Some measures that are primarily physical   /  Chapter 5 [edit | edit source]

Physical isolation and locks[edit | edit source]

Physical isolation and locks are also other important elements in maintaining computer security. For example, locking-up a laptop when it is not being used, might be a good idea. If a laptop is left unattended for a long time, someone could perform major tampering to it, in such ways that there is no trace evidence of the tampering. Full-system encryption (dealt with in the earlier section entitled “Full system encryption, full disk encryption (FDE)”) can partially defend against this.

Physical measures for securing bootloader when using full-system encryption[edit | edit source]

Having the bootloader for such full-system encryption separately locked away on a USB memory stick rather than stored within the laptop as is usually done, may be a good idea from a security point of view (as documented in the earlier section entitled “Bootloader for FDE”). If the bootloader is instead kept on an internal drive (as is normally done), it’s relatively straightforward to tamper with the bootloader when there is physical access to the laptop (by use of so-called bootkits for example). If you are storing the bootloader in the laptop, and you choose to use the Heads BIOS/UEFI firmware system^[1], you will have improved security because Heads stores the bootloader in motherboard ROM rather than on one of the internal drives. If in conjunction with Heads, you make certain judicious use of epoxy resin on the motherboard, it appears likely that tampering with the bootloader can be made extraordinarily unlikely, ensuring such good security in conjunction with full disk encryption, that it may even be unnecessary to lock away your laptop.

Padlockable laptop bag[edit | edit source]

If you have a laptop bag, have a look to see whether you can padlock it, perhaps through zipper sliders on any of the bag’s zips. Also consider whether you can padlock all of your computing devices within that bag, for safe-keeping. You may, for example, be able to padlock your laptop, Chromebook, and mobile phone, all within that bag. When you take your devices away from your usual work location (such as when travelling with them), you may wish to take the bag with you, and have your devices padlocked in that bag whenever they are not being used.

Metal boxes[edit | edit source]

If you are locking devices away in metal boxes, you may wish first of all to place them in cushioned bags (such as perhaps a laptop bag), in order to prevent damage from knocks and bumps when the devices are in the metal boxes.

Metal boxes can probably be securely obtained, by buying them over the internet and having them delivered to you, because there are unlikely to be security concerns if they are intercepted—they can be manually inspected when they arrive to check for tampering. But it should also be borne in mind that, due to great advancements in espionage technology, detection of embedded espionage technology might not be so straight-forward as simply visually inspecting any such boxes. From this point of view, it may well be worthwhile purchasing such a box using the principle outlined later on in the section entitled “User randomly selecting unit from off physical shelves” to minimise the risk of espionage technology being embedded in the metal of the box. In contrast, the padlocks used for any such metal boxes likely should, without question, be bought using this principle in order to minimise MITM attacks (man-in-the-middle attacks) that are focused on the padlock element of the set-up. It probably should be ensured that the security ratings of the selected padlocks are all high.

Combination lock briefcase[edit | edit source]

Computing devices may also fit into a combination lock briefcase that you already own. You might be able to purchase such briefcases cheaply from a local second-hand shop however, be aware that second-hand combination locks might pose unacceptable security risks for your particular threat model.

Physically removing storage component(s) from the rest of the computer system, and then securely storing those components separately[edit | edit source]

Such securing may be good seeing as ‘data at rest’ on such storage components (such as on SD cards, internal HDDs, etc.) are mostly more secure than when in their associated computer systems, whenever reasonable physical security measures are also taken. The storage components can then be installed in fresh brand new non-compromised computer systems, to retrieve securely the associated data authentically. Also, such storage components tend to be smaller than computer systems, which provides for better secret concealment and storage. However, it should also be noted that because of their small size, they can also be secretly stolen more easily.

On some laptops, removing the internal system disk is easy. If you have such a laptop, you can perhaps simply remove the system disk at the end of each working day, and lock it up. This may not be feasible for laptops not having this feature (perhaps most or all light-weight computers, such as certain Chromebooks, fall into this latter category).

Physically securing keys[edit | edit source]

It seems likely that someone can quite easily create clones of most physical keys by:

1. taking a short (maybe 10 seconds' long) mobile-phone video of such a physical key,
2. sending the video for computer analysis, and then
3. creating a cloned key based on that analysis.

If this is true, then an adversary (or maybe perhaps more specifically an "evil maid"), just needs access to the physical key and a camera on their smartphone (most people have smartphone cameras) for maybe just 30 to 60 seconds for the creation of the video that is then sent over the internet perhaps half-way across the world, for computer analysis to create a cloned key.

It may therefore be best to use tamper-evident systems (such as those detailed shortly in the next subsections^[2]) to protect physical keys. However, it should be borne in mind that if the tamper-evident system employed relies upon padding consisting of something like rice grains, then an adversary may still be able to clone the key by simply using x-ray photography. With this in mind, using shredded CDs and DVDs for padding might be a good idea, as the metal in them will probably interfere with many photography methods that rely upon electric fields, and/or magnetic fields (covers electromagnetic radiation).

