Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Teach me about encryption / security

SeeksSeeks Registered User regular
First of all, the basics: I'm on a linux system (Crunchbang, a Debian-based distro), 64-bit, ext4 filesystem.

I'm already somewhat familiar with Truecrypt. To my understanding, 256-bit AES is supposed to be pretty good. Thoughts/opinions on this versus other encryption schemes?

I'm also curious about properly removing files. I know in Windows there are some programs made special for "secure deletion," none of which I can recall off the top of my head. In linux, the methods I'm using currently are "wipe" (less frequently) or "shred," specifically shred -zuvn 100 file.

There are some (maybe) problems with these, though. First, in linux, is shred a good program to use on a journaling filesystem like ext4? Currently, for "secure files," I'll copy the file into the truecrypt file (filesystem?) and then "securely delete" it from its original location. However, I'm not sure that this is quite enough. Even if that one named file is removed, might there be other nameless copies of it in some temporary, obscure location in the filesystem?

There's also the issue of RAM. Do utilities exist for flushing the ram of any data written on it, like a bootdisc or something? This is going on the assumption that such a thing would be impossible to do without rebooting the PC, but if that's not the case, then I'm happy to hear of any non-bootdisc solutions as well.


Essentially, the best ways to encrypt files, and also, to make them disappear as if they never existed; completely unrecoverable by any organization on the planet. Thoughts?

And hey, Windows guys, feel free to chime in as well. If for nothing else, then for posterity's sake.

Seeks on
userbar.jpg
desura_Userbar.png

Posts

  • DaedalusDaedalus Registered User regular
    edited July 2010
    Seeks wrote: »
    First of all, the basics: I'm on a linux system (Crunchbang, a Debian-based distro), 64-bit, ext4 filesystem.

    I'm already somewhat familiar with Truecrypt. To my understanding, 256-bit AES is supposed to be pretty good. Thoughts/opinions on this versus other encryption schemes?

    I'm also curious about properly removing files. I know in Windows there are some programs made special for "secure deletion," none of which I can recall off the top of my head. In linux, the methods I'm using currently are "wipe" (less frequently) or "shred," specifically shred -zuvn 100 file.

    There are some (maybe) problems with these, though. First, in linux, is shred a good program to use on a journaling filesystem like ext4? Currently, for "secure files," I'll copy the file into the truecrypt file (filesystem?) and then "securely delete" it from its original location. However, I'm not sure that this is quite enough. Even if that one named file is removed, might there be other nameless copies of it in some temporary, obscure location in the filesystem?

    There's also the issue of RAM. Do utilities exist for flushing the ram of any data written on it, like a bootdisc or something? This is going on the assumption that such a thing would be impossible to do without rebooting the PC, but if that's not the case, then I'm happy to hear of any non-bootdisc solutions as well.


    Essentially, the best ways to encrypt files, and also, to make them disappear as if they never existed; completely unrecoverable by any organization on the planet. Thoughts?

    And hey, Windows guys, feel free to chime in as well. If for nothing else, then for posterity's sake.

    On a journaling filesystem like ext3 or NTFS, you cannot be 100% sure that you got rid of all traces of a file by "shredding" it because it or parts of it might still be in the filesystem journal. The only way to be entirely sure is to erase the entire filesystem.

    But wait, it gets better! Modern hard drives keep track of their own bad sectors; if your file ends up on a sector that's later marked as bad, part of it will still exist in this sector (whatever part of the sector is still uncorrupted; the drive doesn't mark a sector as bad for no reason) but not even your operating system can touch it. In theory, an adversary can recover this data by removing the hard drive platters and placing them in a different chassis (and indeed this is what data recovery companies do for a living).

    And on SSDs, wear leveling basically ensures that the only way to securely erase a file is to overwrite all space on the disk at once (or, y'know, chuck the thing into a furnace).

    RAM, on the other hand, has a really easy way to flush all its contents: turn off the computer. Cutting power entirely for some sizable fraction of a second will clear all of it.

    AES-256 is plenty strong. Does your passphrase really provide 256 bits of entropy, though? If not, it's the weak link.

    edit: Are you sure that there isn't a hardware keylogger in between your keyboard's USB plug and your computer's USB port? Do you check every time you use the computer? That's how the FBI caught Nicodemo Scarfo; it's a hell of a lot easier than trying to crack PGP or whatever.

    basically, http://xkcd.com/538/

    The bottom line is that you need to choose the level of paranoia appropriate for your situation.

    vvvvvv-dithw.png
  • SeeksSeeks Registered User regular
    edited July 2010
    Thanks for the info.

