The effect of global monitoring has shocked even the most paranoid of users, but what can you do to protect particularly sensitive data? Make life as difficult as possible for the secret services says security expert Bruce Schneier [1]. This advice also helps protect you against attackers with criminal interests who are capable of demonstrating a huge amount of skill when it comes to retrieving data from other people's computers.

To help users defend themselves against both attackers and spies, Ubuntu offers its Ubuntu Privacy Remix (UPR) [2]. Just a few months ago its feature descriptions caused much hilarity among large parts of the computer-savvy universe: no access to the Internet, no install option, and no access to the hard disk!

If you take another look at the project, however, which was launched in 2008, with the benefit of hindsight, these features no longer sound so absurd. What use is hard drive encryption if spyware leverages various attack vectors, such as downloads, zero-day exploits, backdoors, or routers to infect your computer? Without write access to the hard drive, installing malware is infinitely more difficult, and the lack of Internet access takes care of the rest. To let you save files without hard drive access, Ubuntu Privacy Remix 12.04, which is currently still in beta, offers a USB flash drive solution based on TrueCrypt [3]. (Of course, no computer system is completely secure, and this includes URP – see the box titled "Caveats.")

Ubuntu Privacy Remix is specifically designed to avoid the most vulnerable computer activities, such as hard disk access and Internet surfing, even though these activities are at the very core of the everyday computing experience for most users. Thus, the most radical and significant part of the UPR experience is not the software on the system (a familiar blend of common Linux tools), but the task of adapting to the new security-conscious approach to personal computing.

Feature Count

Without Internet access and disk access, simple things can become complicated: UPR is burned onto a DVD by default and used in Live mode.

The basic system already comes with many useful tools. The current beta is based on Ubuntu 12.04.2 LTS with the Gnome Classic desktop and kernel 3.5. Deviating from the regular Ubuntu 12.04 portfolio, UPR 12.04rc1 has both LibreOffice 4.0 and Scribus 1.4.2 on board. I want the finished version to be based on Ubuntu 12.04.3, to update the kernel to version 3.8, and to include GIMP 2.8 and LibreOffice 4.1.

Other passengers include the Tellico collection management tool, the Vym Mind Mapper, the Planner project management tool, the Totem video player, Brasero disk-burning software, VirtualBox, and some other useful tools.

To combat attempts to read the memory, the project aims to leverage the memory erasure function from the Tails project [5]. This function uses sdmem at shutdown time to delete the greatest part of the data in memory, thereby preventing cold boot attacks, in the course of which the RAM is frozen and then read later.

Anyone who is not satisfied with Ubuntu Privacy Remix software collection needs to build their own version. The project provides assistance by offering an appropriate template on the website [4]. Mastering your own UPR version can be a time-consuming experience.

Bootstrap

The first step is to use an HTTPS connection to download a non-compromised version of the image [6] and an associated signature file. The image is signed with the PGP key of Mark Preetorius, the project maintainer. You can verify its integrity as follows:

gpg --verify upr-12.04r1beta1.iso.sig upr-12.04r1beta1.iso

Typically, a disk-burning program like Brasero or K3b is all you need to burn the image to a DVD. If you do want to use a USB flash drive, this means compromising one of the advantages: A stick is writable and can thus be manipulated. Some drives offer at least the option to enable write protection by flipping a hardware switch (see the "UPR on a USB Stick" box); you will want to do this after installing the image. The developers advise against using SD cards, because write protection does not work reliably.

dd if=<upr-12.04r1beta1.iso> of=/dev/sd <X> bs=512K
sync

If you want to be sure that the files on the USB stick have not been tampered with, you can verify MD5 and SHA1 checksums contained in the ISO. A list of the checksums is in the root directory of the burned DVD or USB flash drive. The simple script in Listing 1 first extracts the paths to the individual files from the checksum file in the root directory, ${md5datapath}.

The for loop generates the MD5 checksum for all the files in the paths of $data and writes the results to a new file named md5sum_new.txt. The sed tool removes the ${datapath} from all paths in the newly created file. The latter should now be identical to the /media/work/UPR_12.04r1/md5sum.txt – unless the checksums do not match. To verify this, the script finally runs diff against both files and, if successful, outputs the message shown in Figure 1. With a few adjustments, you can do the same thing with the sha1sum.txt file.

Figure 1: Validating the checksums of the UPR files with the help of a script.

All this is of little use if the whole image has been replaced by a manipulated version, however. To prevent this, the md5sum.txt and sha1sum.txt files, which list the checksums, are signed and can be verified from the root directory of UPR via the maintainer's public key:

gpg --verify sha1sum.txt.sig sha1sum.txt
gpg --verify md5sum.txt.sig md5sum.txt

Using the fingerprint and an Internet search, the user can verify the maintainer's key.

Data Vault

In the Ubuntu Privacy Remix boot menu – press Esc – you can choose a language by pressing F3. By default, the user is not root, but you can change this by pressing F6 and entering godmode on the Boot Option line (Figure 2). The sudo su command then gives the user root access without a password.

Figure 2: In the boot menu, you can change the UPR language and enable the godmode option for root access.

If you want to save data but do not need root privileges, your next step is to set up an extended TrueCrypt container on a second USB stick. To do so, call the menu item Applications | Security | TrueCrypt Volume Wizard, check Create an extended volume and then select Create a container file.

In the next TrueCrypt window, click on Browse in the Container file line and select the USB stick that will hold the container. Its size depends on the space available on the drive, but you will want to be as generous as possible here, because all the files you attempt to save on UPR end up here.

After assigning a name and setting a password (20 characters), you need to move the mouse for one minute to generate random numbers, then press Generate and wait for the success message. The password should be very secure, because Ubuntu Privacy Remix stores an encrypted version of it on the USB stick.

To use the extended container, open the File Manager, right-click the container, and select TrueCrypt-Container | Open. After entering the password, the container appears on the desktop ready for use.

But that's not all: UPR automatically stores the configurations of various programs in the container as links from your home directory. You can thus set up LibreOffice without ever losing your settings. The prerequisite is that you open the container before launching the programs. To unmount the container before shutting down, just right-click the desktop icon and select TrueCrypt-Container  | Unmount.