At 03:29 PM 7/21/96 -0700, Bill Frantz wrote:
At 9:26 PM 7/19/96 -0800, Chris Adams wrote:
BTW, I'd try a fiber-optic connector to the machine because 1) it's waterproof and you wouldn't have to be quite as paranoid about leaks, 2) it's far more secure, 3) it's faster and 4) it's probably impossible to trace like a metal wire (i.e. run current through and trace magnetic fields...)...
Just some random advice: My high-speed networking expert friend says that plastic fiber is good to about 4-5 miles, and is a lot easier to work with than glass fiber.
What about a machine setup that has its own intrusion detection? An internal battery-backup system that also powers case-tampering detection hardware could be set to trigger "Alternate Stego File System Plan A". Replace drivers, etc., with software that does not contain the real system's drivers at all, which you have wisely placed only in a very offsite backup location. Tamper-detecting cases of this sort already exist: look at a U.L. listed Burglar Alarm external cabinet. Double-walled, and the internal wall is electrically insulated from the external wall such that any short between the two walls, (i.e. a bad guy with a drill bit), will fire the trigger. Certain shielding schemes used by some manufacturers today might already provide a good design. You could also go overboard and fill the interior with various environmental detectors. Photosensitive transisitors. Tilt/tremble sensors. Temperature sensors. Smoke detectors. Accelerometers (see Scientific American a few months ago for a circuit). Microswitches that are held open by virtue of having the case screws in place. Build a double-walled case (as mentioned above) and keep it pressurized with nitrogen, and have a pressure sensor to detect leakage. Lead-line the interior, and place an X-ray detector where any attempt to X-ray the machine will result in Plan A. And if they want to try using MRI to see inside; well, I guess I probably wouldn't be too surprised! :-) If you had absolute faith in your machine's inability to crash (i.e. not running a Wintel operating system), the drivers could be written to copy themselves into memory at bootup and securely wipe themselves from your hard disk; and write themselves back to hard disk at a shutdown request. Your machine is then vulnerable only when properly shut down, a state in which I would not recommend leaving it. Leave it only in a "password required" state, and *this* would be the place to implement the duress password. As for seed data to encrypt to give them something to find, may I suggest that would be an excellent choice to keep both your Netscrape cache as well as your Winders swap files? Lots and lots of sectors worth of data, kept as fresh as often as you use your browser. And as long as you don't browse "illegal" sites (whatever that might mean in your country), you win. And, of course, protect all external connectors so your opposition wouldn't be able to shove a wire in your RS-232 port and short your internal battery. The low/no battery level alarm would be used to ignite the magnesium wrapped around the hard disk's case (also known as Alternate Stego File System Plan B :) , or it would trigger the capacitively powered EMP coil mounted above the platters; neither of which you would want triggered unless the software-stego routines hadn't completed by the time the case was breached. My point is it should be possible to build a virtually tamperproof case; and especially if your attacker doesn't know it exists, you would stand a good chance of being able to eliminate self-incriminating data (sometimes the 5th amendment needs some mechanical assistance) before the bad guys would have the ability to save an "untampered" copy. John. -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad@dsddhc.com (work) jad@pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+