    Half of this is curiosity, to be honest. There are some things I would prefer others not see, but none of it that I really need to keep private. If the NSA got into my hard drive, it wouldn't be any worse than any other 14-30 year-old male's. I spend probably 30-90 minutes per week on a certain popular imageboard, but most of that is in wallpaper/FBF threads, so I'm not too worried there. There are a few passwords strewn about, but nothing linked to bank accounts or anything that can cost me money. Identity theft is the only potential concern.

    That being said, would something like DBAN take care of the "data kept in bad sectors" problem, or is this a situation where I'd need to destroy the hard drive? The only situations I might realistically face is selling a computer or maybe snoopy friends - none of whom are half as paranoid/security-minded as I am.
    AES-256 is plenty strong. Does your passphrase really provide 256 bits of entropy, though? If not, it's the weak link.

    I'm not sure what you mean by this, exactly. The password used to mount a file in truecrypt? If so, then you might have a point. I'm using a 20-something-character passphrase (alphanumeric, special characters, etc.), because I honestly don't see myself memorizing much more than that. Is that good enough?

    userbar.jpg
    desura_Userbar.png
  • DaedalusDaedalus Registered User regular
    edited July 2010
    Seeks wrote: »
    Thanks for the info.

    Half of this is curiosity, to be honest. There are some things I would prefer others not see, but none of it that I really need to keep private. If the NSA got into my hard drive, it wouldn't be any worse than any other 14-30 year-old male's. I spend probably 30-90 minutes per week on a certain popular imageboard, but most of that is in wallpaper/FBF threads, so I'm not too worried there. There are a few passwords strewn about, but nothing linked to bank accounts or anything that can cost me money. Identity theft is the only potential concern.
    Truecrypt and the like won't save you from that. There's basically two primary vectors for identity theft (three, if you count "steal it from the people you've entrusted with your information"): phishing and viruses. Truecrypt doesn't affect those. Both of those involve you being stupid for a brief few minutes, which is something that can happen to anybody.
    That being said, would something like DBAN take care of the "data kept in bad sectors" problem, or is this a situation where I'd need to destroy the hard drive?
    You're gonna need a power sander and whatever screwdrivers are needed to get at the platters.
    The only situations I might realistically face is selling a computer or maybe snoopy friends - none of whom are half as paranoid/security-minded as I am.
    On second thought, never mind; zero the drive and sell it.
    AES-256 is plenty strong. Does your passphrase really provide 256 bits of entropy, though? If not, it's the weak link.

    I'm not sure what you mean by this, exactly. The password used to mount a file in truecrypt? If so, then you might have a point. I'm using a 20-something-character passphrase (alphanumeric, special characters, etc.), because I honestly don't see myself memorizing much more than that. Is that good enough?

    Your 256-bit AES key represents 256 bits of randomness (entropy). If your password is not at least that random, it's easier to attack the password than the actual key.

    It's kind of hard to scientifically gauge how random a password is (for numbers it's easy, of course). If it's just written English, a good rule of thumb is about 1 bit of entropy per character. If you've got special characters, you might be doing better, or you might not be. ("p@ssword" is not particularly secure, for example).

    Fundamentally, nobody cares about your secrets, so only go paranoid to whatever extent isn't a pain in the ass.

    vvvvvv-dithw.png
  • JaninJanin Registered User
    edited July 2010
    Seeks wrote: »
    There are some (maybe) problems with these, though. First, in linux, is shred a good program to use on a journaling filesystem like ext4? Currently, for "secure files," I'll copy the file into the truecrypt file (filesystem?) and then "securely delete" it from its original location. However, I'm not sure that this is quite enough. Even if that one named file is removed, might there be other nameless copies of it in some temporary, obscure location in the filesystem?
    If you're worried about this, you should use either a ramdisk or encrypted scratch disk for storing temporary files. A ramdisk will prevent files from being written to disk at all, but has severely limited space. You can mount a scratch disk via truecrypt and keep your temporary files in there, but it will be slower than your standard filesystem.

    Either way, when you download things, download them *directly* to one of these (or to your encrypted destination directory). Then you don't have to worry about removing files.