Privacy screens[edit | edit source]

A good idea seems to be to get privacy screen filters for your different devices. They work by inducing some level of privacy by lowering the maximum viewing angles of the screens on which they are installed.

Specifically for goods in physical transit[edit | edit source]

In order to ensure goods aren't tampered with in transit, it can be requested of the sender that they appropriately use tamper evident mechanisms such as certain kinds of security tape and certain kinds of security bag. These appear to be cost-effective ways to help ensure goods aren't tampered with when being sent by post. Unfortunately, from investigations, the current tamper evident solutions that are commonly available appear to be mostly quite poor. A novel solution might be to sign digitally a customer’s address, and then print such signature on the tamper-evident mechanism in such fashion that the mechanism is costly to duplicate (perhaps by use of some kind of supplier ‘seal’, maybe a holographic one, also printed on the mechanism). However, at present, no such product or other good enough product appears to be generally affordable.

Exploiting unrepeatable patterns for tamper evidence[edit | edit source]

Applying glitter nail varnish to computer screws[edit | edit source]

Trammell Hudson has suggested a low-cost and effective tamper-evident solution that uses the painting of computer-case screw heads with glitter nail polish to produce practically unrepeatable patterns that are destroyed through unscrewing. By photographing the patterns, and making sure patterns haven’t changed, one can be reasonably sure that no one has unscrewed the painted screws. Information on this solution, which seems to have been accepted by the security community, and how it can be slightly extended for other things, can be found here.

Tamper-evident security-system ideas[edit | edit source]

In parallel with Trammell’s solution which is at least five years old, Mark Fernandes has recently devised similar schemes that employ the same unrepeatable-pattern principle. Those schemes, possibly with improvements contributed by others, are detailed in the following subsections.

Main idea[edit | edit source]

Note that creating your own home-made set-up out of commonly available materials (like cardboard) will likely ensure greater security^[3].

1. Submerge a computing device in:
   • ⦾  polystyrene pieces     ^{(such as those used for cushioning parcelled items [aka foam peanuts]),}
   • ⦾  rice,
   • ⦾  transparent beads,
   • ⦾  imitation diamonds,
   • ⦾  shredded:
     • ⦿  paper,
     • ⦿  reflective foil,
     • ⦿  holographic material,
     • ⦿  redundant CDs and DVDs,
       

       ^{(paper shredders are commonly capable of shredding CDs and DVDs)
       (such shreds might have reflective, refractive, holographic, and transparent properties)}

     • ⦿  transparent cling film,    _OR
     • ⦿  other transparent plastic

   🄾🅁

   • ⦾  a mix of any of these

   encased in a transparent plastic:

   • ➢  box,     _OR
   • ➢  bag/pouch
     

     ^{(a bag/pouch is good because the shape flexibility of the bag/pouch provides stronger tamper evidence).}

   (depending on means and security level desired)

   Due to the optical effects of refraction and/or reflection, increased security can be attained by using materials with high amounts of transparency and reflectivity.

   But when using reflective properties, care needs to be taken to make sure reflections of things outside the security zone do not occur in the photography as that might make the authentication of photographs not possible.

   Mixing different materials together, may provide the optimal solution.

   Highest security is likely plastic bag/pouch containing material with
   

   ◦ reflective, ◦ refractive, ◦ holographic,     _and     ◦ transparent     _properties,

   🄰🄽🄳
   where those properties are varied amongst the pieces.

2.  
   

   ⦾	If using a box, after the photographing you can gently move it to the ‘at rest’ security location being careful not to disturb the positions of the pieces in the box.
   ⦾	If ⦿  you’re instead using a bag/pouch,    🄾🅁 ⦿  want the box to be at the ‘at rest’ security location when photographing, now put the container in the ‘at rest’ security location.
   ⦾	The ‘at rest’ security location should be a place where nothing (such as a person, animal, or insect) is likely to disturb it physically (can be locked in a safe to ensure this).

3. Take at least two photographs, each from quite different angles, with at least one from an aerial view, of the plastic container with its contents visible.

   A tripod ^{(even used with a mobile-phone camera)} can be used, in the scenario that a static camera position-angle combination is required for the better detection of discrepancies between two security photos.

4. Securely store the photographs so that they undergo no tampering
   

   ^{(you may wish to print them out and sellotape them to your body if you desire high security).}

5. After some period of time, return to the container.
6. Check that the photographs match the current state of the container.
   

   If the pieces appear to have moved,
   🠞	then it's a good indication that it has undergone some disturbance where possible tampering may have occurred.

   On the other hand,     if all the photographs match,
   🠞	then it's a very good indication that the computing device has not been accessed in the intervening time.

