LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-30-2009, 06:22 PM   #1
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Rep: Reputation: 16
Question Kill Switch for encrypted data? Safety first.


Say I have a hard drive with encrypted data and someone is forcing me to give them my enc-key, is it possible to have the comp wipe the data if it receives a particular key or wrong key?

I'm just thinking in terms of complete data safety. The strength of my security comes down to my ability to resist interrogation or scientists ability to build a usable quantum computer.

I basically need to know if there is a way to build in a 'kill switch' that will securely wipe the data given a certain key.
 
Old 03-30-2009, 06:25 PM   #2
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
If in doubt, wipe it out!
 
Old 03-30-2009, 06:40 PM   #3
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
Just thinking about it, there is obviously no way you can have two encryption keys for the same encrypted data. But perhaps there is a way to get it to self destruct after a wrong key is used? I imagine that this would require a binary program such as dd to lie outside of the encrypted data which would then do the job for you. Has anyone done this?
 
Old 03-30-2009, 06:46 PM   #4
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.16.2
Posts: 1,565
Blog Entries: 13

Rep: Reputation: 178Reputation: 178
Well, I don't see why not. My LUKS partition is unlocked with a password given by the initrd. Assuming no one looks closely at the initrd and is eager to unlock the partition, the "LUKS prompt" could actually be a prompt that either uses LUKS to unlock the partition or uses dd to wipe the partition. Seems like a dangerous thing to test, have to make a VM...

You could make it harder to detect by having an engineered cryptsetup shell modified to run the real cryptsetup (renamed something else harmless looking, or dd. Best yet would be to modify the source...

An alternative would to use "plausible deniability" with Truecrypt or steganography.
 
Old 03-30-2009, 07:03 PM   #5
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
Thanks for the lead on 'plausible deniability' - it looks pretty good.

The only problem I see (and it is a huge problem) with having a decrypted program like a disguised dd command destroy the data is that anyone with brains would be using a cloned copy of the encrypted data anyway - thereby nullifying my ability to destroy the data in that manner.

Basically, unless I can somehow set up the encryption to accept a 'self-destruct' key, my method will never be worth it. I know there are some USB keys that you can buy that 'self-destruct' when you enter in a wrong key, but I think there is a physical mechanism in the hardware that does that.
 
Old 03-31-2009, 02:55 PM   #6
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I don't think it would ever come to that. But truecrypt is the most plausible option.

I was thinking to make a program to do it or a special login account, but they wouldn't be so stupid as to not analyze the archive before even starting the interrogation, or confiscate the HDD and use forensics on it right away to grab everything thus bypassing programs or special logins.

Truecrypt is the way to go.
 
Old 03-31-2009, 03:32 PM   #7
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by socceroos View Post
Thanks for the lead on 'plausible deniability' - it looks pretty good.

The only problem I see (and it is a huge problem) with having a decrypted program like a disguised dd command destroy the data is that anyone with brains would be using a cloned copy of the encrypted data anyway - thereby nullifying my ability to destroy the data in that manner.

Basically, unless I can somehow set up the encryption to accept a 'self-destruct' key, my method will never be worth it. I know there are some USB keys that you can buy that 'self-destruct' when you enter in a wrong key, but I think there is a physical mechanism in the hardware that does that.
Like you said-- the problem with a 'self-destruct' mechanism for the encrypted data is the same no matter what unless there is a physical component-- no competent security person is going to be working on a live copy of the data. Even if there is a physical component whats to stop the from removing the storage medium from the device and duplicating the data? They're going to be working on a copy even in the case of physical methods... so they enter the 'destruct' key into the copy and it destructs, now they come back and using your example of resisting torture, start breaking your fingers one joint at a time. How long till you give them the real key?

In the end, security is only as good as the weakest link. You are the weakest link in that example.
 
Old 03-31-2009, 05:46 PM   #8
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
rweaver, good points.

I guess the 'best' method is to be able to physically burn my HDDs before anyone gets to them.
 
Old 03-31-2009, 09:33 PM   #9
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
The best method is to use a powerful electromagnet on the drive.

http://4crito.com/msgbrd/pics/30secwipe.jpg
And it's a lot faster than dd'ing a terabyte too. You should be able to finish wiping everything before the Gestapo even gets through the front door. Rotweillers and Pit Bulls help also.

Last edited by Crito; 03-31-2009 at 10:02 PM.
 
Old 03-31-2009, 10:59 PM   #10
wsduvall
Member
 
Registered: Aug 2006
Posts: 92

Rep: Reputation: 16
You could hide a huge electromagnet in your door frame, and thus if anybody tried to removed your drive, they would fry it. Maybe put a hidden switch somewhere...
 
Old 03-31-2009, 11:42 PM   #11
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
Lol, thanks guys. Good points....

Perhaps even putting your HDD in a microwave would work?

Last edited by socceroos; 03-31-2009 at 11:57 PM.
 
Old 04-01-2009, 12:32 AM   #12
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
I've done some more research and it appears that trying to run a big electromagnet over it will not do the job well enough.

Even the commercial products are all limited in their ability to fully wipe a hard drive (read an NSA brief on it).

It would take an incredibly massive magnet with properly randomised fielding to securely kill a HDD.

On the other hand, it seems that a neat method is to put a brick of thermite over your HDD and have a little mechanism to set it off. Apparently a thin layer of nitro with a ribbon of magnesium is an effective way to light the thermite.

Here is a good thread on the topic: http://www.roguesci.org/theforum/showthread.php?t=4355
 
Old 04-01-2009, 05:49 AM   #13
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Your research is bad and the NSA lies.
 
Old 04-01-2009, 05:51 AM   #14
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Unless, of course, the little electromagnetic drive head doesn't actually do anything. But who ya gonna believe? Your eyes? Your brain? The guys who make hard drives? Or the government? LOL

Last edited by Crito; 04-01-2009 at 05:54 AM.
 
Old 04-01-2009, 06:01 AM   #15
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
And fire won't destroy a hard drive. It's a good idea for optical media, however.
 
  


Reply

Tags
data, kill, switch


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless gone after kill switch touched stash1071 Linux - Wireless Networking 3 08-12-2008 08:55 PM
enable the RF kill switch for ipw2200 Asuran Mandriva 9 11-28-2007 09:54 AM
Problem with Radio Kill Switch ppr:kut Linux - Wireless Networking 0 03-06-2007 03:08 AM
Retrieving encrypted data fof3 Linux - Newbie 2 09-12-2006 09:56 AM
writing encrypted data to disk rblampain Linux - Security 14 08-01-2005 12:38 AM


All times are GMT -5. The time now is 04:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration