| 1 |
Nelson, |
| 2 |
|
| 3 |
Ok, I understand, thanks for clarifying. |
| 4 |
So we can narrow down all those scenarios to one type of attack: theft by |
| 5 |
third part (or yourself). |
| 6 |
|
| 7 |
It does not protect more the user while he uses it nor from potential |
| 8 |
"after-use" trails. Either you lose the livecd along with your identity (or |
| 9 |
data that leads to your identity) and you get caught or while using the |
| 10 |
software you get caught (like your TOR connections have been detected). |
| 11 |
The only purpose and advantage encryption would have is to obfuscate some |
| 12 |
passwords like in the firefox example you gave. |
| 13 |
|
| 14 |
Now, from a legal point of view, being caught with an encrypted material |
| 15 |
whether livecd or not in major countries (UK,GER,FR,US,china) requires from |
| 16 |
you the decryption key (us patriot act, uk RIP act, etc) or else you can |
| 17 |
straight take up to few years in some cases without much chance of having of |
| 18 |
good defense (china=torture?). So in 95% of cases you end up giving away |
| 19 |
your key to prove that you are not a spy from whatever organisation and that |
| 20 |
at least you hadn't that bad intention with your encrypted software. And you |
| 21 |
do handle the key in the objective of lowering the sentence you get for |
| 22 |
being caught in the first place. |
| 23 |
|
| 24 |
I think that encryption has nothing to do with hiding. In the contrary, it |
| 25 |
is like a big flag standing saying "hey look at me I got something to hide, |
| 26 |
come and get me!". It is just obfuscating technology. |
| 27 |
|
| 28 |
The real solution to your problem would be to use a steganographic layer ( |
| 29 |
http://en.wikipedia.org/wiki/Steganography ) . Not for the whole squashfs |
| 30 |
but only for a single file (whatever the size) inside a clear livecd. Note |
| 31 |
that 20% of the size of that file is really containing data, you do not want |
| 32 |
to push too much (50%) or we get data loss (blocks from different containers |
| 33 |
overwriting them) in an exponentially manner. |
| 34 |
|
| 35 |
You want to be able to *deny* that you are in possession of such material. |
| 36 |
Go from the basis that if you get caught you will *have to* handle your key |
| 37 |
away. That is real practice because you can get 5 times more being secretive |
| 38 |
than actual real sentence against the data you want to hide. |
| 39 |
A steganographic FS will allow you when being caught with your livecd of |
| 40 |
saying first: "it is a clear livecd!" Sounds idiotic but believe me, it is |
| 41 |
the best start for the official police questioning. Then in the worst case |
| 42 |
scenario, they find your single encrypted file and ask you for the key which |
| 43 |
you will provide one of the many different you have set up (properties of a |
| 44 |
steganographic FS), which will decrypt a part of that encrypted file, |
| 45 |
discovering data that will not incriminate you so far for just having a |
| 46 |
picture of your dog. |
| 47 |
Charges are dropped, you justify your secretive attitude as being respectful |
| 48 |
of your privacy rights and next morning you wake up in your bed! |
| 49 |
|
| 50 |
Because I want to be fair, I think having an encryption layer is great for |
| 51 |
catalyst, but when related to the specific purpose you described you would |
| 52 |
better at least give a try to a steganographic FS if you really fear the |
| 53 |
sentence you can get for the data you are hiding. |
| 54 |
|
| 55 |
You will not find much (I mean actual real software) besides some |
| 56 |
linux-2.2tweak over ext2 "proof-of-concept" (10years old not stable |
| 57 |
unreliable) and |
| 58 |
an update by some chinese with 2.4 but the whole is mainly broken and I |
| 59 |
guess somehow a little taboo, the projects seems dead, no main other |
| 60 |
projects have been replaced. |
| 61 |
|
| 62 |
You can try an implementation I have worked on few years ago. It does |
| 63 |
everything that I have described (in a non friendly C hardcore way) so far |
| 64 |
and is called denyfs. |
| 65 |
|
| 66 |
It is not a driver, and can be started in userland if the correct losetup |
| 67 |
and cryptsetup have been done. |
| 68 |
|
| 69 |
http://www.openchill.org/2005/06/denyfs_a_steganographic_file_s.php#more |
| 70 |
|
| 71 |
have a look there, it is not fully stable, requires manual compilation and |
| 72 |
configuration though it does the job (I made a quick GUI in gtk if you |
| 73 |
provide the gtk USE flag). Follow the howto to get a grip on it. And |
| 74 |
remember if you want to retrieve with a 90% probability your data as you |
| 75 |
have put them in the box, do not exceed 15-20% of the total size of the |
| 76 |
file! And even do not be surprised when it happens. |
| 77 |
|
| 78 |
Steganography is a concept that aims at small and *static* file system. Do |
| 79 |
not even think about putting an OS(where files are dynamically arranged |
| 80 |
again and again) inside a steganographic FS, it is as of the concepts and |
| 81 |
mathematics we have simply impossible. |
| 82 |
|
| 83 |
I didn't realized I wrote so much, I'm just passioned by this topic because |
| 84 |
of past experiences moving from one country to another. I am currently |
| 85 |
developing a Portage based GNU/Linux natively encrypted OS and I'm about to |
| 86 |
re open DenyFS inside that distribution by stabilizing it, hence my reason |
| 87 |
for being so communicative. |
| 88 |
|
| 89 |
Thanks for reading |
| 90 |
|
| 91 |
erick |
| 92 |
|
| 93 |
On 7/1/07, Nelson Batalha <nelson_batalha@××××.pt> wrote: |
| 94 |
> |
| 95 |
> Hi Erick, |
| 96 |
> |
| 97 |
> There are many uses for this! |
| 98 |
> |
| 99 |
> They mainly come from the fact that now you can have sensitive information |
| 100 |
> everywhere on your cd root, and not be afraid of losing your cd, either |
| 101 |
> physically (happens to me all the time), or in the net if you don't want an |
| 102 |
> open distribution. |
| 103 |
> |
| 104 |
> -Read on for examples: |
| 105 |
> |
| 106 |
> 1) If you're in a country like China and you can't have applications like |
| 107 |
> Tor on your desktop (suspicious), you can just make a livecd and try to |
| 108 |
> disguise it as something else by filling the filesystem. Also it's portable |
| 109 |
> and replicable. You could also encrypt your hard drive, but this way you |
| 110 |
> don't have to worry if they take it for testing. Specially if using luks on |
| 111 |
> the desktop (no plausible deniability). It's also much easier to hide a |
| 112 |
> mini-cd/dvd physically. |
| 113 |
> |
| 114 |
> 2) Also for instance, I'm going away next semester and I won't be taking a |
| 115 |
> laptop. However I would like to use gentoo, my favourite programs and have |
| 116 |
> my passwords stored in them (like Firefox), and transport some personal |
| 117 |
> and/or sensitive files. (only option is put those files in an encrypted |
| 118 |
> container and extract them on *every* boot). |
| 119 |
> |
| 120 |
> 3) If you're creating some official livecd and would like to test it with |
| 121 |
> some group, but for security reasons you prefered if nobody else tested it. |
| 122 |
> |
| 123 |
> 4) In general companies/organizations can create a easily updatable |
| 124 |
> portable working environment and mail it or publish it online. |
| 125 |
> |
| 126 |
> Etc. |
| 127 |
> |
| 128 |
> Take care, |
| 129 |
> Nelson |
| 130 |
> |
Archives