For a security-oriented distribution such as Liberté Linux, peer review of its capability to resist malicious attacks is a highly desirable feature. If you possess the relevant expertise, you are welcome to criticize Liberté's design or implementation by sending me an email. The reason that I ask to send an email is that right now, this site's engine does not have anonymous edits turned on. If your arguments are reasonable, they will appear here on a short notice (with a reply).
Below, some specific pivotal potential vulnerabilities worthy of exploration are listed.
Since the 2011.1 release, Liberté implements secure and anonymous communication using email-like addresses. Potential (i.e., undiscovered) weaknesses of this cables exchange system may include:
- Circumventing proper message authentication via a communication protocol fault
- Misrepresenting another user (as cable sender or receiver)
- Convincing the sender to encrypt a cable for unintended recipient (e.g.: certificates chain verification issue, multiple certificates in a single
- Exploiting a remote system via a specially formatted certificate / message
- Known-plaintext attack by generating specially crafted message receipt requests (e.g.: padding doesn't work as expected)
- Susceptibility to traffic analysis
and similar vulnerabilities.
If you have performed an audit of source code in Liberté Linux, please send me the SVN revision or release tag at which you looked, and your review (or a link to one), and I will post / link to it here.
- “Baal,” Thoughts on undercover communication, 26 Aug. 2011.
Some useful references are listed below.
- P. James, Secure Portable Execution Environments: A Review of Available Technologies, Proc. AISM 2008, pp. 70–86, 1–3 Dec. 2008, Perth, AU-WA.
- J. A. Halderman et al., Lest We Remember: Cold-Boot Attacks on Encryption Keys, Commun. ACM, 52(5), pp. 91–98, May 2009.
- J. Chow et al., Understanding Data Lifetime via Whole System Simulation, Proc. USENIX Security '04, pp. 321–336, 9–13 Aug. 2004, San Diego, US-CA.
- C. Wright et al., Overwriting Hard Drive Data: The Great Wiping Controversy, Proc. ICISS 2008, LNCS 5352, pp. 243–257, 16–20 Dec. 2008, Hyderabad, IN-AP.
- K. Bauer et al., Low-Resource Routing Attacks Against Tor, Proc. WPES '07, pp. 11–20, 29 Oct. 2007, Alexandria, US-CA.
- D. Herrmann et al., Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier, Proc. CCSW '09, pp. 31–41, 13 Nov. 2009, Chicago, US-IL.
- V. Brik et al., Wireless Device Identification with Radiometric Signatures, Proc. MobiCom '08, pp. 116–127, 14–19 Sep. 2008, San Francisco, US-CA.
- M. G. Kuhn, Electromagnetic Eavesdropping Risks of Flat-Panel Displays, Proc. PET 2004, LNCS 3424, pp. 88–107, 26–28 May 2004, Toronto, CA-ON.
- M. Vuagnoux, S. Pasini, Compromising Electromagnetic Emanations of Wired and Wireless Keyboards, Proc. USENIX Security '09, pp. 1–16, 10–14 Aug. 2009, Montréal, CA-QC.
- L. Zhuang et al., Keyboard Acoustic Emanations Revisited, ACM T Inform Syst Se, 13(1), pp. 3:1–26, Oct. 2009.
- M. Backes et al., Tempest in a Teapot: Compromising Reflections Revisited, Proc. IEEE SP 2009, pp. 315–327, 17–20 May 2009, Oakland, US-CA.