Sealing wax

[Tim May]

On Tuesday, July 15, 2003, at 09:05  AM, Major Variola (ret) wrote:

> At 09:29 AM 7/15/03 -0400, Sunder wrote:
>> So, the best way to avoid that situation and not being able to reach
> the
>> big red switch, is simply not to attract their attention in the first
>> place by not following the footsteps of Jim Bell.  :)
>
> Stego + broadcast is indeed your friend.
>
>> A more likely, and far more important, scenario to worry about is the
>> black bag job whereby a hardware keystroke recorder can get installed
>> without your knowledge...
>>
>> There may be ways to prevent/detect this...  Software (open or closed
>> source) alone won't help very much.
>
> Epoxy and other conformal coatings are also your friends.
>

Thinking about this brief comment, I assume MV means sealing a PC to 
make black bag opening more apparent.

But this suggest a return to _sealing wax_. Seriously.

A dab of sealing wax (available in most stationery stores, save for 
Staples, Office Depot, OfficeMax, Paper Barn, StaplerWorld, Nothing But 
Rubber Bands, and other warehouses masquerading as stationery stores) 
over the side panels and other access points, even over the floppy and 
CD-ROM ports (carefully!), and a distinctive signet ring or other such 
seal-making device could be quite easy to use.

(As we all know, CIA and other spook agency "flaps and seals" 
specialists are well-versed in duplicating such seals...but probably 
only after collecting good information. An FBI black bag job is likely 
to encounter the sealing wax and seal and be unable to duplicate it. 
There may be tools now to take a fairly good impression, perhaps with a 
fast-setting polymer, and then make a convincing duplicate of the seal. 
All crypto is economics, though, and simple seals probably work against 
most attackers.)

There are other methods:

-- keep key material on a USB or PCMCIA flash card dongle. 

-- wear this around your neck or otherwise make it secure against 
girlfriends, wives, others who may try to copy it

-- use a small handheld PC (like the HP machines) or Palm OS device as 
the "front-end" for security apps: at the simplest level, use it to 
store very long keys which don't get typed-in, but instead are 
cut-and-pasted in a way to bypass the keyboard driver completely.

Note: It is common in military crypto for their to be different levels 
of "security tokens" to increase physical security. Rarely are the keys 
to the kingdom gotten merely by sitting down and typing stuff into a 
computer. For one thing, this encourages people to get lazy and write 
the passwords and keys down on Post-It notes or on pieces of tape stuck 
to the underside of paperclip holders or other entropically-obvious 
things. For another thing, it makes remote attacks or keystroke logging 
much more of an attack mode. Finally, the rigamarole or ritual of 
having physical tokens on chains around one's neck tends to make the 
process of security seem more serious, which can cause more care to be 
taken.

(All of this slows down the process. The rigamarole that a shipboard 
crypto shack will put up with is not the same as what Joe Sixpack will 
put up, as we all know. RSA-like crypto makes crypto a lot less 
expensive to deploy, but it's wrong to think it makes it a no-brainer, 
point-and-click process....except in things like SSL, where it does a 
specialized job without human involvement.)

-- the usual point about having a network with a secure machine locked 
up very well in a closet or safe (I have a large gun safe, which I 
usually run a small heating element into to prevent condensing 
conditions...I have toyed with the idea of  putting a small PC running 
on 25-40 watts, or less, into this gun safe, with only a power cord and 
Ethernet wire coming out).

-- and the usual point about having cameras watching the areas where 
the PCs and keyboards are located.

(Yeah, maybe the black bag types can find and disable the cameras, but 
then Alice knows something unusual happened. But odds are pretty good 
they _can't_ find all of the cameras or microphones or sensors, 
especially in a building with many PCs and wires and other gadgets. 
They can cut the power, but smart folks have things on battery backups, 
or self-powered, or on laptops left plugged-in and able to run for 3-4 
hours without AC power, etc.)

Were I setting up such a system, all sorts of inexpensive ideas suggest 
themselves.

By the way, I recommend the novels of Thomas Perry, especially 
"Pursuit," "Vanishing Act," and his others in the "Jane Whitefield" 
series. All four novels of his I have read so far deal centrally with 
issues of people trying to escape those tracking them, kind of a 
private version of the Witness Security Program (popularly called 
"Witness Protection"). The novels are filled with good ideas, and a few 
glaring misses, about changing identity, avoiding patterns, etc.

If there's a weakness in his novels, it's that not enough modern 
technology is used. I cringe when I see his characters not even using 
readily-available throwaway cellphones to stay in contact, or not even 
setting up Hotmail accounts to communicate. (He favors postal dead 
drops, which in at least one of the novels allows an attacker to find 
out the home and name of another....a determined opponent, like the 
government, would know the names and addresses quickly.)

Still, his series fits with the kind of security awareness and 
hypervigilance we often discuss.


--Tim May