    If you want to be really paranoid, keep your browser's cache in a ramdisk. 128MB is fine for most uses.
    Seeks wrote: »
    There's also the issue of RAM. Do utilities exist for flushing the ram of any data written on it, like a bootdisc or something? This is going on the assumption that such a thing would be impossible to do without rebooting the PC, but if that's not the case, then I'm happy to hear of any non-bootdisc solutions as well.
    I'm baffled about what threat you're trying to counter here. If you want to clear your RAM, power off your system. Want to be double-sure? Remove the RAM from its slot for a minute or two. As far as I know, not even the FBI bother to take a snapshot of kcore.
    Seeks wrote: »
    Essentially, the best ways to encrypt files, and also, to make them disappear as if they never existed; completely unrecoverable by any organization on the planet. Thoughts?
    There are methods to do this, but considering your next post you don't have to bother with any of them.
    Seeks wrote: »
    Half of this is curiosity, to be honest. There are some things I would prefer others not see, but none of it that I really need to keep private. If the NSA got into my hard drive, it wouldn't be any worse than any other 14-30 year-old male's. I spend probably 30-90 minutes per week on a certain popular imageboard, but most of that is in wallpaper/FBF threads, so I'm not too worried there. There are a few passwords strewn about, but nothing linked to bank accounts or anything that can cost me money. Identity theft is the only potential concern.
    Dude, you don't need anything more than an encrypted partition. Your friends are not going to pay tens of thousands of dollars to steal your myspace password. They're not going to break out the thumbscrews and jigsaws for anime wallpapers. Calm down.
    Seeks wrote: »
    That being said, would something like DBAN take care of the "data kept in bad sectors" problem, or is this a situation where I'd need to destroy the hard drive?
    If there's any recoverable data in a bad sector, the only way to eliminate it is to destroy the hard drive. However, the only way to *recover* it is to disassemble the drive in a clean room and piece the file back together one fragment at a time. Calm down.
    Seeks wrote: »
    The only situations I might realistically face is selling a computer or maybe snoopy friends - none of whom are half as paranoid/security-minded as I am.
    Selling a drive: boot dban, let it run, sell

    Snoopy friends: use an encrypted partition for your weird porn, don't tell them the password, don't use "12345" for the password. You're running Linux, half of your friends think your computer's got a virus because it doesn't have a "start" menu
    Seeks wrote: »
    I'm not sure what you mean by this, exactly. The password used to mount a file in truecrypt? If so, then you might have a point. I'm using a 20-something-character passphrase (alphanumeric, special characters, etc.), because I honestly don't see myself memorizing much more than that. Is that good enough?
    Entropy is a measure of how random some data is. 20-character ASCII-printable is fine. Just don't use your pet's name, your birthday, or anything else a drunk frat bro could guess.

    [SIGPIC][/SIGPIC]
  • EliteLamerEliteLamer __BANNED USERS
    edited July 2010
    I use TPM on my mobo.. Pretty cool really just right click and encrypt

    SEGA
    p561852.jpg
  • SeeksSeeks Registered User regular
    edited July 2010
    I'm baffled about what threat you're trying to counter here. If you want to clear your RAM, power off your system. Want to be double-sure? Remove the RAM from its slot for a minute or two. As far as I know, not even the FBI bother to take a snapshot of kcore.
    Dude, you don't need anything more than an encrypted partition. Your friends are not going to pay tens of thousands of dollars to steal your myspace password. They're not going to break out the thumbscrews and jigsaws for anime wallpapers. Calm down.

    This is basically hypothetical. I'm a curious guy. Also, perfectly calm, and I keep all my weird porn out in the open, not to mention meticulously organized.

    Thanks for the ramdisk/scratch disk tip, though.

    userbar.jpg
    desura_Userbar.png
  • JaninJanin Registered User
    edited July 2010
    Seeks wrote: »
    This is basically hypothetical. I'm a curious guy. Also, perfectly calm, and I keep all my weird porn out in the open, not to mention meticulously organized.

    Thanks for the ramdisk/scratch disk tip, though.
    That is hilarious, and I commend you. Sorry about being a dick -- normally when somebody is asking about something like erasing their RAM, it's because they just saw a SWAT team pull into their driveway.

    The architecture of DRAM means it requires constant power to sustain its state -- without power, the gates reset and everything is lost. This is why keeping a laptop in suspend-to-RAM state slowly drains the battery.

