What hardware to buy for security?Best way to go about FDE? & 3-way authentication? discussion!
HiringQubesExperts
I am planning on buying a 13.3 - 15.6 laptop that I will specifically use for running qubes, and containing lots and lots of highly sensitive files.
I will also be using tor allot, and for me the main things I care about is being able to get my setup as secure as possible.
Things i've thought about so far;
OPAL SED SSD for HW based drive encryption. (Second FDE ofcourse)
USB PGP-Key for authentication and stuff., also contains (hidden) storage.
Keypad encrypted USB for hardware encrypted USB with bootfiles/keyfiles etc.
Now for the laptop itself;
Is TPM worth it? Im hearing mixed opinions... Also, I definately do not want to put all my eggs in one basket, so would using TPM be possible in a way that it is just one of several parts of the whole security-chain ? I would hate it if someone has a TPM backdoor and compromises my whole system that way, any way to design something with 2 or better yet; 3 way authentication ?
What about the processor and bios? Are there any secure/open bioses that work with recent intel processors?
As for the processor; are the SGX and other new features that skylake CPU's offer any good? Would it be possible to make use of these features in Qubes?
If not, what processor would you guys recommend? I guess Intel right? Are there any laptops out there that have onboard security-hardware that offers any real solid security benefits? I've read allot of posts from Joanna where she kinds of debunks the Cortex M-3 security chip, so I am wondering; are there any other chips like these that are truly open source, and really add some security?
What kind of laptop comes to mind when I'm asking for this kind of features? I'm having a very very hard time finding a laptop that I can setup in a way that would make me feel truly secure. I hope you guys can share some advice on these matters.
P.S.
I'm using the PGP-key stick, and USB-keypad-usb as my "extra security-weapons" are there any other reliable open source hw-security devices out there that you guys would recommend?
Would it be possible to add say some biometric security hardware and then have the full disk encryption work in such a way that 3 way authentication would be needed ?
Also, we have the software based full disk encryption, and also the HW based OPAL full disk encryption, even though I trust the software based one the most, I would still like to also maximize the security of the samsung SED based one. Would it be possible to have 3-way authentication for both, while having unique keys each?
What would be the best way to implement 3-way authentication? Most people advise me on using the combined output of all 3 hw keys, maybe even with some mechanism which unlocks a keyfile or something like that. But to me these things sound like they are not really thought trough; there has to be a better way to implement 3-way (or even 2 way) authentication, at-least for the software based FDE, and maybe even for the samsung OPAL one , right ?
Also, what would you guys recommend me to use as encryption method? LVM-LUKS won't let me encrypt the boot partition, and it wont really allow me to use 2-way authentication aswell.
What would be the best way to go about encrypting my drive using the hardware available? (PGP-key, USB-keypad, "addyourown"
I really hope we can start a discussion on these topics that will lead to a general what-should-I-buy advice when one wants maximum security from COTS hardware, and open software.
- HQE
Alex
> Hi all,
>
> I am planning on buying a 13.3 - 15.6 laptop that I will specifically
> use for running qubes, and containing lots and lots of highly
> sensitive files.
> lead to a general what-should-I-buy advice when one wants maximum
> security from COTS hardware, and open software.
>
linear measure, hardly even measurable. Hence you cannot ask for
"security" as a whole, and it does not come in handy packages on a
Walmart shelf.
What I generally recommend is to first model the threats, and then build
security accordingly. In your message you only mention "highly sensitive
files", but not your threats.
If you are afraid of software intrusions, you will want to isolate your
data from the internet, and then Qubes is a nice place to start. But
then you may probably have to make sure your usage habits are sound for
this goal (the switch can take some time to get accustomed to).
If you are afraid of casual physical thieves, a simple FDE (luks) is way
more than enough, but if you are dealing with people intentionally
pursuing your files then everything you mentioned in your e-mail is not
enough, just added complexity: you will need to think of fake volumes
and password for under-coercion data switch, bordering on plausible
deniability.
If the people pursuing your files have very strong motivations or a big
organization (say, a government), you may want to think out of the box
(i.e. thermorectal cryptanalysis, or the old but good
https://xkcd.com/538/ ): when the owner cooperates any lock opens, be it
a 3$ padlock or a multi-million-dollar fort.
Likewise, if you travel with that laptop, you may want to research
plausible deniability for sensitive data (make it look like the most
dumb windows laptop you can but), and having a biometric sensor /
unheard-of brands / custom bioses would only raise suspicion.
In any case you are likely to have to change some habits, to follow the
security guidelines you decide/plan.
Qubes by itself is a very nice foundation for both solutions for
physical security and software security, and you can add any other
feature you want to pick from your list, but just "adding them all" will
probably make your computer less secure overall (more software attack
surface) and will tire you with the security procedures, prompting you
to find shortcuts in the long run or abandon the whole "fort" altogether.
--
Alex