[HN Gopher] Defend against vampires with 10 gbps network encryption
___________________________________________________________________
Defend against vampires with 10 gbps network encryption
Author : alxjsn
Score : 118 points
Date : 2024-09-13 14:42 UTC (8 hours ago)
(HTM) web link (www.synacktiv.com)
(TXT) w3m dump (www.synacktiv.com)
| andrewla wrote:
| I had a friend who worked in federal law enforcement who once
| described a vampire device that they used. It would clamp around
| a power cable and inject a UPS in the mix so that an electronic
| device could be removed without turning it off. Seemed like a
| useful little trick.
| 0cf8612b2e1e wrote:
| If nothing else, would let you move a Frogger machine.
|
| More seriously, I have wondered if you can detect these kinds
| of external interference. Auto lock the machine if
| power/network/wifi/Bluetooth/USB conditions change.
|
| Nabbing an unlocked laptop was how they got the Silk Road guy
| (though they probably already had sufficient evidence
| elsewhere).
|
| https://arstechnica.com/tech-policy/2015/05/sunk-how-ross-ul...
| MertsA wrote:
| Wifi would probably be the easiest. Either hide a dummy AP in
| the house or use a combination of multiple neighbors APs. If
| you don't see any beacon frames from the dummy SSID for a 30
| second period then lock/shred the computer.
| justsomehnguy wrote:
| Wifi 5/6 sometimes rake up to a couple of minutes to get
| online (DFS and whatever) so 30 seconds is like smoking
| near an open can of gasoline: mostly fine but when it's
| not...
| amluto wrote:
| Maybe attack the problem from a different angle: use an
| accelerometer. Or spend a little bit more money to add a gyro
| and make a real, if very low accuracy, IMU.
| adgjlsfhk1 wrote:
| Seems like an mems accelerometer would be all you need.
| Rotation isn't really a threat...
| amluto wrote:
| Rotation itself isn't a threat, but if you want to
| directly estimate displacement to distinguish between
| earthquakes and someone stealing the machine, without
| relying on heuristics, actual inertial measurement would
| do the trick. And inertial measurement involves tracking
| the direction of acceleration, which involves tracking
| rotation.
| 0cf8612b2e1e wrote:
| That is a great suggestion. I think Android just
| implemented a "snatch detection" system for phones.
| Although, I like the idea of not requiring additional
| hardware. I guess when I start running a drug empire I will
| have to pony up for the extra dongle.
| TeeMassive wrote:
| That's a great idea. Authorizing any kind of physical
| change should be a default security measures.
| TimeBearingDown wrote:
| BusKill was created for this, USB with a magnetic
| attachment to a keyring that can be configured to take
| action on disconnect.
| jeroenhd wrote:
| One trick you could use is to abuse the fact that law
| enforcement often plugs in a mouse wiggler on an unlocked
| desktop and kill your server the moment you see a new HID
| device (make sure to run some kind of desktop on your server
| so they think they can keep the session open, best to do it
| in a VM).
|
| You could also monitor the ethernet link. They can move your
| server but they can't move the entire network, set up an
| encrypted tunnel between two distant physical servers and
| self destruct the moment that tunnel gets disrupted.
|
| Some computers come with gyros/accelerometers built in. My
| old HP laptop had some kind of head crash prevention that
| used that hardware. I know this, because Gnome thought it was
| a tablet style sensor and turned my screen upside down if I
| didn't disable the sensor. Maybe getting a HP server can
| already get you a whole bunch of movement sensors.
|
| You could probably figure out if the server is being moved by
| measuring capacitance of the case, measuring accelerometers,
| maybe add a GPS dongle. Or you could add an LTE connector and
| measure any signals you may receive that you shouldn't from
| inside a server room. You can probably measure _something_ in
| the server room, though, so to make sure your LTE dongle
| doesn't get interrupted, also measure whatever reliable
| signal you can find to detect Faraday cages.
|
| Lastly, you could put a video camera in the case on all sides
| and measure changes. Detecting law enforcement badges
| probably isn't that hard with opencv if you're dedicated
| enough.