    There are techniques to retain RAM state, but they're fiddly. The most reliable seems to be dousing the running system in liquid nitrogen (!!), removing the RAM, warming it up to around freezing, and then placing it in a special reader. This is mostly of interest to government agents traveling in hostile countries, not to the general public.

    Reading RAM contents directly can be done, but it requires superuser access. In Linux, the file /proc/kcore contains a live view of virtual memory. In a 64-bit system, this will be >100 terabytes, which is too large to search effectively for interesting data.

    [SIGPIC][/SIGPIC]
  • SeeksSeeks Registered User regular
    edited July 2010
    No biggie. And thanks for the extra info, this is interesting stuff.
    In Linux, the file /proc/kcore contains a live view of virtual memory. In a 64-bit system, this will be >100 terabytes, which is too large to search effectively for interesting data.

    Holy shit.

    Any recommended programs with which I could take a look at that? Or do I have to mount it?

    userbar.jpg
    desura_Userbar.png
  • AntithesisAntithesis Registered User regular
    edited July 2010
    If you're looking for something very similar to shred, but for windows, eraser works well.

  • JaninJanin Registered User
    edited July 2010
    Seeks wrote: »
    In Linux, the file /proc/kcore contains a live view of virtual memory. In a 64-bit system, this will be >100 terabytes, which is too large to search effectively for interesting data.

    Holy shit.

    Any recommended programs with which I could take a look at that? Or do I have to mount it?

    cat? hexdump?

    You're not going to see anything in it except random data, since 100TB is so large that any chance of finding a live program's memory segment is very low. If you want to have some fun, install a 32-bit OS in a virtual machine and do "strings /proc/kcore"

    [SIGPIC][/SIGPIC]
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    edited July 2010
    Janin wrote: »
    Seeks wrote: »
    This is basically hypothetical. I'm a curious guy. Also, perfectly calm, and I keep all my weird porn out in the open, not to mention meticulously organized.

    Thanks for the ramdisk/scratch disk tip, though.
    That is hilarious, and I commend you. Sorry about being a dick -- normally when somebody is asking about something like erasing their RAM, it's because they just saw a SWAT team pull into their driveway.

    The architecture of DRAM means it requires constant power to sustain its state -- without power, the gates reset and everything is lost. This is why keeping a laptop in suspend-to-RAM state slowly drains the battery.

    There are techniques to retain RAM state, but they're fiddly. The most reliable seems to be dousing the running system in liquid nitrogen (!!), removing the RAM, warming it up to around freezing, and then placing it in a special reader. This is mostly of interest to government agents traveling in hostile countries, not to the general public.

    Reading RAM contents directly can be done, but it requires superuser access. In Linux, the file /proc/kcore contains a live view of virtual memory. In a 64-bit system, this will be >100 terabytes, which is too large to search effectively for interesting data.

    Nobody would bother dumping that. Physical + swap gives you everything anyway

  • mspencermspencer Registered User regular
    edited July 2010
    I think a lot of this advice is practical: what real-world threats does someone realistically need to protect against, and what protective measures can you take to protect against them? Good advice.

    Seeks, are you more interested in beyond-practical security? Like, suppose I was some sort of secret agent, facing a vast threat with extremely deep pockets -- now how do I build my system to protect against these weird threats? Or are you not trying to take it that far?

    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • SeeksSeeks Registered User regular
    edited July 2010
    I'm interested in any info on the subject, no matter how ridiculous. A lot of this isn't going to be practical obviously, and most of it's just jerking around since there aren't a lot of solutions more effective than HDD vs. .375 H&H (a hard drive is surprisingly well-fortified against handguns, though I digress). But for the sake of this thread, I guess let's pretend that's not an option.

    Really, I'm not just trying to get rid of stuff, I'm also curious about different types of encryption, what they're used for, etc. I'm almost tempted to bring up steganography as well, but that probably deserves its own thread.

    So, I guess to answer your question, yes. Beyond-practical is also good, though I don't want to limit the information in this thread to strictly that, since there might be people in the future searching the forums for more practical info.

    Honestly though, this thread's already been more informative than I thought it would, so I'm not complaining either way.

    userbar.jpg
    desura_Userbar.png
  • mspencermspencer Registered User regular
    edited July 2010
    Well I'm no expert but I know a little bit.

