[9fans] Re: Using 9P(2000) in Unix/Linux(/Windows)

[Jim Choate <ravage@einstein.ssz.com>]

On Thu, 15 May 2003, Anssi Porttikivi wrote:

> A practical need I have in mind and which prompted me to ask: when
> booting a CD based 'live' Linux (like Knoppix) on an arbitrary PC
> machine I'd like to mount my home directory (with all dot filed
> settings) securely over the Internet.

You'll need to create an encrypted tunnel first. Then the mount should
behave normally, except it will be even slower ;)

Since you want to use a CD you'll of course have the problem of making
sure that the keys burned on the CD are well kept. This means no loaning
of the CD to 3rd parties, and burning a seperate CD for each node you want
to boot remotely, otherwise you increase the chances of a 'known
plaintext' or 'reply' attack. You could use something similar to kerb to
pass tickets/cert's over the net instead of actual keys. This will help
against replay attacks. These sorts of things usually require sync'ed clocks
or something similar, a secure reliable shared resource (ala clock skew).

Anther approach is to use some sort of mod'ed distro (I use Trinux) and a
net-boot (eg bootp or tftp) distro. Then of course you have the 'trusted
computing' problem. If you keep up with the Cypherpunks at all, I believe
Ross Anderson has written a paper on related issues and there is a
conference of some sort coming soon on that sort of topic. Check the
archives, Ross might not be the author. The issue came up within the last
couple of weeks.

These assume that you are booting the machine from the CD.

If instead you simply want to take an existing Linux machine, slap a CD
into a drive, and then open a tunnel and mount the drive; calling that
secure at any point is hopeless with todays technology. The system is
not secrurable (ie TEMPEST/Van Eck, bus snooping, left behind swap and
malloc fragments with code/data sitting around, regular archival runs,
etc.).

You've got yourself a very! hard problem in the second case.


 --
    ____________________________________________________________________

      We are all interested in the future for that is where you and I
      are going to spend the rest of our lives.

                              Criswell, "Plan 9 from Outer Space"

      ravage@ssz.com                            jchoate@open-forge.org
      www.ssz.com                               www.open-forge.org
    --------------------------------------------------------------------