Lightweight solutions to deterring an opportunistic laptop thief?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Lightweight solutions to deterring an opportunistic laptop thief?
Greetings.
I want to protect the data I store on the drive from an opportunistic thief who snatches my laptop and wants to snoop around for data he can exploit.
The ideal solution, naturally, is to TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop.
However, I find that my laptop performs poorly. My laptop is an Asus eee 1015PEM, with 2GB RAM and a Intel® Atom™ N550 (Dual Core; 1.5GHz) Processor. The N550 does not have the AES instruction set extension, and is slow already.
I am about to install an SSD into my laptop, and I am concerned that encrypting the SSD will kill the performance gain that an SSD would otherwise offer to my laptop (I have asked around on Tom's Hardware a few times after an extensive research on TrueCrypt-ing an SSD, and got no convincing answer of the contrary).
I am also thinking that encrypting the drive is overkill for my purposes; I am not protecting my files from the NSA, after all. I want to deter the thief from popping the drive in an external hard drive case and explore partitions, or to try to break the disk encryption. I am thinking the best way to do that is to give the illusion that the thief has full access to everything from the get-go.
I am thinking something along the following lines: If a certain keyboard (combination) is NOT held down as the computer is booting, the computer will boot into a decoy operating system (Windows 7 Starter). If the key (combination) is held down as the computer is booting, the boot menu appears, where you can choose what operating system to boot (for instance, your favourite Linux distribution).
It would be really nice if the above could be realized using only one partition; if both the decoy OS and the real OS use a file system which does not fill the partition with null bytes when the file system is created, then, theoretically, the decoy OS and the real OS could reside on the same partition, at opposite "ends" of the partition (if one OS would fill its partition, then it would overwrite the other OS in that case).
A much simpler, but less convincing solution along these same lines: Your favorite Linux distribution starts up, with a single graphical "log in" button. If pressed, the file system on /home is deleted, recreated, a bogus passwordless user is created, and the thief is logged into a desktop as that user. This can be bypassed with a keyboard combination.
Do any of you know about an existing solution which works along these lines? (Does a combination of the TrueCrypt tools achieve this effect?)
Physical access means it's out of your control. So there is no way you can deter a person from doing anything. Creating illusions is the domain of "security by obscurity". Which isn't providing or enhancing security at all. Sure the illusion may hold at first glance but a 250 GiB SSD with an actual OS partition size of 10 GiB isn't going to fool any ten year old kid. How about a scheme where you force unlocking disk encryption using a key on an USB stick? That way the encrypted medium and the key are separate entities and worthless without the other.
Thank you for your replies unSpawn and metaschima.
***
Quote:
Originally Posted by unSpawn
Physical access means it's out of your control. So there is no way you can deter a person from doing anything. Creating illusions is the domain of "security by obscurity". Which isn't providing or enhancing security at all.
I am aware that what I am asking for does not guarantee anything, and that I cannot prevent anyone with physical access to explore the raw data on the drive. Maybe "deter" was not the right word to use here. But as I wrote:
Quote:
Originally Posted by Willard
I want to [fool] the thief from popping the drive in an external hard drive case and explore partitions, or to try to break the disk encryption. I am thinking the [most lightweight] way to do that is to give the illusion that the thief has full access to everything from the get-go.
***
Quote:
Originally Posted by unSpawn
Sure the illusion may hold at first glance but a 250 GiB SSD with an actual OS partition size of 10 GiB isn't going to fool any ten year old kid.
To which I refer to:
Quote:
Originally Posted by Willard
It would be really nice if the above could be realized using only one partition; if both the decoy OS and the real OS use a file system which does not fill the partition with null bytes when the file system is created, then, theoretically, the decoy OS and the real OS could reside on the same partition, at opposite "ends" of the partition (if one OS would fill its partition, then it would overwrite the other OS in that case).
A much simpler, but less convincing solution along these same lines: Your favorite Linux distribution starts up, with a single graphical "log in" button. If pressed, the file system on /home is deleted, recreated, a bogus passwordless user is created, and the thief is logged into a desktop as that user. This can be bypassed with a keyboard combination.
In these ideas, the scenario you describe would never arise; the decoy OS always has the whole drive at its disposal.