    Maybe we should start by describing the different threats we know about, without necessarily talking about how to protect against them yet.

    To start with there's physical security. Someone can gain physical access to your system and either retrieve information or make changes that defeat some of your security measures.

    Most keyboards emit subtly different sounds when different keys are pressed, if the keypresses are consistent like from an experienced typist. Someone can plant a microphone that can hear the keyboard, let it collect audio for a few days or a few thousand keystrokes, and then use assumptions about the nature of the typed text (what language, what field of expertise or subject of conversation) to map audio to specific keys, and use that model to read what you typed.

    VGA video cables emit RF that can be detected from nearby, which in many cases can be used to recreate the contents of the video screen.

    Machines can be altered with pass-through adapters for keyboards and mice, or depending on the attacker's access to your system, with replacement boards or modules for your keyboard or mouse, or even motherboard components that are pin-compatible with your existing USB or keyboard controller which either piggy-back off of, or replace, what your motherboard already has.

    There can also be software modifications to your machine, where additional or replacement software is introduced physically.

    Your machine can be physically seized, and may not necessarily need to be powered off before it's removed from the building. (Cut into existing power cable, clamp special supply onto existing wires.) It might be seized while you're not present in the building.

    There's also data and information security. You can be tricked into installing malicious software which can have a huge number of effects. This malicious software could come through Windows Update and appear to be signed by Microsoft, if the attacker resourceful enough. It could be installed when you visit a known-safe web site, like your local bank, also if the attacker is resourceful enough to obtain SSL certificate information that lets them impersonate the trusted site.

    There's also more mundane vulnerabilities that affect everyone: sites that are malicious to everyone, not just you or people using your ISP.

    I think this is where we start talking about super-paranoid super-inconvenient solutions to these threats, in case you want to rebuild your operating system and play with super-paranoid systems for a few weeks, and then get bored and reinstall something normal.

    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    edited July 2010
    mspencer wrote: »
    Well I'm no expert but I know a little bit.

    Maybe we should start by describing the different threats we know about, without necessarily talking about how to protect against them yet.

    To start with there's physical security. Someone can gain physical access to your system and either retrieve information or make changes that defeat some of your security measures.

    Most keyboards emit subtly different sounds when different keys are pressed, if the keypresses are consistent like from an experienced typist. Someone can plant a microphone that can hear the keyboard, let it collect audio for a few days or a few thousand keystrokes, and then use assumptions about the nature of the typed text (what language, what field of expertise or subject of conversation) to map audio to specific keys, and use that model to read what you typed.

    VGA video cables emit RF that can be detected from nearby, which in many cases can be used to recreate the contents of the video screen.

    Machines can be altered with pass-through adapters for keyboards and mice, or depending on the attacker's access to your system, with replacement boards or modules for your keyboard or mouse, or even motherboard components that are pin-compatible with your existing USB or keyboard controller which either piggy-back off of, or replace, what your motherboard already has.

    There can also be software modifications to your machine, where additional or replacement software is introduced physically.

    Your machine can be physically seized, and may not necessarily need to be powered off before it's removed from the building. (Cut into existing power cable, clamp special supply onto existing wires.) It might be seized while you're not present in the building.

    There's also data and information security. You can be tricked into installing malicious software which can have a huge number of effects. This malicious software could come through Windows Update and appear to be signed by Microsoft, if the attacker resourceful enough. It could be installed when you visit a known-safe web site, like your local bank, also if the attacker is resourceful enough to obtain SSL certificate information that lets them impersonate the trusted site.

    There's also more mundane vulnerabilities that affect everyone: sites that are malicious to everyone, not just you or people using your ISP.

    I think this is where we start talking about super-paranoid super-inconvenient solutions to these threats, in case you want to rebuild your operating system and play with super-paranoid systems for a few weeks, and then get bored and reinstall something normal.

    Well, there are defenses against each of those.

    Many keyboards are pretty quiet and not everybody is an experienced enough typist that the keys are hit reliably. Some background noise (or even a white noise broadcaster) should cancel out most of that.

    There's not a whole lot you can do about the video RF emissions short of faraday cages around a known secure area, however the SNR is low enough that a sufficiently smoothed font will actually prevent a lot of it. LCDs aren't vulnerable to the old CRT attacks that emanated from the screen itself.

