Duress code
Encyclopedia
A duress code is a covert signal used by an individual that is under duress to indicate their state. The term duress code typically refers to a signal embedded in normal communication, such as a word or phrase used during conversation to alert other personnel of the duress. Alternatively, the signal may be incorporated into the authentication process itself, typically in the form of a panic password, distress password, or duress PIN that is distinct from the user's normal password or PIN. These concepts are related to a panic alarm and often achieve the same outcome.
, has been proposed for use in ATMs. Note that in both of these cases, the adversary can request the PIN in advance and ensure the appropriately modified PIN is entered instead or choose randomly between the two possible codes. This allows the adversary to succeed half of the time.
In scenarios where a panic password is used to limit access control, instead of triggering an alarm, it is insufficient to have a single panic password. If the adversary knows the system, a common assumption
, then he will simply force the user to authenticate twice using different passwords and gain access on at least one of the two attempts. More complex panic password schemes have been proposed to address this problem.
For cases where verbal communication (i.e. via cell phone) is possible with family member or friend, a covert phrase can be used to signal duress. In the slim chance that a captor allows the person in duress to use their cell phone (i.e. to obtain a PIN), there is a limited opportunity to use a duress code. Because conversations are often being monitored by a captor, they must be subtle and short. Ideally, the use of a duress code has been confirmed before the current situation, so the family member or friend has verifiable evidence that something is wrong, and when the authorities are notified aren't just limited to speculation. Examples would include asking about someone who does not exist. For example, "What is Cindy barking at?" when the person on the other side knows that either there is no dog, or dog's name is Maggie.
In addition to a duress code, there is duress activity. This may include the duressed individual withdrawing cash from an ATM using a specific credit card, instead of using their debit card. Many credit card companies allow for email alerts to be set up when specific activity occurs. There are technical issues that could pose problems, such as a delay in notification, cellular network availability, and the fact that a location is not disclosed, only the activity.
agents in occupied Europe during World War II
was to give a coded answer when someone checked whether it was convenient to visit a safe-house. If it was genuinely safe to visit, the answer would be "No, I'm too busy." However, if the safe-house had been compromised (i.e. the Nazis had captured it, forcing the occupants to answer the phone at gunpoint in order to lure in other members of the SOE network) the captured agent would say "Yes, come on over." Having been warned that the safe-house had been compromised, the other agent would hang up the phone and immediately inform his team-members so that they could take appropriate action. Typically, this meant using escape and evasion procedures, before the captured agent was tortured by the Gestapo
and forced to give incriminating information such names and addresses etc.
Civilian usage
Some home and property alarm systems have duress PINs, where the last two digits of the reset code are switched around. Entering the code when under duress from an assailant can trigger a silent alarm, alerting police or security personnel in a covert manner. The implementation of this feature has not been without controversy, as it has been claimed to lead to false alarms. A similar mechanism, SafetyPINATM SafetyPIN software
ATM SafetyPIN software is a software application that would allow users of automated teller machines to alert the police of a forced cash withdrawal by entering their personal identification number in reverse order. The system was invented and patented by Illinois lawyer Joseph Zingher...
, has been proposed for use in ATMs. Note that in both of these cases, the adversary can request the PIN in advance and ensure the appropriately modified PIN is entered instead or choose randomly between the two possible codes. This allows the adversary to succeed half of the time.
In scenarios where a panic password is used to limit access control, instead of triggering an alarm, it is insufficient to have a single panic password. If the adversary knows the system, a common assumption
Kerckhoffs' principle
In cryptography, Kerckhoffs's principle was stated by Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.Kerckhoffs's principle was reformulated by Claude Shannon as...
, then he will simply force the user to authenticate twice using different passwords and gain access on at least one of the two attempts. More complex panic password schemes have been proposed to address this problem.
For cases where verbal communication (i.e. via cell phone) is possible with family member or friend, a covert phrase can be used to signal duress. In the slim chance that a captor allows the person in duress to use their cell phone (i.e. to obtain a PIN), there is a limited opportunity to use a duress code. Because conversations are often being monitored by a captor, they must be subtle and short. Ideally, the use of a duress code has been confirmed before the current situation, so the family member or friend has verifiable evidence that something is wrong, and when the authorities are notified aren't just limited to speculation. Examples would include asking about someone who does not exist. For example, "What is Cindy barking at?" when the person on the other side knows that either there is no dog, or dog's name is Maggie.
In addition to a duress code, there is duress activity. This may include the duressed individual withdrawing cash from an ATM using a specific credit card, instead of using their debit card. Many credit card companies allow for email alerts to be set up when specific activity occurs. There are technical issues that could pose problems, such as a delay in notification, cellular network availability, and the fact that a location is not disclosed, only the activity.
Military Usage
A simple but effective duress code used over the telephone by SOESpecial Operations Executive
The Special Operations Executive was a World War II organisation of the United Kingdom. It was officially formed by Prime Minister Winston Churchill and Minister of Economic Warfare Hugh Dalton on 22 July 1940, to conduct guerrilla warfare against the Axis powers and to instruct and aid local...
agents in occupied Europe during World War II
World War II
World War II, or the Second World War , was a global conflict lasting from 1939 to 1945, involving most of the world's nations—including all of the great powers—eventually forming two opposing military alliances: the Allies and the Axis...
was to give a coded answer when someone checked whether it was convenient to visit a safe-house. If it was genuinely safe to visit, the answer would be "No, I'm too busy." However, if the safe-house had been compromised (i.e. the Nazis had captured it, forcing the occupants to answer the phone at gunpoint in order to lure in other members of the SOE network) the captured agent would say "Yes, come on over." Having been warned that the safe-house had been compromised, the other agent would hang up the phone and immediately inform his team-members so that they could take appropriate action. Typically, this meant using escape and evasion procedures, before the captured agent was tortured by the Gestapo
Gestapo
The Gestapo was the official secret police of Nazi Germany. Beginning on 20 April 1934, it was under the administration of the SS leader Heinrich Himmler in his position as Chief of German Police...
and forced to give incriminating information such names and addresses etc.