   Software (such as an app) may be used to automate security photograph matching however, it should be noted that simply switching back and forth between two photos on a screen, can be sufficient for a human being to detect visually, visual changes, due to the high visual cognitive power of human beings—it’s basically a game of ‘spot the difference’.

Video detailing tamper-evident unrepeatable-pattern mechanism using rice

Illustration demonstrating the effectiveness of using rice for tamper-evidence

Speculating stronger security again with unrepeatable-pattern principle[edit | edit source]

A similar idea with potentially even more security may exist where a computing device is placed in a water-proof container, and then submerged in a bathtub of water that has coloured oil on the water’s surface such that there is a marbling effect on the water’s surface—admittedly, it’s not clear whether this other idea would actually work in practice.

Similar idea for other circumstances (such as for metal boxes)[edit | edit source]

Another similar system relies on the likely fact that certain natural hand-made paper:

• can be easily photographed,
• is hard to duplicate as a deceptive fake in respect of the precise natural colour variations for a particular sheet of paper (they’re like fingerprints), and
• is not capable of having significant tears in it hidden from those wanting to detect any tears in it.

Where such properties are also found in other materials^[4], such other materials probably can also be used instead.

Any one such paper, can be 'read' by taking a photograph of it. The colour variations can be measured and in sequence encoded as a long number, which can also be interpreted as being a key (like an encryption key). With such a paper, it is practically impossible to create another paper with exactly the same colour variations, as a deceptive fake. The paper can be glued over the hinges and crevices of a locked metal box. By opening the box, the paper is torn. Because it is hard to hide tears in it in the case of someone else opening the box before you, and because the precise colour variations are hard to fake deceptively, you’ll notice whether someone else has opened the box before you, thereby providing tamper evidence.

Very strong glue probably would need to be used, to ensure better that the paper is noticeably damaged through the opening of the box. If the paper can be glued on the inside of the metal box (instead of the outside), that might be best in order to prevent someone removing the glue through the use of glue solvents like acetone, the doing of which would present itself as a point of weakness in the security system if the gluing were instead performed on the outside.

Perhaps the simplest and best idea[edit | edit source]

Perhaps the simplest and best tamper evident system is simply to wrap-up computing devices in some material that retains its shape when at rest, but that also can quite easily lose its shape when slightly disturbed in such fashion that it is hard to achieve once again the prior shape. Shell-suit material may be good for this. Also silk (maybe an old silk scarf perhaps) might be good. Certain kinds of crumpling plastic bags might also be good. Simply using bubble wrap in such ways, will likely provide at least some level of security.

Software based tamper checking using security images[edit | edit source]

If relying on software based authentication for making sure there is no tamper evidence between two security photos, using a tripod is likely necessary as two security photos requiring comparison need to have been taken from the same angle and location (at least approximately within a certain degree of deviation). Using a smartphone camera may be preferred, as the software for checking two security photos can then be automatically run on the same device used for capturing the photos, which in some ways (in respect of being such an integrated approach) presents a more attractive security solution. However, a digital camera can also be used, with the associated SD card being then taken out and placed into a device that can run the related security-photo matching software.

The software solution can be manually coded, if none already exists. A rough idea of an algorithm that might be acceptable for the solution, is as follows:

1. If necessary, generate many security photo pairs, by using the first photo as the first element in each pair, and then by generating different and distinct second elements by re-positioning the second photo within a frame (solely in computational terms), by small amounts away from its original position, such that all re-positioning is tried in all the generated re-positioned photos, where re-positioning only occurs within a set radius from the original position of the second photo. Each of the generated security photo pairs should then go through the process outlined in the remaining steps in order to determine whether any security-compromise disturbance has occurred. This step is here to mitigate against the potential of the camera position used between two security-photo-taking events being slightly different (probably because of slight physical disturbances).
2. Increase size of pixels in photos so that they look more pix-elated, but not so much so as to have the software fail of its essential purpose.
3. Calculate standard deviation on colour differences (can possibly use Euclidean distance between two RGB values mapped to 3D space) between corresponding pixels in both photos (using this method requires that lighting be exactly the same between two security-photo-taking events, which might be contrived by closing curtains and switching on electric lighting).
4. Make sure standard deviation is beneath a certain toleration level, where such bounding implies that there were no physical-disturbance-based security compromises.

---

Footnotes

1. ↑ Mentioned earlier in the section entitled “Custom BIOS/UEFI and which one to use”.
2. ↑ In the subsections “Specifically for goods in physical transit” and “Exploiting unrepeatable patterns for tamper evidence”.
3. ↑ See the section entitled “DIY security principle” for more about this.
4. ↑ Such as perhaps in recycled paper, newspaper, tie-dyed material, ink-marbled paper, tea-bag marbled [stained] paper, or even maybe just straight-forward printer paper.

Chapter 4 Digital storage

Contents, Index, Foreword

Chapter 6 Mind-reading attacks