    There's not much you can do avoid KB/mice being altered directly aside from carring yours with you where you go, however you can set up a rotating/permuting password system (say new password is SHA3(old password, secret)) so at a minimum nobody else can get in*

    *
    Spoiler:


    Physical seziure is a tricky one to deal with. You need to have very strong encryption on your disks from a strong key source that isn't also disk based (personally entered password on boot for example). Now, the problem here is that you will need to give them a key. The trick is to have a multilayered encryption system, so you have a public system and an inner, hidden one. Under strong encryption the hidden data will appear random and there's no way to prove that it is or is not encrypted.


    Now, there are 3 cases to deal with for seziure: power cut, power maintained, case opened & RAM extracted

    Power cut: We can't assume that any external backup will kick in. This is fine for this case, keys are wiped and unretrievable
    Power maintained: This is where multiple systems comes in. Every few milliseconds the system pings the other systems and if it receives no response it wipes its keys from memory and re-requests (or re-prompts) when it can.
    Case opened: Unfortunately, this breaks everything wide open, unless you can detect it happening. A sealed system at positive or negative pressure and a pressure sensor could do it. On detection you wipe your keys.


    As for software/data security, it's quite simple really: don't use Windows. Use a *nix with every service turned off and an accessless account for normal stuff. Of course, there are still the usual OS attacks, which will be a problem

  • mspencermspencer Registered User regular
    edited July 2010
    I haven't actually played with any of this stuff, but I've been thinking . . . is there a way to do this without using Linux?

    I look forward to people poking holes in this -- you can dislike my idea without disliking me -- but here's how I'd do it. (I love and use Linux -- I'm just curious how you'd do it without.)

    Windows machine capable of running VMware. Install Windows, never patch or update it. Go into networking, leave Ethernet enabled but delete all protocols and services, especially TCP/IP. Maybe enable IPX if you must.

    Install VMware and Truecrypt. Set Truecrypt for full-system encryption, not for secrecy but for verification: nobody can add malicious files to your filesystem without the key. Create a boot CD or bootable USB key, and keep it secure -- and only boot the system from that trusted media. You still have to type the system volume password by hand though.

    Install two or three VMware machines, and patch them up accordingly. Give each one bridged networking. One VM for day-to-day unsecure computing, web browsing and the like. One VM that is normally not running except when you're present, for secure computing needs. Optionally a third VM for secure network clients or services if you need those.

    Super paranoid, and stops you from using the PC for gaming . . . but what do you think? Would that work?

    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • electricitylikesmeelectricitylikesme Registered User regular
    edited July 2010
    For computer seizures the best defense is a TrueCrypt plausible deniability partition.

    Put an encrypted OS partition inside an encrypted OS partition, and use a physical key that you can destroy. This defense would make you torture proof, since the data is effectively gone once the physical key goes.

    Of course, this isn't necessarily a thing you want to be - since if you need it, cyanide capsules would be as effective given what's likely to happen to you.

  • mspencermspencer Registered User regular
    edited July 2010
    You know, I've been wondering.

    Suppose the system we're securing is instead an Android phone, like a Nexus One. So you have secret data on there you need to be able to access whenever, but you need to be able to hide the data at a moment's notice. (I likely wouldn't ever do this, as I don't have anything I need to hide THAT badly, and even if I did I'd have to reinstall the OS using only software I have source code for. Bye bye Froyo with flash support. X__X )

    If we ignore the problems associated with the closed-source radio hardware and firmware -- I don't know to what extent that subsystem could be penetrated and compromised without detection, and if it can be isolated from the rest of the system at all -- I wonder how secure we could be.

    Typing a password on an on-screen keyboard leaves smudges. Someone would need a replacement IME that randomized the position of the keys on screen, which would be really annoying to use.

    If you mount an encrypted loopback partition, someone could always just grab the phone away from you while the partition is mounted. I wonder if you could make that safe using the phone's built in sensors. My own brainstorming says: run a daemon that constantly monitors the microphone level and the gyro sensors, and maybe periodically runs lsof to see which processes are using the encrypted partition. If the phone exhibits any sudden acceleration OR if the phone detects any loud noises, it should immediately SIGKILL any processes that use the partition, and then unmount the filesystem and remove any key material from system memory.

    What do you think?

    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • DaedalusDaedalus Registered User regular
    edited July 2010
    mspencer wrote: »
    You know, I've been wondering.

    Suppose the system we're securing is instead an Android phone, like a Nexus One. So you have secret data on there you need to be able to access whenever, but you need to be able to hide the data at a moment's notice. (I likely wouldn't ever do this, as I don't have anything I need to hide THAT badly, and even if I did I'd have to reinstall the OS using only software I have source code for. Bye bye Froyo with flash support. X__X )

    If we ignore the problems associated with the closed-source radio hardware and firmware -- I don't know to what extent that subsystem could be penetrated and compromised without detection, and if it can be isolated from the rest of the system at all -- I wonder how secure we could be.

    Typing a password on an on-screen keyboard leaves smudges. Someone would need a replacement IME that randomized the position of the keys on screen, which would be really annoying to use.

    If you mount an encrypted loopback partition, someone could always just grab the phone away from you while the partition is mounted. I wonder if you could make that safe using the phone's built in sensors. My own brainstorming says: run a daemon that constantly monitors the microphone level and the gyro sensors, and maybe periodically runs lsof to see which processes are using the encrypted partition. If the phone exhibits any sudden acceleration OR if the phone detects any loud noises, it should immediately SIGKILL any processes that use the partition, and then unmount the filesystem and remove any key material from system memory.

    What do you think?

    It's not as bad as it looks; the fact that it's a phone confers some advantages as well. For example, you can remotely wipe the thing, and you could keep any important data on a remote server which requires a password to access.

    vvvvvv-dithw.png
  • TeaSpoonTeaSpoon Registered User regular
    edited July 2010
    I've heard that HDDErase can also erase bad sectors, for that extra bit of security.

  • electricitylikesmeelectricitylikesme Registered User regular
    edited July 2010
    Daedalus wrote: »
    mspencer wrote: »
    You know, I've been wondering.

    Suppose the system we're securing is instead an Android phone, like a Nexus One. So you have secret data on there you need to be able to access whenever, but you need to be able to hide the data at a moment's notice. (I likely wouldn't ever do this, as I don't have anything I need to hide THAT badly, and even if I did I'd have to reinstall the OS using only software I have source code for. Bye bye Froyo with flash support. X__X )

    If we ignore the problems associated with the closed-source radio hardware and firmware -- I don't know to what extent that subsystem could be penetrated and compromised without detection, and if it can be isolated from the rest of the system at all -- I wonder how secure we could be.

    Typing a password on an on-screen keyboard leaves smudges. Someone would need a replacement IME that randomized the position of the keys on screen, which would be really annoying to use.

    If you mount an encrypted loopback partition, someone could always just grab the phone away from you while the partition is mounted. I wonder if you could make that safe using the phone's built in sensors. My own brainstorming says: run a daemon that constantly monitors the microphone level and the gyro sensors, and maybe periodically runs lsof to see which processes are using the encrypted partition. If the phone exhibits any sudden acceleration OR if the phone detects any loud noises, it should immediately SIGKILL any processes that use the partition, and then unmount the filesystem and remove any key material from system memory.

    What do you think?

    It's not as bad as it looks; the fact that it's a phone confers some advantages as well. For example, you can remotely wipe the thing, and you could keep any important data on a remote server which requires a password to access.

    Hiding a bluetooth transmitter on your person would be the best answer. There are already a bunch of Linux programs which can be set to trigger a screen lock when a certain bluetooth device drops out of range.

    A handsfree could be an obvious, practical choice.

  • TeaSpoonTeaSpoon Registered User regular
    edited July 2010
    How about hiding a bluetooth transmitter inside your person? Wrap it inside a plastic bag and swallow it. Now no one can take the transmitter with them when they steal your phone. For even more security, surgically implant the bluetooth transmitter inside your chest cavity.

  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    edited July 2010
    Battery life mostly, also implanting requires you take immunosuppressants, which are not really very good for you.

    The stomach really isn't a pleasant place for non-food things to be with all that hydrochloric acid around. Plus you'll probably just shit it out eventually.

  • TeaSpoonTeaSpoon Registered User regular
    edited July 2010
    I guess we can try this again when wireless power starts becoming readily available.

  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    edited July 2010
    Unfortunately, you'll have to implant a wireless power transmitter as well :P

  • mspencermspencer Registered User regular
    edited July 2010
    I think a bluetooth headset in your pocket is probably sufficient guys. :-P

    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
Sign In or Register to comment.