LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-06-2014, 05:08 PM   #1
Willard
LQ Newbie
 
Registered: Nov 2009
Posts: 17

Rep: Reputation: 0
Lightweight solutions to deterring an opportunistic laptop thief?


Greetings.

I want to protect the data I store on the drive from an opportunistic thief who snatches my laptop and wants to snoop around for data he can exploit.

The ideal solution, naturally, is to TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop.

However, I find that my laptop performs poorly. My laptop is an Asus eee 1015PEM, with 2GB RAM and a Intel® Atom™ N550 (Dual Core; 1.5GHz) Processor. The N550 does not have the AES instruction set extension, and is slow already.

I am about to install an SSD into my laptop, and I am concerned that encrypting the SSD will kill the performance gain that an SSD would otherwise offer to my laptop (I have asked around on Tom's Hardware a few times after an extensive research on TrueCrypt-ing an SSD, and got no convincing answer of the contrary).

I am also thinking that encrypting the drive is overkill for my purposes; I am not protecting my files from the NSA, after all. I want to deter the thief from popping the drive in an external hard drive case and explore partitions, or to try to break the disk encryption. I am thinking the best way to do that is to give the illusion that the thief has full access to everything from the get-go.

I am thinking something along the following lines: If a certain keyboard (combination) is NOT held down as the computer is booting, the computer will boot into a decoy operating system (Windows 7 Starter). If the key (combination) is held down as the computer is booting, the boot menu appears, where you can choose what operating system to boot (for instance, your favourite Linux distribution).

It would be really nice if the above could be realized using only one partition; if both the decoy OS and the real OS use a file system which does not fill the partition with null bytes when the file system is created, then, theoretically, the decoy OS and the real OS could reside on the same partition, at opposite "ends" of the partition (if one OS would fill its partition, then it would overwrite the other OS in that case).

A much simpler, but less convincing solution along these same lines: Your favorite Linux distribution starts up, with a single graphical "log in" button. If pressed, the file system on /home is deleted, recreated, a bogus passwordless user is created, and the thief is logged into a desktop as that user. This can be bypassed with a keyboard combination.

Do any of you know about an existing solution which works along these lines? (Does a combination of the TrueCrypt tools achieve this effect?)

Kind regards,
Willard.
 
Old 01-06-2014, 07:43 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Physical access means it's out of your control. So there is no way you can deter a person from doing anything. Creating illusions is the domain of "security by obscurity". Which isn't providing or enhancing security at all. Sure the illusion may hold at first glance but a 250 GiB SSD with an actual OS partition size of 10 GiB isn't going to fool any ten year old kid. How about a scheme where you force unlocking disk encryption using a key on an USB stick? That way the encrypted medium and the key are separate entities and worthless without the other.
 
Old 01-06-2014, 09:32 PM   #3
metaschima
Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 934

Rep: Reputation: Disabled
Encrypt what is important, and use a K-lock:
http://en.wikipedia.org/wiki/K-Lock
 
Old 01-07-2014, 07:44 AM   #4
Willard
LQ Newbie
 
Registered: Nov 2009
Posts: 17

Original Poster
Rep: Reputation: 0
Thank you for your replies unSpawn and metaschima.

***

Quote:
Originally Posted by unSpawn View Post
Physical access means it's out of your control. So there is no way you can deter a person from doing anything. Creating illusions is the domain of "security by obscurity". Which isn't providing or enhancing security at all.
I am aware that what I am asking for does not guarantee anything, and that I cannot prevent anyone with physical access to explore the raw data on the drive. Maybe "deter" was not the right word to use here. But as I wrote:
Quote:
Originally Posted by Willard View Post
I want to [fool] the thief from popping the drive in an external hard drive case and explore partitions, or to try to break the disk encryption. I am thinking the [most lightweight] way to do that is to give the illusion that the thief has full access to everything from the get-go.
***

Quote:
Originally Posted by unSpawn View Post
Sure the illusion may hold at first glance but a 250 GiB SSD with an actual OS partition size of 10 GiB isn't going to fool any ten year old kid.
To which I refer to:
Quote:
Originally Posted by Willard View Post
It would be really nice if the above could be realized using only one partition; if both the decoy OS and the real OS use a file system which does not fill the partition with null bytes when the file system is created, then, theoretically, the decoy OS and the real OS could reside on the same partition, at opposite "ends" of the partition (if one OS would fill its partition, then it would overwrite the other OS in that case).

A much simpler, but less convincing solution along these same lines: Your favorite Linux distribution starts up, with a single graphical "log in" button. If pressed, the file system on /home is deleted, recreated, a bogus passwordless user is created, and the thief is logged into a desktop as that user. This can be bypassed with a keyboard combination.
In these ideas, the scenario you describe would never arise; the decoy OS always has the whole drive at its disposal.

Say you steal a laptop, boot it, Windows starts up, there is one partition for the whole drive, and there are normal files laying around indicating normal use. It looks like you have full access to everything. Would you dd the drive and start exploring the raw data from the drive for deleted, or hidden, files? Why? You would have to have the competence (which would probably mean that you can earn a living in other ways than stealing laptops), and you would have to either be looking for something (if you don't know me, and don't know what files I have, you don't know what to look for), or be immensely curious/paranoid to spend time and effort on this. From what I have read about laptop thefts, I don't think many thieves are.

