Checksums Done Right

[scott at cse.ucdavis.edu]

>> This is great until md5 collision attacks[1] and
>> kernel-based rootkits are used on your system (common these days).
>
> Do you have any references to the use of md5 collision attacks being
> common?

Ahh, you are correct. I was thinking of kernel-based rootkits being
common. I have no evidence that states collision attacks are currently
common. To clarify, it's trivially easy, using freely available source
code[1] (31 secs/file now), to attack a system so that some valid
executables have the same checksum as the vendors distributed copy but do
something completely unexpected. If nothing else changes with those files
(permissions, size, owner, group, time) it would easily fool many admins.

> It's possible that I'm missing the point here, but what guarantees do
> you have that you can trust your Dom0?

Well, it's running Ubuntu of course! ;)

The way we run our dom0s is that they are not listening on the network,
they have no users (other than admins), run little (mainly ssh-client)
non-base install software, and they are physically secure. We have not yet
seen a domU -> dom0 escalation attack (anyone else?). It may come
eventually but thankfully it's not here yet. We could also build Xen from
source, and examine the Xen diffs in great detail, but we aren't *that*
paranoid, yet. Really the only known way to compromise a system and kernel
in this environment is to control the mirror/media, control the Xen build
environment or, control ring -1 (think "blue pill"[2] - heh installing Xen
inside an already virtualized system would quickly degrade the quality of
life).

So, reducing the circle of trust is a very good thing. Trusting your
vendors and yourself (ie your mirror, admins, and process) is about as
good as it gets.

Scott
---------
[1] http://cryptography.hyperlink.cz/MD5_collisions.html
[2] http://en.wikipedia.org/wiki/Blue_Pill_(malware)