Linux, ProjectBlackDog, Bluetooth Keyboard, truecryptfs. Ensure that your Monitor is not being Y-split. Use VR goggles.
I have a SLAX USB Key with truecrypt working. I need to make Bluetooth and the ProjectBlackDog work with SLAX..
secure erasing files
wipe
Securely erasing a file is not as straightforward as you may think. With the use of journaling file systems, a copy of the data is stored in the journal before committing to the final area on the disk. This vastly improves the performance of the disk writes but now there are essentially 2 places that would need to be expunged to accomplished the erasure. Unfortunately it is not very feasible to erase the journal. Over time the journal will be overwritten as commits are pumped though it but you really cannot be guaranteed that you will overwrite every area sufficiently in a known amount of time.
A good start to reduce this problem is to:
1) not use a journaling file system
2) use a plug-in encrypted file system that is layered on top of the journaled file system; or use a secure container created within the file system; or just using a native encrypted file system.
There is another problem though. Virtual memory. When your processes are running, there is a possibility that the section of memory that contains your unencrypted data may be written to the swap file. The file system journal is a tough enough issue to deal with but it is usually less then 16MB in size. The swap file can be HUGE- many gigabytes even and across many devices as well. The only way to over come this problem is not to use virtual memory.
Ok, so far, the recommendation is: to use an encrypted file system, so that in the event that the data is written somewhere, it is not easily recoverable; and don't use virtual memory. But what about RAM? Well believe it or not, even RAM that has been unpowered for a time can still have electron remnants that may be recoverable. It is highly unlikely, but it is possible. So how do you truly make your transactions secure from snooping?
1) Be the only person on a system while you are accessing sensitive information. A multiuser environment puts you at risk.
2) Use only a trusted system that you feel is under your own control and has not been compromised.
3) Use a portable input device or a virtual keyboard. Bluetooth or touchscreen keyboard
4) Use only RAM based OS's e.g. no DISK BASED virtual memory
5) Save only to encrypted volumes.
6) Only boot off of your own OS. e.g. Only boot off of a known uncompromised USB key or CD Rom.
7) Use a plugin computer that sits on top of your Live-Boot OS. e.g. use something like a ProjectBlackDog since it contains its own processor and RAM.
8) Use a secure wipe erasure program.
Cool Picks of the Day are Slax USB bootable key with Linux, ProjectBlackDog, Bluetooth Keyboard, truecryptfs. Ensure that your Monitor is not being Y-split. Use VR goggles.
I have a SLAX USB Key with truecrypt working. I need to make Bluetooth and the ProjectBlackDog work with SLAX..
secure erasing files
wipe
# posted by TheGuardian : 9:00 PM