|
| You have to hide your security measures and never tell
| anyone, though, or they'll just leave the server as-is and
| use the classic rubber hose exploit to make you give up the
| key material.
| tbrownaw wrote:
| > _Or you could add an LTE connector and measure any
| signals you may receive that you shouldn 't from inside a
| server room._
|
| Incoming Bluetooth Low Energy announcements should have a
| receive power level associated with them. Stick a beacon
| (like say a standard ble temperature/humidity sensor)
| somewhere, and you should be able to tell if the distance
| to it changes.
| the_real_cher wrote:
| So it would emulate a UPS?
|
| So they could just remove the existing UPS?
|
| what is inject a UPS?
| amiga-workbench wrote:
| Its a parasitic tap that connects to the mains power cable
| going into the device. It then phase locks an inverter with
| said mains power, allowing the mains power cable to be
| unplugged and the whole lot transported elsewhere on battery
| power.
| amelius wrote:
| How do you reliably get to the copper without shorting it?
| aaronmdjones wrote:
| Careful application of a box cutter for the outer sheath
| followed by something resembling a scotchlok connector
| for line and neutral.
|
| Edit: If the machine is plugged into a power bar / power
| strip / whatever you want to call it, this is much easier
| still: Plug the vampire UPS into the power bar as well,
| wait for it to sync up to the grid, and disconnect the
| bar from the outlet. The UPS continues to feed power into
| the bar and thus keeps the machine powered.
| madars wrote:
| With special equipment and by half-pulling/disassembling
| the power outlet. See
| https://wiebetech.com/products/hotplug-field-kit/ and
| https://www.youtube.com/watch?v=-G8sEYCOv-o
| cruffle_duffle wrote:
| Isn't that kinda what they used for Ross Ulbright's computer? I
| know it was a laptop but they probably didn't want to take
| chances given if that thing shut down the entire thing would be
| encrypted?
| andrewla wrote:
| I thought they had an attractive agent distract him for a
| moment while another agent grabbed his still-unlocked-and-
| open laptop to prevent him from locking it or closing it up.
| At least I think that was the cloak-and-dagger story I heard.
| dathery wrote:
| Really cool article, I enjoy reading through all the details
| behind the decision making.
|
| Just spit-balling a little, but I wonder if Wireguard is the best
| tool here given that the author is only using it for a single
| point-to-point link and they control the devices on both ends.
| That CPU supports AES-NI and probably does it a lot faster than
| Wireguard's ChaCha20 (hard to get numbers for their server CPU,
| but the tiny little x86 mini PC I use as my router does AES XTS
| at 43Gbps according to `cryptsetup benchmark`).
|
| You might see better performance by tunneling the vxlan
| connection using a different technology which can use AES-NI?
| Then again, Wireguard is definitely still a good tool for stuff
| like this, and maybe the performance penalty isn't a big deal
| here.
| wmf wrote:
| Because Wireguard is cool and AES is uncool.
| tptacek wrote:
| I guess it depends on whether you're more concerned about
| transport security or cipher cycles/byte.
| dathery wrote:
| Is there reason to think AES used appropriately would be
| any less secure here? Not trying to be argumentative,
| genuinely curious.
|
| My understanding is that AES has some design warts that
| make it not ideal (basically, it's easy to both implement
| and use in ways that leak information if you're not
| careful) but that it's still essentially perfect symmetric
| encryption if you're using it as recommended. Is that
| wrong?
|
| FWIW, the reason I brought up performance was because the
| OP spends a large chunk of the post talking about it, so I
| assume it's an important requirement for them.
| wmf wrote:
| AES is probably fine as a cipher but the VPN protocols
| that aren't Wireguard tend to have various footguns
| available. In theory someone could create NoisyESP but
| I'm not aware of it.
| dathery wrote:
| That makes sense. I was thinking they could use something
| like DTLS [1] and tunnel just the one UDP port needed for
| their VXLAN connections, rather than use full-blown VPN
| software. I have never actually tried this myself though.
|
| [1] https://en.wikipedia.org/wiki/Datagram_Transport_Laye
| r_Secur...