***

Quote:
Originally Posted by unSpawn View Post
How about a scheme where you force unlocking disk encryption using a key on an USB stick? That way the encrypted medium and the key are separate entities and worthless without the other.
To which I refer to
Quote:
Originally Posted by Willard View Post
The ideal solution, naturally, is to TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop. However, I find that my laptop performs poorly. The [processor] does not have the AES instruction set extension, and is slow already.
***

Quote:
Originally Posted by metaschima View Post
Encrypt what is important
To which I refer to
Quote:
Originally Posted by Willard View Post
[...]TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop. However, I find that my laptop performs poorly. The [processor] does not have the AES instruction set extension, and is slow already.
But perhaps encrypting /home is less burdensome for my system than encrypting / ? Do you know anything about average disk activity in a Linux installation these days? Does the OS spend most of its time manipulating files in /home, or in /tmp, /etc and other places?

***

Quote:
Originally Posted by metaschima View Post
My model does not have a Kensington lock hole in the chassis, and this approach won't work if my laptop is in a bag, and my bag is stolen (I travel a lot). :-/
 
Old 01-07-2014, 11:00 AM   #5
metaschima
Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 934

Rep: Reputation: Disabled
I would encrypt just /home if that's where you store your important files. Or maybe create a separate partition just for important files and encrypt that.

If you use a swap partition you should encrypt it as well, because anything swapped to it is vulnerable.

Depending on what programs you use /tmp may also need to be encrypted in case temporary files leak sensitive info. This isn't always necessary.

I'm quite positive that your netbook has a K-lock, I can see it in the image right next to the ethernet port:
http://www.asus.com/Notebooks_Ultrab...15PEM/#gallery

And I have a similar model, the PN model.

You could always handcuff the case to your wrist

Last edited by metaschima; 01-07-2014 at 11:07 AM.
 
Old 01-07-2014, 03:30 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Quote:
Originally Posted by Willard View Post
From what I have read about laptop thefts, I don't think many thieves are.
It's only natural to try and come up with scenarios in which whatever measures you propose will hold up. (BTW there's no way two disparate Operating Systems will happily share one partition). Personally I wouldn't waste energy and time on obfuscation but rather rely on what works.


Quote:
Originally Posted by Willard View Post
But perhaps encrypting /home is less burdensome for my system than encrypting ?
That's a trade-off you can estimate the risks of for yourself: what's the nfo you expose outside of home worth? (/tmp if not SHM, cached data in /var, swap, /etc, etc.)


Quote:
Originally Posted by Willard View Post
Do you know anything about average disk activity in a Linux installation these days?
No but it would be quite easy to measure.


Quote:
Originally Posted by Willard View Post
Does the OS spend most of its time manipulating files in /home, or in /tmp, /etc and other places?
That kind of depends on what you're running and what you're running it for.
 
Old 01-08-2014, 02:05 PM   #7
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,237

Rep: Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071
I bought a very nice locking cable that fits into the security hole on my laptop, and I always attach it, even when I am just stepping away from my laptop for a few seconds in a friendly coffee-shop. (I loop the cable through the carrying handles of the bag, too.)

When I am working with my computer in some external place, "that's simply what I always do." I plug in the power, and then I attach the security cable, looping it around the table leg. I smile pleasantly at the occasional people who notice, and most of them say that they're going to get one too.

It certainly is a "lightweight solution" to the problem of an "opportunistic laptop thief." Remove the opportunity!
 
Old 01-08-2014, 03:01 PM   #8
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: infinity; (randomly born:) Milwaukee, WI, US, Earth
Distribution: any UNIXish that works well on my cheapest with mostly KDE, Xfce, JWM or CLI but open ;-)
Posts: 1,331
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
I haven't read all here so sorry but hope these helps:
http://forums.debian.net/viewtopic.php?f=30&t=76350
http://www.linuxplanet.com/linuxplanet/tutorials/6744/1
http://youtu.be/U4oB28ksiIo
http://lwn.net/Articles/450221/
http://forums.linuxmint.com/viewtopic.php?f=47&t=74111
http://www.linuxquestions.org/questi...archid=6110194
could also set up cron in some way to email ip?
 
Old 01-08-2014, 09:41 PM   #9
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,800
Blog Entries: 15

Rep: Reputation: 731Reputation: 731Reputation: 731Reputation: 731Reputation: 731Reputation: 731Reputation: 731
If you have a webcam, you could also institute a VNC client running in the background to send a continuous video feed to a server. Might be a good move to see who stole your laptop.

You should also password the BIOS/CMOS/UEFI as well as the hard drives to prevent tampering.
 
1 members found this post helpful.
Old 01-09-2014, 07:52 AM   #10
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,237

Rep: Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071
Heh.

"Well, I kept my barn completely unlocked and walked away from it ... but now I have this very nice video of who stole my horse."

Bottom Line: somebody stole your horse, and you're never going to get it back.

As with the legendary story of the "pizza-delivery cat burglar," most crimes involving computers are crimes of opportunity. People troll through millions of computers automatically, looking for unprotected computers to mess with. They walk through coffee shops and public places also looking "merely" for opportunity. If they "try the door and find it locked," even if it's locked with a paper-clip, they'll move on to easier pickin's. Likewise, the simplest device that fastens down your laptop, such that no one can walk-away with it without attracting attention, will keep it safe. Burglars don't carry incriminating "burglar tools."
 
  


Reply

Tags
cryptography, privacy, truecrypt


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptop stolen, thief using it and I know his ip. I need advice xmrkite Linux - Security 7 07-08-2013 03:27 PM
LXer: Thief open-sources Richard Stallman's laptop, passport, visa LXer Syndicated Linux News 0 06-12-2012 11:40 AM
need a lightweight distro for my laptop r00tb33r Linux - Laptop and Netbook 7 09-18-2007 10:33 AM
lightweight linux for old laptop allelopath Linux - Laptop and Netbook 9 04-24-2006 07:51 AM
samba opportunistic locks vmejia77 Linux - Networking 0 03-30-2004 05:57 PM


All times are GMT -5. The time now is 09:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration