Re: Deniable Thumbdrive?
On Sun, 26 Jan 2003, John Kelsey wrote: > I think the best way to think about any biometric is as a very cheap, > moderately hard to copy identification token. Think of it like a good ID > card that just happens to be very hard to misplace or lend to your friends. Like an implant in the forehead. At least you'll know who the spy _was_ :-) Patience, persistence, truth, Dr. mike
Re: Deniable Thumbdrive?
At 10:06 PM 1/24/03 +0100, Eugen Leitl wrote: ... Frankly, the fingerprint is a lousy secret: you leak it all over the place. You can't help it, unless you're wearing gloves all the time. Ditto DNA. That's generally true of biometrics. Unless taking the measurement is so intrusive it's obvious when it's taken (e.g., maybe the geometry of your sinus cavities or some such thing that requires a CAT scan to measure properly), there's no secret. People constantly seem to get themselves in trouble trying to use biometrics in a system as though they were secret. The best you can usually do is to make it moderately expensive and difficult to actually copy the biometric in a way that will fool the reader. But this is really hard. In fact, making special-purpose devices that are hard to copy or imitate is pretty difficult. It seems enormously harder to find a hard-to-copy, easy-to-use "token" that just happens to come free with a normal human body. I think the best way to think about any biometric is as a very cheap, moderately hard to copy identification token. Think of it like a good ID card that just happens to be very hard to misplace or lend to your friends. --John Kelsey, [EMAIL PROTECTED]
Re: Deniable Thumbdrive?
At 06:05 PM 1/24/03 +, Ben Laurie wrote: ... Nice! Get them to cut _all_ your fingers off instead of just one. Just say no to amputationware. This whole idea was talked to death many years ago on sci.crypt, and probably before that other places. The good news is that it's not too hard to come up with a design that lets you encrypt a large hard drive in such a way that there's no way to determine how many "tracks" of secret data are there. I believe one of Ross Anderson's students did a design for this; it doesn't seem like a really hard problem to solve if you don't mind losing most of your effective disk capacity. The bad news is that you *really* need to think about your threat model before using it, since there's necessarily no way for you to prove that there no more tracks of secret data. It takes no imagination at all to think of ways you might end up wishing you *could* convince someone you'd given them the key to all the tracks. IMO, the only way to do this kind of thing is to have the data, or at least part of the key, stored remotely. The remote machine or machines can implement duress codes, limits to the number ot password guesses allowed per day, number of invalid password guesses before the thing just zeros out the key and tells the person making the attempt it has done so, etc. Trust me, you *want* the server to loudly announce that it will zero the key irretrievably after the tenth bad password Cheers, Ben. --John Kelsey, [EMAIL PROTECTED]
RE: Deniable Thumbdrive? (and taking signal detection seriously)
At 10:11 AM -0800 1/24/03, Major Variola (ret) wrote: >You do, of course, have >to trust the hardware/OS you use it with. "If you don't know the >socket, keep your dongle in your pants" Given the well documented advantages of poetry over prose in ease of recall, this adage should be, "If you don't know the socket, keep your dongle in your pocket." (Think codpieces.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Deniable Thumbdrive?
On Fri, 24 Jan 2003, Thomas Shaddack wrote: > Use the kind of fingerprint reader that can also sense the blood flow in > the finger, kinda like the heart rate sensors on some exercise machines. > Dead fingers then will be of no use. Photoplethysmography and photoxytometry are easy to fake once you know what you're looking for. Thin-skin translucent silicone casts of fingerprints (you can of course gather the patterns using the usual dactyloscopy paraphernalia, whether reduced iron magnetic brush or iodine/osmium tetroxide exposure) worn over live fingers would probably work. Frankly, the fingerprint is a lousy secret: you leak it all over the place. You can't help it, unless you're wearing gloves all the time. Ditto DNA.
RE: Deniable Thumbdrive?
