S
S
SailfishSnail2019-09-06 15:37:40
Encryption
SailfishSnail, 2019-09-06 15:37:40

Some kind of OS authorization technology under duress - preferably when encrypting a disk?

Good afternoon.
I'm interested in the technology of counteracting authorization in the user's computer, which would be analogous to "authorization under duress" in security systems, when a person enters a code, the system stops beeping, but information comes to the security console.
Those. there is a certain computer with meaningful information, which, as it is clear, does not concern any third parties.
Along with the computer, there is also its owner, who knows the authorization data. To prevent the use of the thermorectal method, the owner immediately reports the data and authorizes, but then this very security system comes into play.
For example, the owner would have two users. When logging in under the name of the first, normal work would be carried out, and the second would exist only for such emergency authorizations. The second command in .bashrc (*nix) or autostart (windows) would be to run the script with, for example, "rm -rf /" and similar.
It is desirable to apply this technology even at the stage of disk decryption, i.e. before loading the operating system - i.e. the user, upon entering a fake password, would launch the operation of turning information into unreadable stuffing.
I don't want to reinvent the wheel, and logic tells me that I'm not the first to ask this question.
No crime is implied, but the technology is interesting.
Can you suggest something?
Let me clarify that we are looking for a solution for a laptop like Apple MacBook Pro or Dell XPS - both models have SSDs.
PS I've already come up with jokes myself and voiced them more than once, now I'm interested in the specifics.

Answer the question

In order to leave comments, you need to log in

6 answer(s)
X
xmoonlight, 2019-09-06
@xmoonlight

Here

P
poisons, 2019-09-06
@poisons

There was a similar issue. At the brainstorming session, we came to the conclusion that this is all garbage, if Comrade Major is not a fool, and he is not a fool, unfortunately, then in his right mind he will not let you enter anything there yourself. They will seize the PC, take a byte-by-byte dump from the disk, and only then they will conduct experiments.
And in a scenario like he entered a password under duress and the CP left, and instead of it, the seals appeared. It won’t work, if Comrade Major knows that there was a CP, then they will try to talk until the correct password is issued.
Those. the only solution is not to store information on a device that can be seized.
And so the software is googled, but all this is garbage.

C
CityCat4, 2019-09-06
@CityCat4

Of course, not the first :)
And the answer to this is a long time ago. And it lies in the phrase "it all depends on the circumstances."
Have you ever dealt with law enforcement? Can you imagine, well, at least in the most general terms - how they think? (not how they work - but exactly how they think)
Technically, of course, it's not difficult - to get a second account on your computer, with which you can register a script with a shell. Unfortunately, this method has a couple of very significant drawbacks:
- the speed of the rm -rf / operation will be low. It is quite possible that even a policeman will be able to understand that he is being blown. Deleting without the possibility of recovery - works even slower.
- No such "deletion" actually deletes anything and everything can be restored
- Even if you used something like an Impulse (a crap that is mounted above the disk and, when the panic button is pressed, with a powerful impulse turns the screw into a piece of iron), the cops will still have something to break off on. And it is - all of a sudden - you. :)
In Google, I did not find anything other than "disobedience to the lawful demand of a police officer" on the topic of what happens if the cop asks you to turn on the computer and at that moment everything is erased, but in real life it seems to me that you will have many, many troubles.
Yes, you can say - yes, I will record everything and sue everyone - but will it make it easier for you if you are moving in a wheelchair by this time?
There is no general solution in this situation - everything depends on many particular circumstances.

L
lonelymyp, 2019-09-06
@lonelymyp

So there are many different programs, but those who need it are already aware of them.
First, an image of the disk will be made with an acronis and will be persuaded until you say the correct password.
If the data on the disk can significantly extend the prison term, it is better to use something like https://detsys.ru/catalog/ustrojstva-unichtozheniy...

A
Alexey Kharchenko, 2019-09-06
@AVX

I already read somewhere: you need to have three passwords - one is easily accessible (or almost not hidden), the second is given out under duress, and the third is the one that really hides something.
To implement it, you need to make three encrypted disks, and periodically update them somehow to make it look plausible. But it's not that easy. Suppose you have been tracked that you are currently working on a computer (or downloading the CPU, or breaking the pentagon) - they send a group, they break down the door, and you're done - you already have access to up-to-date information. Even if you have time to press reset, they will ask you to enter a password - and if it turns out that the date of modification of files in the system (or even in the browser log of the date of visits) is not at all today - they will try until you say the correct password.
So a more realistic option is something like a truecrypt, logging in after entering the password from the encrypted disk (which is clearly visible), and there you can already do your daily activities, preventing the storage of any compromising data. Run Trucrypt on your computer, indicate the data where the encrypted partition (hidden) and the password from it are located, and keep everything else in it. By reset during interrogation, give out a password, it will always look like a clean system without any problems and compromising information. It will only give out the presence of a truecrypt (well, or whatever else will be used there).
But we can go deeper!
In the encrypted section, which is hidden, we keep at least some prohibited content, but which can be challenged in court, or receive a condition or administrative letter. Then, during interrogation with prejudice, we will give out this disk so that they think (Oh, they finally solved the case!) That this is it.
But in fact, you can create another hidden and encrypted container - then you can keep everything in it.
In principle, for most cases, this can be dispensed with. However, meticulous criminalists can detect encrypted areas on the disk, and by checking which addresses the truecrypt accesses when they enter the given password (or if the location of the container is indicated) - and if the area is somehow not in this range, it is logical to assume that there is something something encrypted is stored.
We will protect ourselves from this in the following way - we go through the recording of all unused blocks on the physical disk with random data (excluding areas where encrypted containers are). Then the whole disk will look like encrypted, and if they ask why, we’ll say so, in order to hide the presence of that very hidden container, the password to which was given during interrogation with prejudice.
One question remains - is it worth it if you are not Snowden?

D
Dmitry Voronkov, 2019-09-09
@pythonREST

For this, there are hidden volumes in truecrypt/veracrypt/diskcryptor. Plausible deniability of hidden volumes is, of course, included.
Simply put, when you enter one password, a real hidden volume is opened for work, and when you enter the second, a regular system where there is nothing criminal (you can add home video if you wish for additional credibility).
And the approach with the destruction of information is a bad decision for many reasons (some of them have already been written in the comments, it makes little sense to repeat).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question