Say you steal a laptop, boot it, Windows starts up, there is one partition for the whole drive, and there are normal files laying around indicating normal use. It looks like you have full access to everything. Would you dd the drive and start exploring the raw data from the drive for deleted, or hidden, files? Why? You would have to have the competence (which would probably mean that you can earn a living in other ways than stealing laptops), and you would have to either be looking for something (if you don't know me, and don't know what files I have, you don't know what to look for), or be immensely curious/paranoid to spend time and effort on this. From what I have read about laptop thefts, I don't think many thieves are.
***
Quote:
Originally Posted by unSpawn
How about a scheme where you force unlocking disk encryption using a key on an USB stick? That way the encrypted medium and the key are separate entities and worthless without the other.
To which I refer to
Quote:
Originally Posted by Willard
The ideal solution, naturally, is to TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop. However, I find that my laptop performs poorly. The [processor] does not have the AES instruction set extension, and is slow already.
***
Quote:
Originally Posted by metaschima
Encrypt what is important
To which I refer to
Quote:
Originally Posted by Willard
[...]TrueCrypt the whole drive. Indeed, this is what I am currently doing on my laptop. However, I find that my laptop performs poorly. The [processor] does not have the AES instruction set extension, and is slow already.
But perhaps encrypting /home is less burdensome for my system than encrypting / ? Do you know anything about average disk activity in a Linux installation these days? Does the OS spend most of its time manipulating files in /home, or in /tmp, /etc and other places?
My model does not have a Kensington lock hole in the chassis, and this approach won't work if my laptop is in a bag, and my bag is stolen (I travel a lot). :-/
I would encrypt just /home if that's where you store your important files. Or maybe create a separate partition just for important files and encrypt that.
If you use a swap partition you should encrypt it as well, because anything swapped to it is vulnerable.
Depending on what programs you use /tmp may also need to be encrypted in case temporary files leak sensitive info. This isn't always necessary.
From what I have read about laptop thefts, I don't think many thieves are.
It's only natural to try and come up with scenarios in which whatever measures you propose will hold up. (BTW there's no way two disparate Operating Systems will happily share one partition). Personally I wouldn't waste energy and time on obfuscation but rather rely on what works.
Quote:
Originally Posted by Willard
But perhaps encrypting /home is less burdensome for my system than encrypting ?
That's a trade-off you can estimate the risks of for yourself: what's the nfo you expose outside of home worth? (/tmp if not SHM, cached data in /var, swap, /etc, etc.)
Quote:
Originally Posted by Willard
Do you know anything about average disk activity in a Linux installation these days?
No but it would be quite easy to measure.
Quote:
Originally Posted by Willard
Does the OS spend most of its time manipulating files in /home, or in /tmp, /etc and other places?
That kind of depends on what you're running and what you're running it for.
I bought a very nice locking cable that fits into the security hole on my laptop, and I always attach it, even when I am just stepping away from my laptop for a few seconds in a friendly coffee-shop. (I loop the cable through the carrying handles of the bag, too.)
When I am working with my computer in some external place, "that's simply what I always do." I plug in the power, and then I attach the security cable, looping it around the table leg. I smile pleasantly at the occasional people who notice, and most of them say that they're going to get one too.
It certainly is a "lightweight solution" to the problem of an "opportunistic laptop thief." Remove the opportunity!
If you have a webcam, you could also institute a VNC client running in the background to send a continuous video feed to a server. Might be a good move to see who stole your laptop.
You should also password the BIOS/CMOS/UEFI as well as the hard drives to prevent tampering.
"Well, I kept my barn completely unlocked and walked away from it ... but now I have this very nice video of who stole my horse."
BottomLine: somebody stole your horse, and you're never going to get it back.
As with the legendary story of the "pizza-delivery cat burglar," most crimes involving computers are crimes of opportunity. People troll through millions of computers automatically, looking for unprotected computers to mess with. They walk through coffee shops and public places also looking "merely" for opportunity. If they "try the door and find it locked," even if it's locked with a paper-clip, they'll move on to easier pickin's. Likewise, the simplest device that fastens down your laptop, such that no one can walk-away with it without attracting attention, will keep it safe. Burglars don't carry incriminating "burglar tools."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.