Versions Compared

Old Version 77

changes.mady.by.user Hari C S

Saved on

compared with

New Version 78

changes.mady.by.user srinibas@zededa.com

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security Threats Addressed

Security Threat ScenarioTPM KeyController KeyController Key Rotation

Key from TPM + Controller

 TPM + Controller Key with AttestationTPM + Controller Key Rotation with Attestation

Storage drive is taken out and inserted into another system/PC to read the data from the SSD directly using offline crypto tools

Protected Protected ProtectedProtectedProtectedProtected
Storage drive is taken out and inserted into another system/PC to read the data, by spoofing the Device Identity and talking to ControllerProtectedNot ProtectedNot ProtectedProtectedProtectedProtected
EVE device is taken out, and booted up in another location to access its data, but the theft has been detected Not ProtectedProtectedProtectedProtected

Protected


Protected
EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen Not ProtectedNot ProtectedProtectedNot ProtectedProtected (Using Geo Fencing)Protected( Using Geo Fencing)
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the informationNot ProtectedNot ProtectedNot ProtectedNot ProtectedProtected (PCR value change detection)

Protected(

Given that malware is detected by PCR values)

PCR Value change detection)

Brute force attack for Key identificationNot ProtectedNot ProtectedProtectedNot ProtectedNot ProtectedProtected


References

  1. https://wiki.lfedge.org/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
  2. The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186

...