Protecting GPG Keys with a Trusted Platform Module - BeagleBone for Secret Agents

Hardware Reference

In-Depth Information

Threat identification

To identify the threats against our system, we need to classify the capabilities of our ad-

versaries. This is a highly personal analysis, but we can generalize our adversaries into

three archetypes: a well funded state actor, a skilled cracker, and a jealous ex-lover. The

state actor has nearly limitless resources both from a financial and personnel point of view.

The cracker is a skilled operator, but lacks the funding and resources of the state actor. The

jealous ex-lover is not a sophisticated computer attacker, but is very motivated to do you

harm.

Unfortunately, if you are the target of directed surveillance from a state actor, you probably

have much bigger problems than your GPG keys. This actor can put your entire life under

monitoring and why go through the trouble of stealing your GPG keys when the hidden

video camera in the wall records everything on your screen.

Also, it's reasonable to assume that everyone you are communicating with is also under

surveillance and it only takes one mistake from one person to reveal your plans for world

domination.

Tip

The adage by Benjamin Franklin is apropos here: Three may keep a secret if two of them

are dead .

However, properly using GPG will protect you from global passive surveillance. When

used correctly, neither your Internet Service Provider, nor your e-mail provider, or any

passive attacker would learn the contents of your messages. The passive adversary is not

going to engage your system, but they could monitor a significant amount of Internet traffic

in an attempt to collect it all . Therefore, the confidentiality of your message should remain

protected.

We'll assume the cracker trying to harm you is remote and does not have physical access to

your BBB. We'll also assume the worst case that the cracker has compromised your host

machine. In this scenario there is, unfortunately, a lot that the cracker can perform. He can

install a key logger and capture everything, including the password that is typed on your

computer. He will not be able to get the code that we'll enter on the BBB; however, he

would be able to log in to the BBB when the key is available.

Search WWH ::

Custom Search

Home