The GitHub repo describes both the concept and the setup process in great details. For a quick overview, read up to the demo video.
There is also a presentation of Tripwire available on the Counter Surveil podcast: https://www.youtube.com/watch?v=s-wPrOTm5qo
It's rather an anti evil maid tool, or an evil maid defense. :)
sorry for being pedantic, but with the arms race within cybersecurity, "anti something defense" sounds like double negation to me.
While thinking about it, this phrase occurred to me: “silver bullets are a defense against zombies.” It is not the same phrase structure as the original, but it also has the double-negative vibe, yet it feels more reasonable to me than “…are a defense for zombies”, which to me suggests that zombies would employ them against their enemies.
I think the resolution here is that defense is inherently against something, so these phrases are not unequivocally double negatives - though I also agree with nine_k’s point about a better way to say it.
EDIT: Duh! The fact that defense is inherently against something is precisely what makes these phrases look like double negatives! The resolution must be something else - maybe agreement in mood or sentiment…
Everybody who had the pleasure to work with "high-ranking officials in businesses/organizations" knows that this group is the one who overrides many technically optimal decisions and thinks internal policies do not apply to them. Their lives are not affected if a device is compromised because they are financially stable and can just blame an intrusion on the IT team.
I think the classic "Detecting unauthorized physical access with beans, lentils and colored rice" [0] approach is simpler to understand and simpler to implement. It doesn't rely on any hardware, such as a Raspberry Pi or otherwise technology which can be more easily subject to scrutiny via Ken Thompson's "Reflections on Trusting Trust".
[0] https://dys2p.com/en/2021-12-tamper-evident-protection.html
But yeah the "random mosaic" with rice and beans is a great defense. My view is that these together can form a defense in-depth.
When I need to secure an area (eg, vending at a convention at a hotel, locking up the room with stock), I can just pop down the Pelican, plug in the keypad (which doubles as the RF transceiver), stick up sensors, and I’m off to the races.
Why?! Will it will trigger W.O.P.R. and start attempting to brute force missile silo keys?
[1] read “The spy and the traitor” by Ben Mackintyre. It’s incredibly gripping and at times hard to believe the courage and perseverance of the people involved but it was real.
Oh and Patrick Steward plays "Karla" the soviet mastermind in this series and its successor "Smiley's People". Just a few seconds, but very memorable, its incredible really.
If you track it down, I highly recommend watching it with headphones. The sound design is amazing.
The sound of an empty room being profoundly menacing.
The first comment here https://news.ycombinator.com/item?id=46244062 links to something more elaborate with nail polish.
Unfortunately... I've seen a video of somebody defeating this concept before, not by trying to recreate the pattern with new nail polish and glitter, but by using a chemical (I can't remember what) that lets them, gently and very carefully, remove the whole layer of nail polish in one piece rather than having to break it apart, and then afterwards they stuck it back in place such that it looked identical. So it's not as secure an idea as it's often considered to be.
Edit: actually my memory was slightly wrong. The video I was remembering wasn't about defeating glitter in nail polish on a screw, but about "tamper proof" stickers which are made for the same purpose. I don't know for sure if nail polish could equally be defeated, but I suspect so. Here's that video (LockPickingLawyer defeating a tamper proof sticker): https://youtube.com/watch?v=xUJtqvYDnkg&
Say e.g. a bug walks in front of the camera, tripping it. Then 1 hour a later an evil maid comes in and tampers with the system. In my design, you could look at the photo record, see that the 1st trip was a false alarm, then continue looking at the data, and see that the 2nd trip was something real.
Compared to with the current design, the bug would trip it, then you would get no record of the actual evil maid. You would see the photos of the bug tripping it, and think "oh, it's just a false alarm, I don't need to worry", and trust the computer, even though it's tampered with.
One idea to improve the (2) problem is to instead of only rotating the secret on trip, rotate for every frame, regardless of whether a trip is ongoing or not. So if there are 10 photos/sec that would be 10 rotations/sec. And then there can be a boolean in the signed data with each frame (signed e.g. with a MAC using the secret) that indicates whether there's an ongoing trip or not (and also include a timestamp in the signed data). So that means regardless of whether it's tripping, an attacker can never backdate images prior to when the attacker got control of the system.
sandworm101•1mo ago
An evolution of this would be to put a server on a different network, a remote location, and have it pump out warnings the moment movement was detected and/or contact with the "tripwire" system was lost.
But the best way of preventing evil maid attacks remains knowing your hardware. Anyone trying to swap out my laptop, or open it, is going to have a problem replicating my scratch marks, my non-standard OS boot screen, or prying out the glue holding in the ram modules (to prevent cold boot attacks).
ramses0•1mo ago
Basically core "chaos-infra" for your home setup(s). Hood/Tuck switch between primary and secondary, always trying to stay in touch with "John" (offsite), maybe like a primitive etcd for home automation/monitoring/backup/file-serving. Green==3good, Yellow=degraded[local|remote], Red=single-point-of-failure, Black=off/not-serving.
Other funsie to think about is getting a thumbprint/PIN-locked USB-drive to hold/unlock `~/.passwordstore/*.gpg` so that even on power-outage/reboot you'd need to physically "re-auth" to unlock important secrets.
Something like this would fit nicely into this (imaginary) setup!
sandworm101•1mo ago
But slap a tux logo and an "i l9ve truecrypt" banner on you device and nobody short of the NSA would even attempt a maid attack.
gruez•1mo ago
Can't, or they'll get less money? I'm also not sure if I ever saw a laptop with a cracked case before, not to mention macbooks are the most recognizable and can't have cracked cases (because they're aluminum), and other laptops aren't worth stealing because their value drops sharply.
>But slap a tux logo and an "i l9ve truecrypt" banner on you device and nobody short of the NSA would even attempt a maid attack.
truecrypt is actually very susceptible to evil maid attacks because it doesn't use secureboot/tpm, which means all a baddie has to do is installed a backdoored version of truecrypt and wait for you to enter the password.
sandworm101•1mo ago
hurturue•1mo ago
it's called TSME on AMD
justincormack•1mo ago
mlyle•1mo ago
c.f.
> > If any motion is detected by RPi's camera module or motion sensor, the server will delete those secrets immediately, in addition to sending push notifications to the web client.
It sends notifications in real time and tries to stay irrevocably tripped.