...
b) A Vault to store ECO related files (for ECO consumption) - let’s call it Image Vault - to store and launch mutated ECO images
Even though these vaults are created by default, a User (if he wants) can change the policies associated with these Vaults, through the interface specified in this proposal, like he would do for any user-created Vaults.
...
Security Threat Scenario | TPM Key | Controller Key | Controller Key Rotation | Key from TPM + Controller | TPM + Controller Key with Attestation | TPM + Controller Key with Attestation, with Key Rotation |
---|---|---|---|---|---|---|
Storage drive is taken out and inserted into another system/PC to read the data from the SSD directly using offline crypto tools | Protected | Protected | Protected | Protected | Protected | Protected |
Storage drive is taken out and inserted into another system/PC to read the data, by spoofing the Device Identity and talking to Controller | Protected | Not Protected | Not Protected (on non-TPM devices) | Protected | Protected | Protected |
EVE device is taken out, and booted up in another location to access its data, but the theft has been detected | Not Protected | Protected | Protected | Protected | Protected | Protected |
EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen | Not Protected | Not Protected | Protected | Not Protected | Protected (Using Geo Fencing) | Protected (Using Geo Fencing) |
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the information | Not Protected | Not Protected | Not Protected | Not Protected | Protected (PCR value change detection) | Protected( PCR Value change detection) |
Brute force attack for Key identification | Not Protected | Not Protected | Protected | Not Protected | Not Protected | Protected |
References
- https://wikilf-lfedge.lfedgeatlassian.orgnet/wiki/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
- The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186
...