MokSec - The Security Framework
thomasg
thomas at gstaedtner.net
Mon Jul 14 17:16:59 CEST 2008
On Mon, Jul 14, 2008 at 3:35 PM, Kalle Happonen <kalle.happonen at iki.fi>
wrote:
> What an insult! *slap* :P. No I'm not a windows user. and I can set the
> root password on my device, but defaults matter. And they matter a lot
> if openmoko will become more mass-market. A firewall migth be a bit
> heavy, I agree, every watt and cycle should try to be saved, but making
> dropbear just listen to the usb interface would be a pretty good
> compromise, if that is possible.
>
Ok, sorry, that was a too mean joke :P
The situation with no root password set is of course not bearable, but I'm
pretty sure that this issue will be solved in a consumer-ready release.
What I'd imagine would be a kind of "first-run-guide", that "forces" (or
allows, however you want :) ) the user to do all the important settings at
the first run of the phone (could be used for backup purposes, too, e.g.
load an xml-file with the settings).
Would make the life way easier for newbies.
However, later on an easily configurable firewall would be almost
> essential imho. Connecting to the phone (any port) over the wifi should
> (almost?)never be allowed as default. Even if the point with the phone
> is that users can do what they want, it doesn't mean that the apps they
> install shouldn't be protected. And a firewall is almost the only viable
> way. There's no easy way of making all the apps listen to just one
> interface, and while host.allow/deny is more lightweight than a
> firewall, those don't allow distinguishing of interface.
A firewall is always a more or less big piece of software, always not the
best for performance, and always a security risk (if it's not dedicated). It
also is not possible to do a easy and _good_ configuration, so however it's
done, it's always suboptimal.
There are not too much services running, and all of them are open source
software, so that is imho not that a big deal.
> >
> > In addition to that, a separate encrypted partition for /root (or
> > /home
> > if the account will changed to a non-privileged user) could be
> > nice, but
> > maybe too heavy and battery draining?
> >
> >
> > Imho it's not needed to encrypt the whole system.
> > Would be the better choice to have some crypto-containers for the
> > files that really need to be secured (phonebook, messages, important
> > documents). We had some discussion in IRC a while ago and my idea would
> No, not the whole system. But well the user homedir would be basically
> what we want to protect, and if it was on it's own partition, there is
> kernel support for it already.
> > be to have that containers and a daemon in background who handles
> > encryption/decryption, asks for passwords if needed and makes sure
> > that applications who want access to a encrypted container get it
> > (e.g. dialer wants to look up a number in the phonebook).
> > This way the containers can stay decrypted while the phone is on and
> > access is granted dynamically (as needed).
> I think completely dynamic decryption would be too cumbersone to use. If
> you mean that it would need an unlock for every received sms (to get the
> contact behind the number) and phone call, it's just unfeasible. If you
> want to protect the en/decryption key, it needs a passphrase that is
> long enough to be of any benefit. The other option is a PKI enabled SIM,
> which would be cool. Hence it should be unlocked only once, at bootup.
> The sim pin could also be saved on the encrypted partition (maybe the
> pin itself again encrypted with the passphrase, so it's not accessible
> easily at runtime) so that the user only needs to authenticate once to
> use the phone. There could be then options to forget the encryption key
> either locally or via a "magic sms".
> > Yeah, it's a little much effort, but there is no security without it.
> > If you'd encrypt the whole rootfs you'd have it decrypted the whole
> > time the phone is on (otherwise nothing would work), what means, the
> > security is gone.
> No it doesn't. Everything NEEDS to be decrypted automagically when the
> phone is on. Otherwise it's just unusable. The whole system shouldn't be
> encrypted, that's just waste. But having a personal area decrypted at
> startup means that only you can access it at bootup, and one can add the
> option of remotely disabling access to it. That is very much security,
> way more than phones usually have nowadays, even more than
> laptops/desktops, but not too much to make it hard/annoying to use.
> > Well, that's only a part of a possible security framework, but this
> > are only some thoughts.
> >
> >
> > In addition to that, I'd say all linux security administration best
> > practices should be at least considered, including automatic security
> > updates.
> >
> >
> > It's a standard linux system with a lightweight, but still standard,
> > packet management, so that's how it already is handeled (well, without
> > the automatic, but I don't like automatic updating anyway).
> >
> The fact that it has package management doesn't mean much in itself. I
> think current linux distributions have a pretty good model. A separate
> security updates repo, which just releases security patches, and since
> these are an security update of the recommended version, they don't
> (well shouldn't) break anything, so they can even be pretty safely
> applied automatically. Again, defaults matter. If you need to log in,
> run opkg update; opkg upgrade I bet that most of the phones never get
> patched.
>
> Cheers,
> Kalle
> >
> > After the basic security is in good shape, one could move on to fun
> > things like phone lock/unlock/shutdown with an sms, personal data
> > backups / remote removal... the possibilities! :)
> >
> >
> > Possibly to be implemented in a (modular) "security-daemon", as
> > mentioned before.
> >
> > Cheers,
> > Kalle
> >
> > Yorick Moko wrote:
> > > This mail was posted on the devel list
> > >
> > (
> http://lists.openmoko.org/pipermail/openmoko-devel/2008-July/003594.html).
> > > Thought it would interest a lot of people who are not subscribed to
> > > that list:
> > >
> > >
> > > Hi Guys,
> > >
> > > a few months ago we have planned to improve the security of our
> > beloved
> > > Neo, after we have read about desires of the community regarding
> > to the
> > > security issue.
> > >
> > > And here we are. Today I will present you our project MokSec.
> > >
> > > What is MokSec?
> > > ===============
> > >
> > > MokSec is framework which target is to improve the security of
> > the mobile
> > > devices which are based on OpenMoko (and other frameworks which
> > are running on
> > > Neos)
> > >
> > > What is our main focus at the moment?
> > > =====================================
> > >
> > > The main focus is the encryption over GSM. This is very
> > complicated issue and
> > > for this we searching developer which are willing to work with
> > us on this
> > > interesting project.
> > >
> > > What are the other components?
> > > ==============================
> > >
> > > At the moment we only working on a phone firewall, which will be
> > > blocking/accepting incoming calls. Later one we will add other
> > projects or
> > > developer will be able to add their projects.
> > >
> > > Were you can find more informations?
> > > ====================================
> > >
> > > http://moksec.networld.to : The main page
> > > http://moko.networld.to : The git
> > repositories
> > > http://networld.to/mailman/listinfo/moksec-public : The
> mailinglist
> > >
> > > We hope that a lot of people will work with us on the security
> > issue.
> > >
> > > Happy programming
> > >
> > > Alex Oberhauser
> > >
> > > _______________________________________________
> > > Openmoko community mailing list
> > > community at lists.openmoko.org <mailto:community at lists.openmoko.org>
> > > http://lists.openmoko.org/mailman/listinfo/community
> > >
> >
> >
> > _______________________________________________
> > Openmoko community mailing list
> > community at lists.openmoko.org <mailto:community at lists.openmoko.org>
> > http://lists.openmoko.org/mailman/listinfo/community
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Openmoko community mailing list
> > community at lists.openmoko.org
> > http://lists.openmoko.org/mailman/listinfo/community
> >
>
>
> _______________________________________________
> Openmoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20080714/1d4fa2fa/attachment.htm
More information about the community
mailing list