At 11:40 AM 01/24/2003 -0500, Tyler Durden wrote: Peter Trei wrote... "What's you're threat model? If it's your wife or kid sister, this might work. If it's a major corporation or a government, forget it - they'll bitcopy the whole flash rom, and look at it with ease." Agreed. Furthermore, the whole thing is inherently dependent on the processing model and programming interfaces of your thumbdrive. What does it look like to your PC if you're not using the right thumb? What does it look like to your PC if you want to use the right thumb? Three obvious models are - PC doesn't need Thumbdrive-specific drivers, just generic USB disk, and the CPU in the drive decides whether it's seen your thumb and reveals the otherwise-hidden files if it likes you. - PC has specific drivers for the Thumbdrive, Whole drive plus the thumbprint pad are visible to the PC, and you can only decrypt the secret part if you put a matching thumb on the thumbprint. - PC has specific drivers for the Thumbdrive Public drive, thumbprint pad, and hooks for secret drive are visible to the PC, and putting the correct thumb on the pad lets the PC find out the password to mount the secret drive. At this point, most of my threat models are on this level or the next one higher--local cops or dumb goons grab a protestor or whatever and try to shake his photos and whatever digital else out of him..."OK punk, you're not calling a lawyer until you show me what's on this thing"..."Don't tell me nothing's in there I see a login prompt, ya' commie faggot...open it up." First of all, as Peter says, high-tech cops won't be fooled. Low-level goons may not recognize it, or if the thumbprint part requires specific drivers or data on the PC, you can tell them "sorry, that part's for access to my work PC, and if you'd like to get a search warrant, they'll let you in the building", and make sure the public part has some pictures of your dog or whatever. For medium-tech cops, you can say that it requires installing drivers on their PC (assuming that it does), and offer to download them, and prearrange that there's a set of drivers at www.kevinmitnick.com just in case they actually take you up on it. As for the thumbprint, I'm wondering if other parts of the body could be used (then even very savvy rubberhosers couldn't just make you try every finger). I'll try using my, um, nose tonight. Depending on the interface presented to the PC, it may or may not be obvious to the PC whether there are zero, one, or more secret areas on the drive. If it's not obvious, then the obvious extension to the product would be to support multiple fingerprints for multiple secret areas, the business model being so that multiple people can use the same drive, so your right thumb gets your right-wing-conspiracy data, your left thumb gets your Commie stuff, and your middle finger gets the picture of J.Edgar Hoover in his black negligee or whatever else you want the cops to see. Otherwise, figure out which body parts you don't mind them cutting off...
Re: Deniable Thumbdrive?
> Nice! Get them to cut _all_ your fingers off instead of just one. > Just say no to amputationware. Use the kind of fingerprint reader that can also sense the blood flow in the finger, kinda like the heart rate sensors on some exercise machines. Dead fingers then will be of no use. ...of course, one can still take a fingerprint photograph, etch it to metal, pour thin layer of silicone over it, make a relief layer to put over one's own finger, and fool the sensor. For this you don't even need a cut-off finger, though - the access to the digitized thumbprints in ie. a police database (or the database of those stores that allow you to pay with a fingerprint, if you're there) is enough.
Re: Deniable Thumbdrive?
