How does an evil maid get past a locked iPhone or laptop? It’s really not that easy with a proper password and encryption right?
For a laptop with full disk encryption, there is the possibility of the attacker tampering with the hardware.
Readit NewsDoctorFreeman commented on Show HN: Tripwire: A new anti evil maid defense github.com/fr33-sh/Tripwi... · Posted by u/DoctorFreeman
DoctorFreeman commented on Show HN: Tripwire: A new anti evil maid defense github.com/fr33-sh/Tripwi... · Posted by u/DoctorFreeman
> NEVER PLUG/UNPLUG THE CAMERA MODULE, THE PIR SENSOR, OR WIRES WHEN THE RPi IS POWERED ON!!!
Why?! Will it will trigger W.O.P.R. and start attempting to brute force missile silo keys?
I don't know if it will cause problems. I'm just playing it safe :)
DoctorFreeman commented on Show HN: Tripwire: A new anti evil maid defense github.com/fr33-sh/Tripwi... · Posted by u/DoctorFreeman
Instead of deleting the secret on trip, and requiring a re-arm, it could instead derive a new secret on trip, by e.g. hashing the previous secret. That way you don't have to manually re-arm it, and you get a record of all trips.
Say e.g. a bug walks in front of the camera, tripping it. Then 1 hour a later an evil maid comes in and tampers with the system. In my design, you could look at the photo record, see that the 1st trip was a false alarm, then continue looking at the data, and see that the 2nd trip was something real.
Compared to with the current design, the bug would trip it, then you would get no record of the actual evil maid. You would see the photos of the bug tripping it, and think "oh, it's just a false alarm, I don't need to worry", and trust the computer, even though it's tampered with.
That is honestly a fantastic idea. Many thanks for it. And I don't see any problems to fit it into the design right now.
DoctorFreeman commented on Show HN: Tripwire: A new anti evil maid defense github.com/fr33-sh/Tripwi... · Posted by u/DoctorFreeman
Just so you know, this name is already taken by a famous security product for intrusion detection.
Thanks for the note. Maybe I can rename it to Tripwire AEM where AEM stands for anti evil maid.
DoctorFreeman commented on Show HN: Tripwire: A new anti evil maid defense github.com/fr33-sh/Tripwi... · Posted by u/DoctorFreeman
The author did an excellent job explaining what an evil maid attack is, but a very poor job of explaining how their proposal mitigates such attack.
I think the classic "Detecting unauthorized physical access with beans, lentils and colored rice" [0] approach is simpler to understand and simpler to implement. It doesn't rely on any hardware, such as a Raspberry Pi or otherwise technology which can be more easily subject to scrutiny via Ken Thompson's "Reflections on Trusting Trust".
[0] https://dys2p.com/en/2021-12-tamper-evident-protection.html
Thanks for the feedback. My guess is that the part about destroying the random secrets is easier to understand, but the later part about a key pair and how its signing of the photo log can help with a persistent network outage is harder to understand? It does need a specific mental picture to see how it makes sense. I'll try to have more diagrams to explain.
But yeah the "random mosaic" with rice and beans is a great defense. My view is that these together can form a defense in-depth.
Everybody who had the pleasure to work with "high-ranking officials in businesses/organizations" knows that this group is the one who overrides many technically optimal decisions and thinks internal policies do not apply to them. Their lives are not affected if a device is compromised because they are financially stable and can just blame an intrusion on the IT team.