Re: constant encryped stream
Eh, I know I'm running a little bit behind on my reading, so this is a tad late for the discussion-- but why not just pluck a hair from your head, wet it, and smooth it over the door and the wall? Assuming that your enemy isn't searching for stray hairs, you could just check if it was still there, and in doing so see if the door has been opened. (now off to read the rest of the responses...) ~S From: Eugen Leitl [EMAIL PROTECTED] Date: Wed, 01 Jan 2003 10:00:10 +0100 (CET) To: Thomas Shaddack [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: re:constant encryped stream On Tue, 31 Dec 2002, Thomas Shaddack wrote: Is there a way to RELIABLY find the mail was opened? I have a related question. I have a little server sitting in a wall closet. Does anyone have an easy solution (preferably low tech) for figuring out that the closet door has been opened?
Re: constant encryped stream
Eh, I know I'm running a little bit behind on my reading, so this is a tad late for the discussion-- but why not just pluck a hair from your head, wet it, and smooth it over the door and the wall? Assuming that your enemy isn't searching for stray hairs, you could just check if it was still there, and in doing so see if the door has been opened. (now off to read the rest of the responses...) ~~S From: Eugen Leitl [EMAIL PROTECTED] Date: Wed, 01 Jan 2003 10:00:10 +0100 (CET) To: Thomas Shaddack [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: re:constant encryped stream On Tue, 31 Dec 2002, Thomas Shaddack wrote: Is there a way to RELIABLY find the mail was opened? I have a related question. I have a little server sitting in a wall closet. Does anyone have an easy solution (preferably low tech) for figuring out that the closet door has been opened?
Re: constant encryped stream
In article [EMAIL PROTECTED], Peter Fairbrother [EMAIL PROTECTED] wrote: Get the pull from a party popper and wrap it in a dollar bill. Record the serial number of the bill (some crypto here maybe). Make it impossible to open the closet without setting the pull off, ie no trapdoor. Fairly good tamper-evidence, and the token is hard (and very illegal!) to forge. Most of the security features of a dollar bill are not directed toward the serial number; they are designed to prevent changing the denomination, or to increase the cost of creating a real-looking bill from scratch. Changing the serial number is likely to be fairly straightforward. For this to be secure, you would have to keep the serial number a secret; and in that case, the paper could be any piece of paper with a secret written on it. Depends on your threat model, of course. But of course. -- Shields.
Re: constant encryped stream
Get the pull from a party popper and wrap it in a dollar bill. Record the serial number of the bill (some crypto here maybe). Make it impossible to open the closet without setting the pull off, ie no trapdoor. Fairly good tamper-evidence, and the token is hard (and very illegal!) to forge. Also the dollar bill is still spendable, so the only cost of your accesses are the pulls. Depends on your threat model, of course. -- Peter Fairbrother
Re: constant encryped stream
Get the pull from a party popper and wrap it in a dollar bill. Record the serial number of the bill (some crypto here maybe). Make it impossible to open the closet without setting the pull off, ie no trapdoor. Fairly good tamper-evidence, and the token is hard (and very illegal!) to forge. Also the dollar bill is still spendable, so the only cost of your accesses are the pulls. Depends on your threat model, of course. -- Peter Fairbrother
Re: constant encryped stream
In article [EMAIL PROTECTED], Peter Fairbrother [EMAIL PROTECTED] wrote: Get the pull from a party popper and wrap it in a dollar bill. Record the serial number of the bill (some crypto here maybe). Make it impossible to open the closet without setting the pull off, ie no trapdoor. Fairly good tamper-evidence, and the token is hard (and very illegal!) to forge. Most of the security features of a dollar bill are not directed toward the serial number; they are designed to prevent changing the denomination, or to increase the cost of creating a real-looking bill from scratch. Changing the serial number is likely to be fairly straightforward. For this to be secure, you would have to keep the serial number a secret; and in that case, the paper could be any piece of paper with a secret written on it. Depends on your threat model, of course. But of course. -- Shields.
Re: constant encryped stream
Isn't the obvious way to handle this to include an undeveloped (latent image) photograph of some obscure object, person, or place on the film rather than just a blank film ? ? You could then develop it and check for light damage and evidence of lack of authenticity. I suspect there are tricks involving calibrated exposures of objects with known optical power ratios (a kind of hidden grey scale strip) or even holograms superimposed on normal looking photographs of scenes that might be rather hard to easily duplicate by developing the latent image and making either an optical or contact print of it on a similar medium. The hologram trick is very interesting; could cause a lot of problems for the adversary. Now the question remains, how to make a hologram within the resources of a common person, to make the system suitable for wide use, not only for a handful of high-tech geeks with closets full of cutting-edge gears. Also, how to make sure the image got properly exposed, so it couldn't happen that a mistake of the sender couldn't result in a false alarm. (Maybe to develop part (half, stripe...) of the image and then check under the red light, before using?) The issue starts to look more complicated than it seemed on the first glance. We have a resourceful adversary, who will quickly learn the tricks. We need a low-tech technology that will be highly resistant against undetected tampering by the adversary. Does anyone know if this wasn't already being solved during the Wars, or the Cold War? I am pretty sure many embassies had problems with adversaries going through their diplomatic mail.
