←back to thread

Show HN: Tripwire: A new anti evil maid defense

(github.com)
81 points DoctorFreeman | 7 comments | 11 Dec 25 09:46 UTC | HN request time: 0.458s | source | bottom

If you have heard of [Haven](https://github.com/guardianproject/haven), then Tripwire fills in the void for a robust anti evil maid solution after Haven went dormant.

The GitHub repo describes both the concept and the setup process in great details. For a quick overview, read up to the demo video.

There is also a presentation of Tripwire available on the Counter Surveil podcast: https://www.youtube.com/watch?v=s-wPrOTm5qo

1. neuralkoi ◴[12 Dec 25 13:44 UTC] No.46244062[source]
The author did an excellent job explaining what an evil maid attack is, but a very poor job of explaining how their proposal mitigates such attack.

I think the classic "Detecting unauthorized physical access with beans, lentils and colored rice" [0] approach is simpler to understand and simpler to implement. It doesn't rely on any hardware, such as a Raspberry Pi or otherwise technology which can be more easily subject to scrutiny via Ken Thompson's "Reflections on Trusting Trust".

[0] https://dys2p.com/en/2021-12-tamper-evident-protection.html

replies(4): >>46244395 #>>46245475 #>>46245903 #>>46251916 #
2. x187463 ◴[12 Dec 25 14:23 UTC] No.46244395[source]
That's cool. I hadn't heard of that, before. I had a related idea for achieving plausible deniability of the key in full disk encryption or similar scenarios. The password would be derived from the position of sensitive, yet innocuous, elements on the device, ensuring that the seizure of the device would likely corrupt this relationship. For instance, a series of N-sided dice could be placed in specific positions on top of the device (in the case of a desktop computer, perhaps), and the password derived from their sequence. Consideration must also be given to the possibility of the device being photographed—likely from a single angle—before being moved. So, the dice would be positioned to include some amount of occlusion. Any dice-based algorithm would need to ensure the search space for the resulting key was sufficiently large.
3. IncreasePosts ◴[12 Dec 25 16:10 UTC] No.46245475[source]
With beans and colored rice, a smart evil maid will just wait until they next earthquake to compromise your devices.
replies(1): >>46245782 #
4. alias_neo ◴[12 Dec 25 16:38 UTC] No.46245782[source]
It's vacuum packed so movement such as that of an earthquake would have no effect.
replies(1): >>46248504 #
5. thenthenthen ◴[12 Dec 25 16:49 UTC] No.46245903[source]
Thanks for sharing again, I saw this at some point but lost the reference, great technique, cheap, easy, fun. This is art
6. ignoramous ◴[12 Dec 25 20:31 UTC] No.46248504{3}[source]
I'm surprised vaccum packing a Laptop with lentils/rice doesn't crack its screen.
7. DoctorFreeman ◴[13 Dec 25 04:11 UTC] No.46251916[source]
Thanks for the feedback. My guess is that the part about destroying the random secrets is easier to understand, but the later part about a key pair and how its signing of the photo log can help with a persistent network outage is harder to understand? It does need a specific mental picture to see how it makes sense. I'll try to have more diagrams to explain.

But yeah the "random mosaic" with rice and beans is a great defense. My view is that these together can form a defense in-depth.