Ubuntu for the security conscious

Private Island

Article from Issue 157/2013
Author(s):

Worried about spies and criminals? Ubuntu Privacy Remix breaks down all the bridges to the Internet and converts the computer into an island of security. If you want to head back to civilization, you'll need a USB stick and plenty of patience.

The effect of global monitoring has shocked even the most paranoid of users, but what can you do to protect particularly sensitive data? Make life as difficult as possible for the secret services says security expert Bruce Schneier [1]. This advice also helps protect you against attackers with criminal interests who are capable of demonstrating a huge amount of skill when it comes to retrieving data from other people's computers.

To help users defend themselves against both attackers and spies, Ubuntu offers its Ubuntu Privacy Remix (UPR) [2]. Just a few months ago its feature descriptions caused much hilarity among large parts of the computer-savvy universe: no access to the Internet, no install option, and no access to the hard disk!

If you take another look at the project, however, which was launched in 2008, with the benefit of hindsight, these features no longer sound so absurd. What use is hard drive encryption if spyware leverages various attack vectors, such as downloads, zero-day exploits, backdoors, or routers to infect your computer? Without write access to the hard drive, installing malware is infinitely more difficult, and the lack of Internet access takes care of the rest. To let you save files without hard drive access, Ubuntu Privacy Remix 12.04, which is currently still in beta, offers a USB flash drive solution based on TrueCrypt [3]. (Of course, no computer system is completely secure, and this includes URP – see the box titled "Caveats.")

Caveats

The makers of UPR do not claim that their system will solve all of your security problems: The risk scenarios they cite include manipulated hardware on which a hypervisor or hardware keylogger is running unnoticed. This scenario, however, would require at least physical access to the computer. If the attacker has the memory stick, he or she could also exploit weak passwords for TrueCrypt containers.

In particular, UPR cannot protect you against attacks that have nothing to do with IT, such as hidden cameras, scanning of wireless keyboards, and monitor radiation. This statement is confirmed by Bruce Schneier [1]: "What I took away from reading the Snowden documents was that if the NSA wants into your computer, it's in. Period."

Ubuntu Privacy Remix is specifically designed to avoid the most vulnerable computer activities, such as hard disk access and Internet surfing, even though these activities are at the very core of the everyday computing experience for most users. Thus, the most radical and significant part of the UPR experience is not the software on the system (a familiar blend of common Linux tools), but the task of adapting to the new security-conscious approach to personal computing.

Feature Count

Without Internet access and disk access, simple things can become complicated: UPR is burned onto a DVD by default and used in Live mode.

The basic system already comes with many useful tools. The current beta is based on Ubuntu 12.04.2 LTS with the Gnome Classic desktop and kernel 3.5. Deviating from the regular Ubuntu 12.04 portfolio, UPR 12.04rc1 has both LibreOffice 4.0 and Scribus 1.4.2 on board. I want the finished version to be based on Ubuntu 12.04.3, to update the kernel to version 3.8, and to include GIMP 2.8 and LibreOffice 4.1.

Other passengers include the Tellico collection management tool, the Vym Mind Mapper, the Planner project management tool, the Totem video player, Brasero disk-burning software, VirtualBox, and some other useful tools.

To combat attempts to read the memory, the project aims to leverage the memory erasure function from the Tails project [5]. This function uses sdmem at shutdown time to delete the greatest part of the data in memory, thereby preventing cold boot attacks, in the course of which the RAM is frozen and then read later.

Anyone who is not satisfied with Ubuntu Privacy Remix software collection needs to build their own version. The project provides assistance by offering an appropriate template on the website [4]. Mastering your own UPR version can be a time-consuming experience.

Bootstrap

The first step is to use an HTTPS connection to download a non-compromised version of the image [6] and an associated signature file. The image is signed with the PGP key of Mark Preetorius, the project maintainer. You can verify its integrity as follows:

gpg --verify upr-12.04r1beta1.iso.sig upr-12.04r1beta1.iso

Typically, a disk-burning program like Brasero or K3b is all you need to burn the image to a DVD. If you do want to use a USB flash drive, this means compromising one of the advantages: A stick is writable and can thus be manipulated. Some drives offer at least the option to enable write protection by flipping a hardware switch (see the "UPR on a USB Stick" box); you will want to do this after installing the image. The developers advise against using SD cards, because write protection does not work reliably.

UPR on a USB Stick

In the lab, I discovered a number of minor obstacles to making a bootable USB stick. Ubuntu's boot media creator failed with an error message, which can probably be attributed to a bug in the software. Although unetbootin created a bootable system, it installed its own boot menu. The lines

dd if=<upr-12.04r1beta1.iso> of=/dev/sd <X> bs=512K
sync

finally resulted in a bootable stick.

If you want to be sure that the files on the USB stick have not been tampered with, you can verify MD5 and SHA1 checksums contained in the ISO. A list of the checksums is in the root directory of the burned DVD or USB flash drive. The simple script in Listing 1 first extracts the paths to the individual files from the checksum file in the root directory, ${md5datapath}.

Listing 1

md5.sh

 

The for loop generates the MD5 checksum for all the files in the paths of $data and writes the results to a new file named md5sum_new.txt. The sed tool removes the ${datapath} from all paths in the newly created file. The latter should now be identical to the /media/work/UPR_12.04r1/md5sum.txt – unless the checksums do not match. To verify this, the script finally runs diff against both files and, if successful, outputs the message shown in Figure 1. With a few adjustments, you can do the same thing with the sha1sum.txt file.

Figure 1: Validating the checksums of the UPR files with the help of a script.

All this is of little use if the whole image has been replaced by a manipulated version, however. To prevent this, the md5sum.txt and sha1sum.txt files, which list the checksums, are signed and can be verified from the root directory of UPR via the maintainer's public key:

gpg --verify sha1sum.txt.sig sha1sum.txt
gpg --verify md5sum.txt.sig md5sum.txt

Using the fingerprint and an Internet search, the user can verify the maintainer's key.

Data Vault

In the Ubuntu Privacy Remix boot menu – press Esc – you can choose a language by pressing F3. By default, the user is not root, but you can change this by pressing F6 and entering godmode on the Boot Option line (Figure 2). The sudo su command then gives the user root access without a password.

Figure 2: In the boot menu, you can change the UPR language and enable the godmode option for root access.

If you want to save data but do not need root privileges, your next step is to set up an extended TrueCrypt container on a second USB stick. To do so, call the menu item Applications | Security | TrueCrypt Volume Wizard, check Create an extended volume and then select Create a container file.

In the next TrueCrypt window, click on Browse in the Container file line and select the USB stick that will hold the container. Its size depends on the space available on the drive, but you will want to be as generous as possible here, because all the files you attempt to save on UPR end up here.

After assigning a name and setting a password (20 characters), you need to move the mouse for one minute to generate random numbers, then press Generate and wait for the success message. The password should be very secure, because Ubuntu Privacy Remix stores an encrypted version of it on the USB stick.

To use the extended container, open the File Manager, right-click the container, and select TrueCrypt-Container | Open. After entering the password, the container appears on the desktop ready for use.

But that's not all: UPR automatically stores the configurations of various programs in the container as links from your home directory. You can thus set up LibreOffice without ever losing your settings. The prerequisite is that you open the container before launching the programs. To unmount the container before shutting down, just right-click the desktop icon and select TrueCrypt-Container  | Unmount.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News