Versions Compared

Old Version 88

changes.mady.by.user Hari C S

Saved on

compared with

New Version Current

changes.mady.by.user Srinibas Maharana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Components Interacting with RW Partition on EVE

ComponentDirectory/FileCommentsContains Sensitive Data?
Domain Mgr

/persist/img

/persist/rkt

for storing the mutable ECO disk imagesYes
Downloader/persist/downloads

for downloading Edge Container Images

No
Verifier/persist/downloadsfor verifying integrity of downloaded imagesNo
ZedAgent/persist/config

for storing EVE device configuration

Yes
TPM Mgr/persist/config/tpm_in_usefor marking TPM mode of operationNo
device-steps.sh/persist/IMGA, /persist/IMGBfor storing image specific logs, infoNo
Network Interface Manager (NIM)/persist/statusfor storing 

DevicePortConfigList

No

Providing Security By Default

...

b) A Vault to store ECO related files (for ECO consumption) - let’s call it Image Vault - to store and launch mutated ECO images 

Even though these vaults are created by default, a User (if he wants) can change the policies associated with these Vaults, through the interface specified in this proposal, like he would do for any user-created Vaults.

...

Security Threat ScenarioTPM KeyController KeyController Key Rotation

Key from TPM + Controller

 TPM + Controller Key with AttestationTPM + Controller Key  with Attestation, with Key Rotation

Storage drive is taken out and inserted into another system/PC to read the data from the SSD directly using offline crypto tools

Protected Protected ProtectedProtectedProtectedProtected
Storage drive is taken out and inserted into another system/PC to read the data, by spoofing the Device Identity and talking to ControllerProtectedNot ProtectedNot Protected (on non-TPM devices)ProtectedProtectedProtected
EVE device is taken out, and booted up in another location to access its data, but the theft has been detected Not ProtectedProtectedProtectedProtected

Protected


Protected
EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen Not ProtectedNot ProtectedProtectedNot ProtectedProtected (Using Geo Fencing)Protected (Using Geo Fencing)
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the informationNot ProtectedNot ProtectedNot ProtectedNot ProtectedProtected (PCR value change detection)

Protected( PCR Value change detection)

Brute force attack for Key identificationNot ProtectedNot ProtectedProtectedNot ProtectedNot ProtectedProtected


References

  1. https://wikilf-lfedge.lfedgeatlassian.orgnet/wiki/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
  2. The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186

...