mandos
play

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn - PowerPoint PPT Presentation

Sep 04, 2023 •430 likes •559 views

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to use Mandos? 1. Physical/bare metal hardware? 2. More than just one physical machine? 3. Want to use full-disk encryption? You should use Mandos!

  1. Mandos Disk encryption without passwords Teddy Hogeborn, Björn Påhlsson 2020-01-29

  2. When to use Mandos? 1. Physical/bare metal hardware? 2. More than just one physical machine? 3. Want to use full-disk encryption? You should use Mandos!

  3. Don’t already use full-disk encryption? You should!

  4. What is Mandos? One running machine sends password to other rebooting machine Two (or more) machines can keep each other up No interactivity needed ◮ Reboot while you sleep ◮ Kernel upgrade ◮ Kernel panic ◮ Power glitch ◮ Watchdog ◮ etc.

  5. Noninteractivity Vital feature! Set it and forget it; reboot normally

  6. Mandos Features Supports major initramfs image builders: ◮ initramfs-tools ◮ dracut, both with and without systemd Server controllable by D-Bus ◮ D-Bus API fully documented ◮ Command-line utilities provided

  7. But anyone could just. . . No they couldn’t. ◮ TLS-encrypted communication (with PFS) ◮ OpenPGP-encrypted payload

  8. But what if. . . Threat model? ◮ Smash & grab Fails safe!

  9. Threat models (continued) What is your realistic threat model? Mandos will always be better than no encryption!

  10. OK, but in theory, you could. . . Yes, OK, you could. ◮ But again, what is your threat model? Sophisticated attackers? ◮ Could just as well do a cold-boot attack Mandos can ask for manual approval for every boot

  11. Installing Mandos apt install mandos-client Then, read /usr/share/doc/mandos-client/README.Debian.gz apt install mandos Latest version (recommended): Instructions at https://www.recompile.se/mandos

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KOUFU GROUP LIMITED Annual General Meeting 24 April 2019 Important Notice This presentation is

KOUFU GROUP LIMITED Annual General Meeting 24 April 2019 Important Notice This presentation is

KOUFU GROUP LIMITED Annual General Meeting 24 April 2019 Important Notice This presentation is prepared for information purposes only, without regard to the objectives, financial situation nor needs of any specific person. This presentation

517 views • 34 slides
The Ultimate IRS Collection Workshop From Billing Notice to Offer Acceptance Letter Presented by:

The Ultimate IRS Collection Workshop From Billing Notice to Offer Acceptance Letter Presented by:

The Ultimate IRS Collection Workshop From Billing Notice to Offer Acceptance Letter Presented by: Eric L. Green, Esq. 1 CPE There will be 16 attendance check words Please write these down You will need them at the end when you click on

870 views • 35 slides
PATENTS 1 Optional Patents are all around us 8000 7000 6000 Patent documents 5000 Bicycles

PATENTS 1 Optional Patents are all around us 8000 7000 6000 Patent documents 5000 Bicycles

PATENTS 1 Optional Patents are all around us 8000 7000 6000 Patent documents 5000 Bicycles 4000 Toothbrushes Superconductors 3000 2000 1000 0 1975 1980 1985 1990 1995 2000 2005 2010 2015 Major discovery Year 3 The patent

926 views • 36 slides
How to Be a Good Graduate Student (Characteristics of a Successful Researcher) Biswanath

How to Be a Good Graduate Student (Characteristics of a Successful Researcher) Biswanath

How to Be a Good Graduate Student (Characteristics of a Successful Researcher) Biswanath Mukherjee Biswanath Mukherjee Child Family Professor Department of Computer Science University of California, Davis mukherje@cs.ucdavis.edu This

266 views • 22 slides
Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is as old as the trade of hacking Common Characteristics: Physical access (at least within transmission range of EM/Accoustic signals). Seemingly

252 views • 22 slides
Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt Microsoft Research In the old days Application Operating system 2 In the old days Application Operating system 2 In the old days

631 views • 34 slides
T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference Minneapolis, Minnesota A Brief History PE Resiliency Initial releases of UNICOS/mk system panicked processes hung system would

732 views • 21 slides
Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van Oorschot askillen@ccsl.carleton.ca Carleton Computer Security Lab Carleton University Ottawa, Canada SPSM 2013, Berlin, Germany November 8, 2013 The

488 views • 28 slides
Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Motivation A Language-Based Approach Issues Summary Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2 Filippo Del Tedesco 2 1 City University London 2 Chalmers University of Technology, Sweden The

1.03k views • 29 slides
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei Shih Prasun Gera Taesoo Kim Hyesoon Kim Marcus Peinado 26 th USENIX Security Symposium August 17, 2017 Intel Software Guard Extension (SGX)

437 views • 42 slides
About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production Environments Student: Benjamin Taubmann PhD stage: Third year, finisher Advisor: Prof. Dr. Hans P. Reiser Affiliation: Assistant Professorship of

313 views • 8 slides
Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer Security Day 21: Firewalls, NATs, and IDSes Firewalls and NAT boxes Stephen McCamant University of Minnesota, Computer Science & Engineering

1.35k views • 7 slides
Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

7/15/2014 Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics Agenda 2 FDSOI STNOC with FDSOI Application example Conclusions 1 7/15/2014 FD-SOI Speed & Energy Efficiency

211 views • 8 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and S. Sen Gupta Cryptology Research Group, ASU Indian Statistcal Institute, Kolkata May 3, 2010 Background Slide 2 of 31 RSA Framework Key-Gen

607 views • 58 slides
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security! Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript

891 views • 59 slides
Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS, Princeton Joint with Zeev Dvir Anup Rao Amir Yehudayoff Restriction Access, A new model of Grey-box access Systems, Models, Observations From

751 views • 29 slides
NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting 29 July 2019 Power cut #1 July 23 Power cut with subsequent cooling failure brought down all servers except np04-srv-001 and np04-srv-004 (on

238 views • 6 slides
SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno Bodin Tom Spink Bjrn Franke Institute for Computing Systems Architecture University of Edinburgh ISPASS 2017 1 Motivation Instruction Set

1.05k views • 52 slides
Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

994 views • 96 slides
TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in Computer Engineering (Engineering College of Copenhagen 2004) M. SC. EE. In System on Chip (LTH 2006) Work experience EMP 2006

629 views • 37 slides
Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was based on hardness of problems in modular arithmetic and number theory (RSA/factoring, modular discrete log) Problems from several other areas, since

400 views • 17 slides
bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1. Einheit: Mo, 2001-05-28, 13:00: 2H316 [Abteilung fr Wirtschaftsinformatik] Termine webEngineering Zwischenprsentation: 11. Juni, 13:00

322 views • 16 slides
Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last slide for references Contact info Jay Urbain, PhD email: urbain@msoe.edu Office hours: http://jayurbain.com/msoe Course home:

1.08k views • 55 slides

More recommend