Bitcoin Forum
June 20, 2024, 04:41:12 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Are VMs adequate for cold/cool wallets?  (Read 2817 times)
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
May 03, 2013, 07:29:50 PM
 #1

Specifically the sort of mid-security cool wallet that clients like Armory offer. I already have split-secret paper wallets for the "savings account" but I need something more accessible for more regular mid-grade purchases. I know a thing or two about a thing or two and would secure the VM holding private keys quite well - TrueCrypt full volume encryption on the guest OS and the virtual disk stored on a hardware-encrypted external USB that would only ever be plugged in when in use. No network adapters on the VM and so on. The only missing piece is I don't know enough about VMs from a security standpoint to know what new security vulnerabilities might be introduced - I'm not sure how much access the host PC has to the VM's RAM, for example, or if there is any way to limit that sort of vulnerability.

Thoughts?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2013, 07:46:56 PM
 #2

https://bitcointalk.org/index.php?topic=15052.0;all
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
May 03, 2013, 08:02:06 PM
 #3


So the gist I'm getting is that the host OS is well-secured against bad actions taken against the guest, but not vice versa. Unidirectional security in exactly the wrong direction  Undecided

Oh well, it was worth a shot. Guess I'll be buying a cheap netbook just to run Armory, although Armory seems pretty resource-intensive for them to recommend running the offline client on a netbook. Has anyone had first-hand experience with this?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2013, 08:05:19 PM
 #4

read the post about security via obscurity.  worked for me.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2013, 09:13:36 PM
 #5

Maybe your next podcast should be on high level security of wallets?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2013, 09:14:51 PM
 #6

I'd also love to hear one on the intricacies of ecdsa.
MWNinja
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile WWW
May 03, 2013, 09:24:23 PM
 #7

The average consumer-grade VM solution is crap and offers very little protection (still it's useful in a defense in depth approach).  That said, there is a secure hypervisor solution that is suitable for protecting cold/cool wallets offered by this company http://www.integrityglobalsecurity.com/.  It's not geared toward the consumer market, but certainly would be suitable for a business looking to create a bitcoin "bank".


 
dwolfman
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile WWW
May 03, 2013, 09:24:49 PM
 #8

read the post about security via obscurity.  worked for me.

Link?

Tried searching the forums, but can't single it out of the hundreds of hits...  Sad

Wanna send coins my way? 1BY2rZduB9j8Exa4158QXPFJoJ2NWU1NGf or just scan the QR code in my avatar.  :-)
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
May 03, 2013, 10:22:11 PM
 #9

The average consumer-grade VM solution is crap and offers very little protection (still it's useful in a defense in depth approach).  That said, there is a secure hypervisor solution that is suitable for protecting cold/cool wallets offered by this company http://www.integrityglobalsecurity.com/.  It's not geared toward the consumer market, but certainly would be suitable for a business looking to create a bitcoin "bank".


 

Definitely more hammer than I need for this particular nail, but I like the idea of a VM being part of a DiD approach. I might just set this up with two different offline wallets, one stored on the offline computer directly and one stored in a VM's disk a hardware-encrypted external disk that only ever gets plugged into the offline computer... But maybe I'm over-thinking this.
film2240
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000


Freelance videographer


View Profile WWW
May 03, 2013, 10:27:02 PM
 #10

Only if you completely disable any form of internet access to that VM first otherwise viruses/hackers can still find a way in,especially without anti-virus or a firewall.


[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
May 03, 2013, 11:32:10 PM
 #11

I've been playing around with Windows to Go on a USB thumbdrive lately.  I downloaded the Windows 8 Enterprise trial ISO from Microsoft and installed it on freshly formatted hard drive in an offline PC.  From that Enterprise installation I created a live and bootable Windows 8 Enterprise USB using the Windows to Go feature.  You can choose to use Microsoft's BitLocker encryption on the USB drive from the Windows to Go installation wizard.  Once Go is finished installing, you can boot up that installation of Windows on any capable system.  On boot you'll be prompted for the BitLocker password to decrypt the drive.

On any systems you use with your USB drive you'd just want to make sure any network cables are disconnected before you boot up.  The first time I booted from my USB drive I just went ahead and uninstalled all network devices.  I installed Armory and have used it for a few small offline wallets.  I think this gives you something almost as secure as a dedicated offline computer for Armory with more flexibility.  The way I've set it up you need the BitLocker decryption key, the regular Windows password, and the password for the Armory wallets in order to sign transactions to be moved to an online system for broadcasting.

