Page MenuHomePhabricator

ethanwhite (Ethan White)
User

Projects

User does not belong to any projects.

User Details

User Since
Aug 2 2016, 1:41 AM (154 w, 3 d)

Recent Activity

Sep 27 2016

ethanwhite added a comment to T543: TCP ISNs and Temperature induced clock skews.

I went ahead and implemented the aforementioned 32-bit block cipher, and the implementation is available here. It's relatively performant, getting about a million encryptions per second; that should be enough, especially given that this is only used when a socket is first opened.

Sep 27 2016, 4:28 AM · C Code, security, Whonix

Sep 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've now added Debian packaging support to the actual filter. Both packages install correctly and work well.

Sep 8 2016, 10:38 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Sep 7 2016

ethanwhite added a comment to T543: TCP ISNs and Temperature induced clock skews.

A similar designed cipher is DJB's Salsa20/ChaCha20. Very fast and recently RFC'd. He's known for making crypto libs that are dead easy to use by software programmers to avoid fudged implementations.

Sep 7 2016, 11:37 PM · C Code, security, Whonix

Sep 2 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've created some bash scripts to create a Debian package for kti/python-netfilterqueue. They're available in this GitHub repository, and I've uploaded a version of the package created on my Debian Jessie system here. There are still a few issues I'll be resolving in the coming days, including the lack of a source package, but it's overall completely functional.

Sep 2 2016, 7:59 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 30 2016

ethanwhite added a comment to T543: TCP ISNs and Temperature induced clock skews.

Should we reach out to Steven first and see if he can give us code?

Aug 30 2016, 4:35 AM · C Code, security, Whonix

Aug 28 2016

ethanwhite added a comment to T541: DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks .

The network based ones are very dangerous because the artificial signals created on the machine leak in the network traffic which is immediately observable and collected by a network GPA.

Aug 28 2016, 8:03 AM · research, security, Whonix

Aug 26 2016

ethanwhite added a comment to T542: Keyboard/Mouse Fingerprinting Defense.

The first mitigation that comes to mind is to, similarly to T530, queue up all keyboard input events over a period of time (say, 30 milliseconds), and then process them all at once.

Aug 26 2016, 2:45 AM · security, Whonix

Aug 24 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The Debian package you mentioned is actually a completely different library serving the same purpose. I'll probably end up porting my code over to use that

Aug 24 2016, 7:42 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 22 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Could it be replaced with the Debian package python-nfqueue? Is it the same?

Aug 22 2016, 8:30 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 19 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
In T530#9956, @Patrick wrote:

Could you please post (and license Open Source) your fix to github? @ethanwhite

Aug 19 2016, 3:24 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 10 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Would it be correct to say that the fix developed also defends against the earlier attack described by Steven Murdoch?

Aug 10 2016, 6:03 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

We would like your feedback on the TCP ISN attack/mitigation info (or on the covert channel attack in general) on the wiki page.

Aug 8 2016, 10:17 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 6 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Can you please implement the same protections for IPv6/ICMP6 if its not too much work.

Aug 6 2016, 5:32 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 4 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

After looking at the netem documentation I'm pretty sure there is something here we can use.

Aug 4 2016, 9:35 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 3 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I would also point out that, to disable c-states in a hypervised environment, we'd need the co-operation of either the hypervisor, or every single guest (I think; correct me if I'm wrong). My understanding is that, in most Whonix configurations, the hypervisor would be beyond Whonix's control; in a lot of configurations (such as Qubes), Whonix likely wouldn't even control the majority of guests (again, correct me if I'm wrong). Is there a way to get around this?

Aug 3 2016, 5:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 2 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I figure I should weigh in on this.

Aug 2 2016, 5:48 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research