Information Security Asked on October 28, 2021
Since I cannot receive email directly from my home server, I need an external device to receive messages for me and deliver them to my MTA via another port or via VPN. Instead of renting a VPS just for this, I was thinking about purchasing an unexpensive ARM board and deploying it to one of my friend’s house, which has a static IP and can receive email from the outside (no port 25 blocked by his ISP).
I would encrypt the root partition, allowing remote unlocking via VPN and SSH intramfs. I would save the SSH fingerprint locally before giving the machine to him.
Of course I trust him, but what could he possibly do?
Things that come to mind, from the easiest to the most difficult:
I’m 100% sure none of this will happen, it’s just a theoretical exercise
Ten immutable Laws of Security, Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
You are susceptible to the Evil Maid Attack.
He has the SD Card, he can clone it, change the initrd
to log LUKS password, and with the LUKS password in hand it's game over. Shutdown your Pi, clone the card, replace the initrd, say there was a power outage here, and as soon as you send the key remotely, he has too. Another "power outage" and all your binaries are backdoored, or there's another root user, or a suid bash somewhere.
He could forward the external port 25 of its router to his rogue mail server, but could he read my email?
He now has the certificate, he can forward the emails to his own server, save a copy, send it back to your server. You cannot detect this, because he is using your certificate.
He can setup a proxy that does a reverse lookup on every connection to the port 25, checks if it's from a MX record, and says "TLS not implemented" and saves everything before sending data to your server. If you try to connect, he passes straight to your daemon, so if you test it from any non-MX IP, it will show you the correct certificate. He can even create a list with the largest SMTP sending services (major email providers, major list services, and so on) and sniff only those.
Can he read the wireguard initramfs configuration? If so he could use the peer key to connect to VPN
He can. He now has the LUKS key.
Is there a way to protect from cold boot attacks?
No. He has unrestricted physical access. Pull the plug, every single software protection is dead. The Pi does not have any hardware protection.
Other paranoid things I'm missing?
You cannot protect your Pi. Not even against basic attacks.
Answered by ThoriumBR on October 28, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP