This looks like useful software. His claim that it's now integrated into systemd is not supported by the patch he links to, though. Based on the systemd upstream patch, it looks like it just locks if a certain manufacturer of forensics tools are connected. The github repo you've linked locks the screen on any USB HID attachment, which seems much safer.
I built a program that automatically locks my OSX machine when I get far enough away from it. It uses iBeacon ranging and I have the beacon in my pocket. Debated on sharing with others but I never managed to clean it up enough to be proud of sharing it.
There's a program for Linux that does the same, but using your phone (or other Bluetooth device) called blueproximity. It had a slight tendency for false positives, though - sometimes it locked the screen even with the device less than a meter away.
For this to work as a dead man switch, it will have to trigger the lock the instant there's two of that signal. Otherwise one simply has to sniff bluetooth then copy your signal.
Tails, a "Live CD" operating system which relies on Tor for all communication, does something like this at the OS level: If the media you are running Tails from is removed, the OS immediately writes over itself in RAM and shuts the system down.
Still capable of being worked around, but looking into that may help identify how to best implement a dead man's switch.
To me a simple 'device proximity' check described in the article would not work if an adversary forced you to remain near the computer.
A 'vigilance control' device would work as intended in these cases - a message is issued to the user (possibly via covert means), and failure to respond locks the device:
Dual Core (nerdcore rapper) wrote a bunch of anti-forensics scripts a couple of years ago, some quite kooky, which he presented at DerbyCon. Talk is worth watching [1], and the code [2].
A bit different but I've considered releasing all of the stuff i own, certain accounts etc. into the public (or into the hands of some trustee) after i die + some specific period of time. I would need to automate everything i have and that task is daunting for something I wouldn't even get to enjoy.
It's kind of pointless. If the police have already identified you as a target, there are too many other tactics they can use. For example, they could just set up a hidden camera that records you when you are using your PC.
Using dm-crypt/LUKS, there's a very fast and total wipe to execute when sensors fail.
Let's assume that /dev/sdb1 is the LUKS volume. First backup the LUKS header: "cryptsetup -v luksHeaderBackup --header-backup-file=/tmp/LUKS-header /dev/sdb1". Then encrypt (gpg -c) the LUKS-header, and anonymously stash a few copies online. This is the weak point. You must remember where at least one of them is, and also remember the passphrase.
I was thinking of a voice-activated command that locks the UI while it nukes everything. But while this is happening, it keeps a safe image of the desktop up with basic mouse functionality, so the user doesn't know it is doing anything for a little while.
Of course, I have no use for such a thing, so I would never waste my time implementing it...
I thought about this too when I read about how the FBI seized Ulbricht's laptop. I decided that a simple string isn't sufficient. You want the loop to be either a conductor or fiber optic, so that the system can detect when the cord is cut (not just when a USB device is pulled out).
How about a lanyard that has a magnetic connector (like Apple charging ports). So it just a small amount of force to disconnect, but easy to stick back together if you forget it was there when you got up to visit the rest room.
Another thought, what about a little coin-sized watch battery device that does bluetooth low-energy. Press a button it locks your computer (or triple click wipes something, etc).
I like the idea of having a separate decryption device. OS reads encrypted data from hard disk, sends it over an encrypted link to your cell phone, which partially decrypts the data block (using one pass phrase), and sends it back over the encrypted link to the laptop. OS driver then finishes decrypting that block using a second key before passing it to your program. Writing back data just requires a public key, so write operations don't have to go to your cell phone. The idea is that your drive would never be fully unlocked, and the computer wouldn't ever have the full decryption key on it (neither would your phone).
Add in the always-on voice recognition that some Android phones have, and have the key wipe itself as soon as it hears "Freeze... FBI".
What you want is an RFID keyfob/detector. There used to be a writeup on a homebrew version of this at http://hackaday.com/2013/09/07/hidden-rfid-reader-locks-work... -- but the link that article references is rotten now. A sufficiently motivated person should be able to dig up instructions somewhere.
A few years ago there were companies that did this for most operating systems, and fairly inexpensively too, but I'm having trouble finding them now.
This might work once, for somebody. Then law enforcement would understand what it is for, what it does, and cut the lanyard/string instead of removing the usb stick before apprehending the device.
Independent of, and in addition to, other locking schemes, how about an active process that monitors for either high acceleration (the laptop being moved) or noise above a certain threshhold?
I remember writing a script at some point to lock the screensaver in case of high acceleration or if the laptop is tilting by more than a few degrees. The idea was to lock it if was snatched (or just moved around).
However, that would only be effective against a petty thief and not against a forensic team. In that case you'd probable want to additionally flush the filesystems (if you care about data integrity in case of a false positive), overwrite the encryption keys in memory (maybe on disk as well, but then there's no coming back without a backup) and shut down. I wonder if the init scripts prompting for the password, cryptsetup and the LUKS subsystem have been designed to always overwrite copies of the entered password and decrypted keys ASAP.
While a dead man failsafe is a good idea - facial recognition would be my preference for situations like that described in court, the bigger issue is compartmentalization. Whole disk encryption sounds good, but the flip side is whole disk decryption and that doesn't sound so good and didn't work out well when it mattered.
Based on the testimony everything was encoded from the same one time pad so to speak. That kinda' misses the point of one time pads.
Anyway enough thinking like a criminal or a spy for one day.
> If the the computer loses connection to the device, it auto-locks.
If there are any Apple product developers listening, I'll definitely buy the next iPhone if part of its feature set is that as long as the phone is on and in my pocket, I never have to type in a password to unlock my computer(s). It would be even better if that feature was extended to developers so any developer could use the fact that my phone is in close proximity to my computer as grounds for successful authentication.
I remember reading about that if HDD can be put in a magnetic field, it will be destroyed. If my door/passage can be set to generate magnetic field enough to destroy HDD, then as soon as authorities take out the computer out of your home, the HDD will be destroyed.
You probably read about it in Cryptonomicon (I know that's where I read about it), but I don't know if Stephenson made it up or not.
As to practically It seems quite unfeasible. First of all since magnetic forces fall off according to the inverse square law, you're going to need a seriously large magnet to for it work at say 1 meters distance or so. You're basically going to have seriously retrofit your entire house, and it's going to be very hard to hide. Secondly and more importantly even the most powerful commercial hard drive degaussers require that the drive be in contact with the magnet for up to 10 seconds to guarantee that all the data is erased, so someone just walking through a door isn't going to be in the field for anywhere near enough time.
As a student, I visited the High Field Laboratory in Dresden (Germany). They have one of the stongest magnets in the world, I think it was 80-100 Tesla, and supposedly stronger than a similar one in Los Alamos (although the one in Dresden could only be powered up once, and would vaporize immediately). The whole setup was surrounded by ~3m thick concrete walls.
And right next to the magnetic coil, behind a small blast shield, was an old PC... an early 90s beige box looking like a 486 or early pentium, controlling some measurement equipment.
We asked how that worked, and whether there are any problems with "EMP" with the hardware or the hard disk. The answer was, no, the PC works fine. But you have to be extremely careful not to leave any screws or screwdrivers around, because "above xxx T/m field gradient, iron starts to fly", as evidenced by lots of scratches on the concrete.
That's also part of the fiction book "Cryptonomicon" by Neal Stephenson.
Looking at conventional hard drives we see pretty strong magnets a few CM away from the platters so you'd need something freaking huge to wipe the drives passing theough a doorway.
I believe there was a post just yesterday for a piece of software that would lock and unlock your machine based on proximity to your phone through bluetooth.
I don't know if I'm missing something here...
but what's wrong with running your laptop directly off the mains without a battery and unplugging the cord if necessary so the computer shuts down?
Everyone has their own unique heartbeat signature. What we need is a way to hear that heartbeat, and if its not the right signature: erase/destroy/etc.
I think you're on to something there. Biometrics might be the way to go here, but is difficult in implementation.
First security in layers is the best option.
1. USB HID watcher that shuts down system when plugged in. If we use a mouse, we can exclude that. But any other HID, shutdown -r now.
2. Fingerprint scanner. It's not foolproof, but does make duplicating fingerprints a pain if you dont cooperate. And jailcells usually have concrete. No more fingerprints :)
3. Most laptops have webcams built in. I'm looking in OpenCV FaceRecognizer class to see how it works, and if it's viable for fingerprinting a user. We could also do other checks, like 3d facial recognition over multiple video frames.
4. We could also potentially use the accelerometer built in laptops. When others have made a sshd knock script, we could provide a knock script to the physical device.
5. Lock on ac power removal. Simple and effective, unless the enemy has AC separation tools.
There's a few ideas. And of course, mix in live filesystems in ram, or virtualbox funniness, and you're in business.
[+] [-] ryan-c|11 years ago|reply
[+] [-] sneak|11 years ago|reply
[+] [-] kator|11 years ago|reply
[+] [-] icebraining|11 years ago|reply
[+] [-] Plough_Jogger|11 years ago|reply
[+] [-] bigbugbag|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] kitd|11 years ago|reply
[+] [-] falcolas|11 years ago|reply
Still capable of being worked around, but looking into that may help identify how to best implement a dead man's switch.
[+] [-] wongm|11 years ago|reply
A 'vigilance control' device would work as intended in these cases - a message is issued to the user (possibly via covert means), and failure to respond locks the device:
http://en.wikipedia.org/wiki/Dead_man%27s_switch#Vigilance_c...
[+] [-] vezzy-fnord|11 years ago|reply
[1] https://www.youtube.com/watch?v=i3nLrJrkYOc
[2] https://github.com/int0x80/anti-forensics
[+] [-] robotkilla|11 years ago|reply
[+] [-] fsk|11 years ago|reply
[+] [-] IkmoIkmo|11 years ago|reply
Sure over time their methods will evolve but ask Ross if he'd rather have had a DMS or not. It'd be unequivocally yes.
If your point is 'if you're a big enough target, you're pretty much fucked whatever you do given enough time' then yes that's probably true, too.
[+] [-] sarciszewski|11 years ago|reply
https://github.com/defuse/swatd
[+] [-] mirimir|11 years ago|reply
Let's assume that /dev/sdb1 is the LUKS volume. First backup the LUKS header: "cryptsetup -v luksHeaderBackup --header-backup-file=/tmp/LUKS-header /dev/sdb1". Then encrypt (gpg -c) the LUKS-header, and anonymously stash a few copies online. This is the weak point. You must remember where at least one of them is, and also remember the passphrase.
When sensors fail, swatd runs "head -c 1052672 /dev/urandom > /dev/sdb1; sync; shutdown -P now".
To recover, you would just boot into initramfs, restore the LUKS header, and reboot.
[+] [-] Retra|11 years ago|reply
Of course, I have no use for such a thing, so I would never waste my time implementing it...
[+] [-] mayoff|11 years ago|reply
[+] [-] jasonl99|11 years ago|reply
Another thought, what about a little coin-sized watch battery device that does bluetooth low-energy. Press a button it locks your computer (or triple click wipes something, etc).
[+] [-] derekp7|11 years ago|reply
Add in the always-on voice recognition that some Android phones have, and have the key wipe itself as soon as it hears "Freeze... FBI".
[+] [-] grimman|11 years ago|reply
[+] [-] thaumaturgy|11 years ago|reply
A few years ago there were companies that did this for most operating systems, and fairly inexpensively too, but I'm having trouble finding them now.
[+] [-] literalusername|11 years ago|reply
https://github.com/kristoffer-marshall/XScreensaver-RFID-Unl...
Anyone who may be logged on to multiple TTYs should prefer `vlock -an` over `xscreensaver-command --lock`.
[+] [-] bigbugbag|11 years ago|reply
[+] [-] mixologic|11 years ago|reply
[+] [-] hayksaakian|11 years ago|reply
Less conspicuous, and no strings to cut.
[+] [-] ipsin|11 years ago|reply
[+] [-] lgeek|11 years ago|reply
However, that would only be effective against a petty thief and not against a forensic team. In that case you'd probable want to additionally flush the filesystems (if you care about data integrity in case of a false positive), overwrite the encryption keys in memory (maybe on disk as well, but then there's no coming back without a backup) and shut down. I wonder if the init scripts prompting for the password, cryptsetup and the LUKS subsystem have been designed to always overwrite copies of the entered password and decrypted keys ASAP.
[+] [-] dougb|11 years ago|reply
[+] [-] brudgers|11 years ago|reply
Based on the testimony everything was encoded from the same one time pad so to speak. That kinda' misses the point of one time pads.
Anyway enough thinking like a criminal or a spy for one day.
[+] [-] tomphoolery|11 years ago|reply
If there are any Apple product developers listening, I'll definitely buy the next iPhone if part of its feature set is that as long as the phone is on and in my pocket, I never have to type in a password to unlock my computer(s). It would be even better if that feature was extended to developers so any developer could use the fact that my phone is in close proximity to my computer as grounds for successful authentication.
[+] [-] bentcorner|11 years ago|reply
[+] [-] avinassh|11 years ago|reply
But I have no idea how practical is this.
[+] [-] dagw|11 years ago|reply
As to practically It seems quite unfeasible. First of all since magnetic forces fall off according to the inverse square law, you're going to need a seriously large magnet to for it work at say 1 meters distance or so. You're basically going to have seriously retrofit your entire house, and it's going to be very hard to hide. Secondly and more importantly even the most powerful commercial hard drive degaussers require that the drive be in contact with the magnet for up to 10 seconds to guarantee that all the data is erased, so someone just walking through a door isn't going to be in the field for anywhere near enough time.
[+] [-] mark_integerdsv|11 years ago|reply
...but that basic idea did give me another one: electromagnets on a separate circuit inside the drive enclosure or laptop body.
Fail to pass a security check on schedule and the circuit is engaged, destroying the HDD.
I'm no hardware wizz although I did make a motor out of a nail and copper wire once.
[+] [-] captainmuon|11 years ago|reply
And right next to the magnetic coil, behind a small blast shield, was an old PC... an early 90s beige box looking like a 486 or early pentium, controlling some measurement equipment.
We asked how that worked, and whether there are any problems with "EMP" with the hardware or the hard disk. The answer was, no, the PC works fine. But you have to be extremely careful not to leave any screws or screwdrivers around, because "above xxx T/m field gradient, iron starts to fly", as evidenced by lots of scratches on the concrete.
[+] [-] DanBC|11 years ago|reply
Looking at conventional hard drives we see pretty strong magnets a few CM away from the platters so you'd need something freaking huge to wipe the drives passing theough a doorway.
[+] [-] grimman|11 years ago|reply
[+] [-] poopsintub|11 years ago|reply
[+] [-] lurkinggrue|11 years ago|reply
[+] [-] rndmize|11 years ago|reply
Found it: https://news.ycombinator.com/item?id=8917992
[+] [-] thaumaturgy|11 years ago|reply
[+] [-] Jekyll|11 years ago|reply
[+] [-] Pwntastic|11 years ago|reply
edit: i found it:
http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/
[+] [-] kyleknighted|11 years ago|reply
[+] [-] fit2rule|11 years ago|reply
[+] [-] kefka|11 years ago|reply
First security in layers is the best option.
1. USB HID watcher that shuts down system when plugged in. If we use a mouse, we can exclude that. But any other HID, shutdown -r now.
2. Fingerprint scanner. It's not foolproof, but does make duplicating fingerprints a pain if you dont cooperate. And jailcells usually have concrete. No more fingerprints :)
3. Most laptops have webcams built in. I'm looking in OpenCV FaceRecognizer class to see how it works, and if it's viable for fingerprinting a user. We could also do other checks, like 3d facial recognition over multiple video frames.
4. We could also potentially use the accelerometer built in laptops. When others have made a sshd knock script, we could provide a knock script to the physical device.
5. Lock on ac power removal. Simple and effective, unless the enemy has AC separation tools.
There's a few ideas. And of course, mix in live filesystems in ram, or virtualbox funniness, and you're in business.