Of course, you can do something similar with Linux, but I wanted to try it out with Windows because Armory updates typically go out to Windows first, and I wanted to avoid worrying about dependencies and stuff like that.  What's nice is that I think you can do this for free.  You can get the trial Enterprise ISO directly from Microsoft.  The standard installation is limited to 90 days, but you just need to install it in order to create a Windows to Go USB drive.  After that, you don't need it anymore.  The Go installation will tell you it's not activated with a watermark, but being unactivated, as far as I can tell, just means you can use some Windows features like the Windows store - stuff you don't need on an offline installation anyway.

I guess it's a slight step down from a dedicated Armory offline computer because I it's conceivable that a wallet compromising virus could travel from the hard drive of host computer onto the USB installation; although, from my USB Go installation I've never been able to access the drive resources of the host computer, so I assume there some partitioning going on to protect against that sort of thing.  Anyway, like I said, probably a slight step down in security from the recommended Armory setup, but a step up in security, I think, from VMs on network connected computers.  Plus you get a lot more flexibility since you could more easily travel with an encrypted USB that you can use on your main laptop or any other computer.

Just something I've been playing with.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
Berend de Boer
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile WWW
May 03, 2013, 11:34:56 PM
 #12

Specifically the sort of mid-security cool wallet that clients like Armory offer. I already have split-secret paper wallets for the "savings account" but I need something more accessible for more regular mid-grade purchases. I know a thing or two about a thing or two and would secure the VM holding private keys quite well - TrueCrypt full volume encryption on the guest OS and the virtual disk stored on a hardware-encrypted external USB that would only ever be plugged in when in use. No network adapters on the VM and so on. The only missing piece is I don't know enough about VMs from a security standpoint to know what new security vulnerabilities might be introduced - I'm not sure how much access the host PC has to the VM's RAM, for example, or if there is any way to limit that sort of vulnerability.

Thoughts?

I would say it's not much safer than not using a vm. Your disks are encrypted, so you might think the host cannot read/modify your wallets. But the host can read the guest's memory and extract it from there. Such attacks do not yet exist, but are not beyond a teenager with nothing better to do, and who's happy with a few thousand dollars in return (people get murdered for less).

The only additional safety is that when the vm is not running, even if your host is compromised, you're safe. But if the host is compromised, and you don't know, and turn on the vm, all bets are off again. Given your mid-security requirements, I assume you have the vm running most of the time, so you have no additional security.
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
May 03, 2013, 11:35:24 PM
 #13


So the gist I'm getting is that the host OS is well-secured against bad actions taken against the guest, but not vice versa. Unidirectional security in exactly the wrong direction  Undecided

Oh well, it was worth a shot. Guess I'll be buying a cheap netbook just to run Armory, although Armory seems pretty resource-intensive for them to recommend running the offline client on a netbook. Has anyone had first-hand experience with this?

The offline client isn't that intensive. Don't install windows, get Ubuntu, and 2gb of ram should be more then enough if your worried about the requirements.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 03, 2013, 11:46:04 PM
 #14

read the post about security via obscurity.  worked for me.

Link?

Tried searching the forums, but can't single it out of the hundreds of hits...  Sad

It's in the thread i linked to below
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
May 03, 2013, 11:47:52 PM
 #15


So the gist I'm getting is that the host OS is well-secured against bad actions taken against the guest, but not vice versa. Unidirectional security in exactly the wrong direction  Undecided

Oh well, it was worth a shot. Guess I'll be buying a cheap netbook just to run Armory, although Armory seems pretty resource-intensive for them to recommend running the offline client on a netbook. Has anyone had first-hand experience with this?

The offline client isn't that intensive. Don't install windows, get Ubuntu, and 2gb of ram should be more then enough if your worried about the requirements.

Ah, so it's only the online client that sucks down 4 to 8 gigs of RAM as indicated on their site Embarrassed
dwolfman
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile WWW
May 03, 2013, 11:53:40 PM
 #16

read the post about security via obscurity.  worked for me.

Link?

Tried searching the forums, but can't single it out of the hundreds of hits...  Sad

It's in the thread i linked to below

Well, that's a lot of reading to find it (76 pages!!).  Think I'll save that for sometime when I have a couple days to waste.  Wink

Wanna send coins my way? 1BY2rZduB9j8Exa4158QXPFJoJ2NWU1NGf or just scan the QR code in my avatar.  :-)
BTCLuke
Hero Member
*****
Offline Offline

Activity: 526
Merit: 508


My other Avatar is also Scrooge McDuck


View Profile
May 04, 2013, 12:49:17 AM
 #17

You guys are really making me want to get one of these beauties and figure out how to install Armory on it:


$74, full PC specs! Link to review.

Anyone done it?


Luke Parker
Bank Abolitionist
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 04, 2013, 01:19:12 AM
 #18

Specifically the sort of mid-security cool wallet that clients like Armory offer. I already have split-secret paper wallets for the "savings account" but I need something more accessible for more regular mid-grade purchases. I know a thing or two about a thing or two and would secure the VM holding private keys quite well - TrueCrypt full volume encryption on the guest OS and the virtual disk stored on a hardware-encrypted external USB that would only ever be plugged in when in use. No network adapters on the VM and so on. The only missing piece is I don't know enough about VMs from a security standpoint to know what new security vulnerabilities might be introduced - I'm not sure how much access the host PC has to the VM's RAM, for example, or if there is any way to limit that sort of vulnerability.

Thoughts?

I would say it's not much safer than not using a vm. Your disks are encrypted, so you might think the host cannot read/modify your wallets. But the host can read the guest's memory and extract it from there. Such attacks do not yet exist, but are not beyond a teenager with nothing better to do, and who's happy with a few thousand dollars in return (people get murdered for less).

The only additional safety is that when the vm is not running, even if your host is compromised, you're safe. But if the host is compromised, and you don't know, and turn on the vm, all bets are off again. Given your mid-security requirements, I assume you have the vm running most of the time, so you have no additional security.

I don't think thats true.

VMWare fusion connects to the mac os via a nat connection which acts like a one way router.   
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 04, 2013, 01:22:12 AM
 #19

I've been playing around with Windows to Go on a USB thumbdrive lately.  I downloaded the Windows 8 Enterprise trial ISO from Microsoft and installed it on freshly formatted hard drive in an offline PC.  From that Enterprise installation I created a live and bootable Windows 8 Enterprise USB using the Windows to Go feature.  You can choose to use Microsoft's BitLocker encryption on the USB drive from the Windows to Go installation wizard.  Once Go is finished installing, you can boot up that installation of Windows on any capable system.  On boot you'll be prompted for the BitLocker password to decrypt the drive.

On any systems you use with your USB drive you'd just want to make sure any network cables are disconnected before you boot up.  The first time I booted from my USB drive I just went ahead and uninstalled all network devices.  I installed Armory and have used it for a few small offline wallets.  I think this gives you something almost as secure as a dedicated offline computer for Armory with more flexibility.  The way I've set it up you need the BitLocker decryption key, the regular Windows password, and the password for the Armory wallets in order to sign transactions to be moved to an online system for broadcasting.

Of course, you can do something similar with Linux, but I wanted to try it out with Windows because Armory updates typically go out to Windows first, and I wanted to avoid worrying about dependencies and stuff like that.  What's nice is that I think you can do this for free.  You can get the trial Enterprise ISO directly from Microsoft.  The standard installation is limited to 90 days, but you just need to install it in order to create a Windows to Go USB drive.  After that, you don't need it anymore.  The Go installation will tell you it's not activated with a watermark, but being unactivated, as far as I can tell, just means you can use some Windows features like the Windows store - stuff you don't need on an offline installation anyway.

I guess it's a slight step down from a dedicated Armory offline computer because I it's conceivable that a wallet compromising virus could travel from the hard drive of host computer onto the USB installation; although, from my USB Go installation I've never been able to access the drive resources of the host computer, so I assume there some partitioning going on to protect against that sort of thing.  Anyway, like I said, probably a slight step down in security from the recommended Armory setup, but a step up in security, I think, from VMs on network connected computers.  Plus you get a lot more flexibility since you could more easily travel with an encrypted USB that you can use on your main laptop or any other computer.

Just something I've been playing with.


Were you able to set that up for free?

You might be interested in the ironkey that's coming out later this year that will have hardware encryption with windows to go and can boot up in ram.
Berend de Boer
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile WWW
May 04, 2013, 01:51:21 AM
 #20

Quote from: berend
But the host can read the guest's memory and extract [the encryption keys] from there.

I don't think thats true.

VMWare fusion connects to the mac os via a nat connection which acts like a one way router.  

It sounds like either you didn't read my post, or you are very confused. The host can read ANYTHING in a vm. That's by definition.

No clue what you mean with nat connection, that's completely irrelevant if the host can directly read the network buffer of the virtualised NIC.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!