Tyler Durden wrote: I got a hold of a little gadget recently that is very nearly perfect for certain forms of data storage. It's called a "Thumbdrive" and I bought it online somewhere (64Meg for about $179 or so). The cool thing about this drive (small enough that it has holes for use as a keychain) is that it's got a "Public" area and a private area, and the private area is accessible (if one desires) only via the little fingerprint reader on the top of the drive. (It's also USB based, and on Windows2000 and beyond you don't need any software drivers--just plug it in to a USB port and it appears as a drive). ANyway, I was wondering. I'd really like a nice software mod of this thing so that, depending on which finger I use for verification, a different private area on the drive will open (right now several users can be assigned access by the master user to use their fingerprint for access to the single private area). Of course, there should be no indication that there even IS more than one private area. So...anyone heard of such a hack/mod, or is there a straightforward way to go about doing it oneself? Nice! Get them to cut _all_ your fingers off instead of just one. Just say no to amputationware. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
RE: Deniable Thumbdrive? (and taking signal detection seriously)
> From: "Tyler Durden" <[EMAIL PROTECTED]> > The cool thing about this drive (small enough that it has holes for use as a > keychain) is that it's got a "Public" area and a private area, and the > private area is accessible (if one desires) only via the little fingerprint > reader on the top of the drive. (It's also USB based, and on Windows2000 and > beyond you don't need any software drivers--just plug it in to a USB port > and it appears as a drive). > > ANyway, I was wondering. I'd really like a nice software mod of this thing > so that, depending on which finger I use for verification, a different > private area on the drive will open (right now several users can be assigned > access by the master user to use their fingerprint for access to the single > private area). Of course, there should be no indication that there even IS > more than one private area. 1. You should not rely on their encryption alone, you should use your own crypto on whatever you store there. You can carry your whole environment --incl. copies of tools, digsigs,and keyrings -- with you. You do, of course, have to trust the hardware/OS you use it with. "If you don't know the socket, keep your dongle in your pants" 2. If you use your 'nose' you need to borrow other noses to do a signal detection study ---tally hits, misses, false alarms, false positives. Then get back to us. We can even characterize and compare the performance of say human sentries this way; even measure their fatigue, perhaps. If the FAA/TSA has half a clue they've done this for their x-ray snoopers.
RE: Deniable Thumbdrive?
Peter Trei wrote... "What's you're threat model? If it's your wife or kid sister, this might work. If it's a major corporation or a government, forget it - they'll bitcopy the whole flash rom, and look at it with ease." At this point, most of my threat models are on this level or the next one higher--local cops or dumb goons grab a protestor or whatever and try to shake his photos and whatever digital else out of him..."OK punk, you're not calling a lawyer until you show me what's on this thing"..."Don't tell me nothing's in there I see a login prompt, ya' commie faggot...open it up." This could of course be done without the thumbprint (probably better), but I think that only when you get -really- dangerous do you have to worry about highly technical people who are informed of the latest info gadgets, and who would even know there are multiple private areas. As for the thumbprint, I'm wondering if other parts of the body could be used (then even very savvy rubberhosers couldn't just make you try every finger). I'll try using my, um, nose tonight. -TD _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
RE: Deniable Thumbdrive?
> -- > From: Tyler Durden[SMTP:[EMAIL PROTECTED]] > Sent: Friday, January 24, 2003 9:52 AM > To: [EMAIL PROTECTED] > Subject: Deniable Thumbdrive? > > I got a hold of a little gadget recently that is very nearly perfect for > certain forms of data storage. It's called a "Thumbdrive" and I bought it > online somewhere (64Meg for about $179 or so). > > The cool thing about this drive (small enough that it has holes for use as > a > keychain) is that it's got a "Public" area and a private area, and the > private area is accessible (if one desires) only via the little > fingerprint > reader on the top of the drive. (It's also USB based, and on Windows2000 > and > beyond you don't need any software drivers--just plug it in to a USB port > and it appears as a drive). > > ANyway, I was wondering. I'd really like a nice software mod of this thing > > so that, depending on which finger I use for verification, a different > private area on the drive will open (right now several users can be > assigned > access by the master user to use their fingerprint for access to the > single > private area). Of course, there should be no indication that there even IS > > more than one private area. > > So...anyone heard of such a hack/mod, or is there a straightforward way to > > go about doing it oneself? > > -TD > Try contacting Trek and see if you can suggest it. What's you're threat model? If it's your wife or kid sister, this might work. If it's a major corporation or a government, forget it - they'll bitcopy the whole flash rom, and look at it with ease. Based on what I've seen, the fingerprint simply acts as a access control. The data on the chip is not encrypted. There are cheaper thumbdrives which use passwords which therefore don't leave any evidence binding a specific drive to a specific person - you said you wanted deniability, so leaving your thumbprint in the device is not desirable. That said, these are really neat gadgets. Our FSEs use them to carry around software tools and utilities - much easier than a box of floppies or CDs. Peter