Re: constant encryped stream
On Fri, 3 Jan 2003 07:24:12 +0100 (CET), you wrote: We have a resourceful adversary, who will quickly learn the tricks. We need a low-tech technology that will be highly resistant against undetected tampering by the adversary. Hindering the adversary is the fact that he must face thousands of homebrew approaches, rather than simply discover once a means of defeating the Mark 423 Mod 8 Closet Opening Detector. Low tech is quite best. Using cameras and receivers that rely on RF simply broadcasts the nature of the device. They are useful primarily to distract from the real device. Likewise magnets scattered about, and a few small lengths of wire connected to light bulb filaments, or whatever. Using devices based on storing evidence of incursion on the diskdrive is overly complicated and easy to defeat. (A crash, followed by auto-discovering of a bad sector, reboot, you are in doubt, etc.) You need to deal with radiographic analysis, expert manipulation, micro-camera inspection, etc. You need to use what you can find in a prison kitchen, for example. You need to be able to make it with only implements and materials that a prisoner might have access to. Hey, if you are going to be paranoid Assuming you want only to detect a door opening (not removal and reinstallation of the wall opposite the door, etc.) here is a nice low tech way. Get a tablespoon of flour and dye it red with food coloring. Dry it completely. Separately, dye another tablespoon of flour orange and dry it. Get a small clear plastic needle box or fishing lure box, and sprinkle some of the orange flour onto the bottom of the box, in the form of a set of digits, say 8 3 7. Now cover that up completely with the red flour. Now the digits can only be seen from the bottom of the box, and when the box is placed bottom down on a piece of balsa, it is immune to radiographic viewing, or micro camera viewing (more on this). Superglue (or make glue from flour and water, if the warden doesn't permit superglue) a thin paper hinge strip to the edge of the piece of balsa (or several sheets of flat paper glued together with flour-water glue) and superglue the other edge of the strip to the inside opening edge of the closet door, using a thin strip of paper as a hinge between the inside of the door and the balsa shelf. Now you have a very small hinged shelf that is hanging down, on which to place the needle box containing your hidden flour digits, when the hinge is propped up in the shelf position. To prop the hinged shelf up so you can place the needle box on it, go inside the closet and close the door. Now glue a toothpick in the door facing on the inside of the closed door that holds the shelf up. When the door is closed from the inside and that toothpick is in place, the toothpic just barely supports the rear edge of the hinged shelf. If the door were to be opened a quarter inch, the shelf drops off the toothpick supporting it, and the shelf drops, erasing the flour letters. Now exit the closet, and use a dremel to drill a very small hole in the closet door. If your warden doesn't allow dremels, use a paperclip, or use a screw and screwdriver, or whatever. You have time on your hands anyway, if you can't come up with a way to drill a micro hole in a closet door, you have larger problems. The position is just under the shelf. Now to arm it. From the outside of the opened door, stick a tooth pick into the hole in the door under the hinge, supporting the shelf. Place the flour holding needle box on the shelf. Close the door. Remove the toothpick from the outside of the closed door. The hinged shelf drops slightly onto the facing- mounted toothpick. It is armed. To open, insert the toothpick into the hole from the outside of the door and open slowly. Glue a medium size paper board box to the door facing, uncovered on the side toward the closed door, so that the entire works has freedom to operate, but is enclosed when the door is closed and the shelf is armed. This protects from micro cameras. Now drill several more holes in line with the real one. At the inside of each of the dummy holes, link them using a popsicle stick and toothpick linkage to a stick that pushes the toothpick in the inside door facing slightly back, dropping the flour needle box. Tamper detection, even if they don't open the door. Write on a sheet of paper and super glue it over the outide of the armed door over all the holes. That should show some crude tampering and cover the holes from pre-cracking surveillance expeditions. Alternatively, use thumbtacks or push pins in the holes to display some ubiquitous prison regulations. If they remove the regs, they expect to see the little holes in the surface of the closet door. Make lots of such tack holes. Now, they can't use radiography, there are no magnetic or metal parts, they can't do micro camera analysis without robotic disassembly, and even then
Re: constant encryped stream
Isn't the obvious way to handle this to include an undeveloped (latent image) photograph of some obscure object, person, or place on the film rather than just a blank film ? ? You could then develop it and check for light damage and evidence of lack of authenticity. I suspect there are tricks involving calibrated exposures of objects with known optical power ratios (a kind of hidden grey scale strip) or even holograms superimposed on normal looking photographs of scenes that might be rather hard to easily duplicate by developing the latent image and making either an optical or contact print of it on a similar medium. The hologram trick is very interesting; could cause a lot of problems for the adversary. Now the question remains, how to make a hologram within the resources of a common person, to make the system suitable for wide use, not only for a handful of high-tech geeks with closets full of cutting-edge gears. Also, how to make sure the image got properly exposed, so it couldn't happen that a mistake of the sender couldn't result in a false alarm. (Maybe to develop part (half, stripe...) of the image and then check under the red light, before using?) The issue starts to look more complicated than it seemed on the first glance. We have a resourceful adversary, who will quickly learn the tricks. We need a low-tech technology that will be highly resistant against undetected tampering by the adversary. Does anyone know if this wasn't already being solved during the Wars, or the Cold War? I am pretty sure many embassies had problems with adversaries going through their diplomatic mail.