Questions about Qubes regarding encryption and Security (Work related)

Just a little info up front: i am working for a company that needs me to travel to well, lets say some countries that dont respect privacy and security all that much and some of them just disregard it alltogether with open surveillance laws etc. Before Qubes, which has been lovely so far and me and my coworkers have been using it since a month or so (LOVE the possibilities to run multiple machines/qubes of all our systems in one), we have been using windows and BitLocker… (company required this).

Here We are all used to our laptops being searched and forcefull checks at airports for example, and we suspect that bitlocker istn that much of a security since our data has been leaked somehow in the past (i know big shocker here). And what help is it anyway when you are forced to decrypt your data because of border security check. This is a real pain and we need to change things up.

So i know there is some info on Full Disk encryption but honestly i dont know much about LUKS. Is qubes FDE and how secure is this? We are quite tech savy ourselves but not on that level if that makes sense.

1 Like

I’d just carry a dumb laptop and an usb memory stick to bootstrap into livecd with a VPN to your real device that is in a safe place, and do remote desktop with this setup. There is nothing on your computer :smiley:

Basically, all you would need is a trustable liveusb device and a minimum to bootstrap your password / VPN.

I wrote a bit about such setup Solene'% : A Stateless Workstation

3 Likes

This is not possible since we work remotely and internet in most locations here is far from excellent and VPN/TOR is always blocked anyway

2 Likes

Use a travel persona.

Yes:

How secure depends on your threat model.

You can use Shadowsocks and/or Tor pluggable transports to circumvent network restrictions:

1 Like

Defence against companies stealing data. Basically it comes down to this we have to leave our systems in lockers where theoretically people could access it. We know this happens in border control regions/airports all the time.

It is kind of hard to set this up in the middle of nowhere with very limited connections. If i dont have access or stable access i cant do my job.

So any data including documents, spreadsheets and Design will be protected by encryption that i have in several different cubes? Even the windows cube?

1 Like

Yes, then your main concerns should be increasing cost of physical access to the aforementioned lockers and LUKS password/passphrase strength with sufficient entropy. If you want to reduce remote data exfiltration attack vectors, you may want to consider a Faraday sleeve, perhaps with tamper-resistant seals.

1 Like

There’s a couple of issues:

  1. Do you ever lose sight of the machine? If your adversary is allowed alone time with your machine, most security measures you take can be defeated or weakened substantially. You could consider some anti-evil maid (AEM) measures that use a TPM and some external cryptography. I’ve written some custom TPM/Nitrokey functionality that does this. However, the protection you’d get from this approach really depends on the sophistication and motivation of your adversary. Physical seals were already mentioned - they’d be beneficial as well.

  2. I’ve barely used windows in the last 15+ years, but on the one occasion I did, I was shocked to find a disk encryption passphrase in my Microsoft account. Making things worse, in the past, Bit Locker would silently default to hardware-based encryption when available. Maybe things have changed recently, but for a long time this was an unmitigated disaster (passwords stored in the open with if/then logic for authentication rather than proper key derivation functions, master keys floating around, etc.) With LUKS, I would say what you see is what you get. My biggest concern would be ensuring that your passphrases are of adequate entropy. I don’t know how to appraise the security of the modern, supposedly computationally difficult, key derivation functions, so I use pwgen to generate passwords with 256 bits of entropy and initialize my LUKS volumes with key-size=512.

If you’re primarily worried about data at rest, I would say LUKS is a solid choice.

1 Like

Thank you for your response. The problem is, its not a personal machine we are using but business machines. I cant take those home with me as the business situation requires me to leave the machines at certain locations there is no way around this to keep our projects running.

Worse, every now and then border police/coast guards for example they have access to the machines for days (we have to grant them access to our systems, if we dont we get arrested). I cant do anything about this obviously. I should point out when this happens, the systems are turned off.

This is my main concern yes. These people have access to the machines but only when they are shut off. Im sure bitlocker could not protect our data,which is why i am asking i guess is LUKS sufficient.

1 Like

It sounds like your company should review their data security posture. Allowing critical data to be placed on a device that can/will be separated from them is a big red flag. Not saying it’s wrong, just dangerous.

Often people carry around data on their laptops/phones they don’t need. Consider scrubbing devices before travel. Sometimes asking yourself a few times if you REALLY need that data can help you decide.

To answer your concerns though, unless you’ve got a determined attacker, LUKS should be a high bar for most thieves. As has been said before, LUKS (and encryption in general) is only as good as your passphrase.

1 Like

Well its not a life or death matter luckily but yes the work we do and the design work that goes into these projects take a lot of effort and money. Its not just annoying to have work stolen, it could bankrupt a company in the long run. Its about competitive edges.

I know and you are right but in this particular situation its just the way it is. We are working in remote locations i.e ships and oil rigs for example. Everyone is close to each other by default otherwise we would be swimming

1 Like

I’d be very cautious about trusting hardware that’s been in the hands of your adversary for any length of time, since persistent firmware threats will survive the machine being wiped. Such an infected machine would be the last thing you’d want to reconnect to your corporate network, for example.

I agree, a principled assessment of the value of your secrets should inform the security measures you take.

1 Like

What are these countries? The only ones that fit your description are UK, Canada, Australia and the lamesates, of course. Other countries have similar laws etc, but it’s not comparable to these ones. Even some like Russia in general are much easier in this regard.
But there’s no such thing even in these above as “we are all used to our laptops being searched”.
It happens highly rarely statistically and usually for specific reasons(not saying valid, tho).
So if you’re “used” to it, I really don’t know if to help you or not, for real. Because that means you’re known to them and they do that just to either make your life a bit harder or just to increase their chances of whatever it may be.

Either way, trusting a hardware that has been in such hands is just dumb af. Doesn’t matter if you use Qubes or not. Qubes won’t help in these scenarios.

1 Like