Restrict access to file system.

[samson5544]

Hello,

I need to deploy a web application on any mini-computer, I've chosen Rasperry Pi (or Pi 2) as platform for this task. However there are to condition that have to be met:

• I need to restrict access to local file system, all hardware will be at client's place, so he will have an unlimited access to the SD card.
• The whole boot process have to be unattended (no password entering etc.)

How to make it as secure as possible?
In fact I only care about denying access to read script files (served by apache).
Naturally I was thinking about full partition encryption, however I don't see a secure way to store the private key.

Honestly, this problem is harder to solve than I've suspected. Do You guys have any other ideas?

[W. H. Heydt]

It is.for most practical purposes, impossible, to secure any file system when the person who wants to look at it has physical access.

[samson5544]

It is.for most practical purposes, impossible, to secure any file system when the person who wants to look at it has physical access.

I was suspecting that How they do it in cellphones/tablets?

[ghans]

The key is derived from the passphrase / password ?

ghans

[joan]

It is.for most practical purposes, impossible, to secure any file system when the person who wants to look at it has physical access.

I was suspecting that How they do it in cellphones/tablets?

I don't think they do. Look up rooting a tablet or cellphone.

[fruit-uk]

Today's headlines...
Exploit devs allegedly bag $1m for 'secret' iOS 9.1 untethered jailbreak http://www.theregister.co.uk/2015/11/03 ... ug_bounty/

[samson5544]

No? I don't think so, regular user don't have access to root file system on regular phone (iOS for example).
I agree it's possible to break in, but it requires some serious medling.

[RaTTuS]

if the client wants to fiddle he will be able to
however
if you make it so that the pi user has a new password [well remove user pi and have another user for your use], the client does not need to know the user password
so it can boot and run apache [or other webserver] and that is that - no need for a login

[W. H. Heydt]

if the client wants to fiddle he will be able to
however
if you make it so that the pi user has a new password [well remove user pi and have another user for your use], the client does not need to know the user password
so it can boot and run apache [or other webserver] and that is that - no need for a login

Won't help unless the SD card is glued in, any maybe not even then. That's why I spoke of "physical access". If the user can remove the SD card, he can mount it on another Linux system and read whatever he wants.

[jojopi]

I need to deploy a web application on any mini-computer

If the Pi is a network server, then why does it need to be at the enemy premises? Could you run the super secret sauce on your own server, and have the Pi merely proxy it into the remote network?

As you identified at the beginning, disk encryption would require a trusted person to enter the passphrase at boot time. Even then it is not secure after the board has been left unattended, because with physical access it may be possible to extract the encryption key from the Pi's RAM, modify the keyboard to remember the keys pressed, or replace the SD card with one that contains additional code to log passwords.

Bonding the SD card to the Pi with epoxy resin would make the situation more like the smartphone, in that most end users will not be able to take it apart without breaking it. Smart customers would not be stopped even by that, and may be annoyed by it. In any case they should probably view that you are providing them a service, presumably including support, rather than merely withholding knowledge from them.

Finally, note that putting a Pi's SD card into a Windows machine gives nothing useful. So this is already a non-issue unless you are dealing with a somewhat enthusiastic hacker.

[W. H. Heydt]

Finally, note that putting a Pi's SD card into a Windows machine gives nothing useful. So this is already a non-issue unless you are dealing with a somewhat enthusiastic hacker.

Yes and no...it depends on what else is "in" the "Windows" machine...like a Linux live CD/USB stick or even a third party program that permits the user to read EXT4 file systems. It all comes back to physical access.

[samson5544]

I need to deploy a web application on any mini-computer

If the Pi is a network server, then why does it need to be at the enemy premises? Could you run the super secret sauce on your own server, and have the Pi merely proxy it into the remote network?

As you identified at the beginning, disk encryption would require a trusted person to enter the passphrase at boot time. Even then it is not secure after the board has been left unattended, because with physical access it may be possible to extract the encryption key from the Pi's RAM, modify the keyboard to remember the keys pressed, or replace the SD card with one that contains additional code to log passwords.

Bonding the SD card to the Pi with epoxy resin would make the situation more like the smartphone, in that most end users will not be able to take it apart without breaking it. Smart customers would not be stopped even by that, and may be annoyed by it. In any case they should probably view that you are providing them a service, presumably including support, rather than merely withholding knowledge from them.

Finally, note that putting a Pi's SD card into a Windows machine gives nothing useful. So this is already a non-issue unless you are dealing with a somewhat enthusiastic hacker.

All valid points. Sadly there is possibility that client won't have access to the internet, that's why it have to be made locally.
Other possibility is to chose other mini-computer that have nand flash on-board and is able to boot from it - of course it is possible to unsolder flash part and read it. Atm it's the toughest obstacle I can think of.

[fruitoftheloom]

All valid points. Sadly there is possibility that client won't have access to the internet, that's why it have to be made locally.
Other possibility is to chose other mini-computer that have nand flash on-board and is able to boot from it - of course it is possible to unsolder flash part and read it. Atm it's the toughest obstacle I can think of.

Have you considered developing your own product with the Compute Module which uses an eMMC instaed of SD Card

http://www.element14.com/community/comm ... ute-module