| tptacek wrote:
| It genuinely might not matter, and it might make sense to
| use a weaker protocol, if the only threat model you're
| trying to deal with is someone physically tapping a
| campus-area network. You'd run the "real" secure
| transports on top of that, the same way you do on
| internal networks today. In which case, yeah, it might
| make sense to select your protocol/constructions purely
| based on encryption efficiency.
| tptacek wrote:
| It's not about AES, it's about the WireGuard protocol.
| AES is fine. It's possible that, if Jason had the
| decisions to do over again today, he might use XAES
| instead of ChaPoly (he didn't have an especially good AES
| construction to use at the time). The big thing with
| WireGuard is not doing ciphersuite negotiation, which is
| an extremely good decision that is definitely worth
| paying some cycles/byte for (if you must).
| exabrial wrote:
| Why MACSEC isn't the default is pretty crazy! given that is is
| extremely stateless (encrypting at the frame level) and counters
| should be pretty reliable (only go up, since there's two parties)
| you could take advantages of some AES and GCM modes that would
| pretty quickly spot injection, replay, and other attacks.
|
| But getting back to the main topic of the paper: why not just S2S
| IPSec the link?
| justsomehnguy wrote:
| > Why MACSEC isn't the default
|
| TFA explains it pretty well. Also every encryption is adding
| the load and latency, so defaulting to it when it wasn't asked
| for isn't the best way
|
| > why not just S2S IPSec the link?
|
| Because IPSec is still PITA and also sucks bad performance wise
| against WG.
| nsteel wrote:
| Did Cisco really invent MACSec?! I thought it was cooked up by
| the IEEE and supported in hardware from many vendors. I imagine
| they all have their own bugs though, it's quite a complicated
| spec. I know some switch/router vendors also now offer hardware-
| accelerated end-to-end encryption, similar to IPsec, Nokia call
| their's anysec but I'm sure the other players have their own. The
| benefit of those is you'd get full bandwidth (e.g. Tbps).
| wmf wrote:
| Usually one vendor prototypes a feature then they take it to
| IEEE/IETF for standardization. Probably half of all network
| protocols were invented by Cisco.
| theideaofcoffee wrote:
| This is a great writeup! Especially for those that may want to
| DIY it, the how and the why and all of that, and not have to
| shell out for carrier-quality Layer 1 encryption devices. Nice to
| see that even off-the-shelf components can do it with relative
| ease at those rates. Also nice to see sane sysctl tunes as well.
| Anything to make an adversary's day a bit harder. I low key love
| the explanation of old 10B5 taps, something that so well and
| truly dead, but the legacy carries on into everything new today.
|
| This is actually a well-trodden area of datacenter interconnect
| (DCI) devices that do line-rate encryption (to crazy levels like
| 400G+) to protect those links that may have easily accessible
| fibers strung along poles, for instance, to prevent just the
| vampirism described in the post. Packetlight, Ciena, Infinera and
| others.
| aaronmdjones wrote:
| # setup a 8020 MTU on wg0 interface to account for the 80 bytes
| wireguard headers overhead # 20-byte IPv4 header or 40
| byte IPv6 header, 8-byte UDP header 4-byte type, 4-byte key
| index, 8-byte nonce, 16-byte authentication tag) /sbin/ip
| li set dev wg0 mtu 8020
|
| Shouldn't that be 8920? To go with the 9000 byte MTU on the outer
| interface above it.
| bb88 wrote:
| That would probably add only a smidge more performance.
| aaronmdjones wrote:
| Sure, but the comment block says that they arrived at 8020 by
| subtracting 80 from 9000, which is just wrong.
| icehawk wrote:
| I did something like this to stretch L2 as I was moving into a
| new home. Worked great after I realized t-mobile does not like
| passing IP fragments.
|
| Got to use it again to set up a remote telescope for the eclipse.
| westurner wrote:
| A notebook with pandas would have had a df.plot().
|
| 9.71 Gbps _with wg_ on a 10GBps link with sysctl tunings, custom
| MTUs,.
|
| I had heard of token ring, but not 10BASE5:
| https://en.wikipedia.org/wiki/10BASE5
___________________________________________________________________
(page generated 2024-09-13 23:00 UTC)