Tin Hat Linux
Encyclopedia
Tin Hat is a Linux distribution derived from Hardened Gentoo
Linux. It aims to provide a very secure, stable, and fast desktop
environment that lives purely in RAM
. Tin Hat boots
from CD, or optionally from USB flash drive
, but it is not a LiveCD in that it does not mount any file system
from the boot device. Rather, Tin Hat employs a massive SquashFS
image which expands into tmpfs
upon booting
. This makes for long boot times, but remarkable speeds during human-computer interaction.
that is resistant to forensic
analysis. Physical access to a computer with unencrypted filesystems provides no securing of the data and an attacker would have no problems retrieving the data. Encrypting the filesystem is a major step in frustrating such an attack. Many implementations of encryption
do not hide the fact that data is encrypted on the filesystem. For example, the LUKS encryption system includes a metadata which details the block cipher
and block cipher mode used in encryption. This information itself does not help the attacker decrypt the filesystem, but does show that encryption
has been employed. The attacker would at least have one piece of information: that he is looking at encrypted data and not random data.
An alternative is to configure the system to use two passwords; one mounts a fake volume
, while the other leads to a hidden volume
whose existence may be denied. Tin Hat doesn't use this method, and instead relies on the fact that encrypted data cannot be differentiated from truly random data, and the user can pretend that their hard drive didn't contain encrypted data, but only random data from overwriting it. It is debatable as to how successful this approach would be in practice, as the presence of large amounts of random data would in itself give rise to reasonable suspicion that the data is encrypted.
Tin Hat's preferred method of encryption
is via loop-aes v3.
Finally, beyond these considerations, Tin Hat has to also protect against all the more familiar network/code born exploits
. The hardening model chosen is PaX
/Grsecurity
which is already provided by the Hardened Gentoo
project. Hardening of the kernel and the toolchain
make most code born exploits less likely. A non-modular compiled kernel
further frustrates the insertion of malicious kernel modules
.
's native portage
system.
Hardened Gentoo
Hardened Gentoo is a project of Gentoo Linux that is enhancing the distribution with security addons. Current security enhancements to Gentoo Linux can be:*SELinux**A system of mandatory access controls...
Linux. It aims to provide a very secure, stable, and fast desktop
Desktop computer
A desktop computer is a personal computer in a form intended for regular use at a single location, as opposed to a mobile laptop or portable computer. Early desktop computers are designed to lay flat on the desk, while modern towers stand upright...
environment that lives purely in RAM
Ram
-Animals:*Ram, an uncastrated male sheep*Ram cichlid, a species of freshwater fish endemic to Colombia and Venezuela-Military:*Battering ram*Ramming, a military tactic in which one vehicle runs into another...
. Tin Hat boots
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
from CD, or optionally from USB flash drive
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
, but it is not a LiveCD in that it does not mount any file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
from the boot device. Rather, Tin Hat employs a massive SquashFS
SquashFS
SquashFS is a compressed read-only file system for Linux. SquashFS compresses files, inodes and directories, and supports block sizes up to 1 MB for greater compression...
image which expands into tmpfs
TMPFS
tmpfs is a common name for a temporary file storage facility on many Unix-like operating systems. It is intended to appear as a mounted file system, but stored in volatile memory instead of a persistent storage device...
upon booting
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
. This makes for long boot times, but remarkable speeds during human-computer interaction.
Design goal
The central design consideration in Tin Hat is to construct an operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
that is resistant to forensic
Computer forensics
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media...
analysis. Physical access to a computer with unencrypted filesystems provides no securing of the data and an attacker would have no problems retrieving the data. Encrypting the filesystem is a major step in frustrating such an attack. Many implementations of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
do not hide the fact that data is encrypted on the filesystem. For example, the LUKS encryption system includes a metadata which details the block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
and block cipher mode used in encryption. This information itself does not help the attacker decrypt the filesystem, but does show that encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
has been employed. The attacker would at least have one piece of information: that he is looking at encrypted data and not random data.
An alternative is to configure the system to use two passwords; one mounts a fake volume
Volume (computing)
In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
, while the other leads to a hidden volume
Volume (computing)
In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
whose existence may be denied. Tin Hat doesn't use this method, and instead relies on the fact that encrypted data cannot be differentiated from truly random data, and the user can pretend that their hard drive didn't contain encrypted data, but only random data from overwriting it. It is debatable as to how successful this approach would be in practice, as the presence of large amounts of random data would in itself give rise to reasonable suspicion that the data is encrypted.
Tin Hat's preferred method of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
is via loop-aes v3.
Finally, beyond these considerations, Tin Hat has to also protect against all the more familiar network/code born exploits
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
. The hardening model chosen is PaX
PaX
PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...
/Grsecurity
Grsecurity
grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...
which is already provided by the Hardened Gentoo
Hardened Gentoo
Hardened Gentoo is a project of Gentoo Linux that is enhancing the distribution with security addons. Current security enhancements to Gentoo Linux can be:*SELinux**A system of mandatory access controls...
project. Hardening of the kernel and the toolchain
Toolchain
In software, a toolchain is the set of programming tools that are used to create a product...
make most code born exploits less likely. A non-modular compiled kernel
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
further frustrates the insertion of malicious kernel modules
Loadable Kernel Module
In computing, a loadable kernel module is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system...
.
Difference from Gentoo
The design goals of Tin Hat necessitate branching from Gentoo, rather than adding features from within by adding software to GentooGentoo Linux
Gentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...
's native portage
Portage (software)
Portage is a package management system used by Gentoo Linux, based on the concept of ports collections. Gentoo is sometimes referred to as a meta-distribution due to the extreme flexibility of Portage, which makes it operating-system-independent. The Gentoo/Alt project is concerned with using...
system.
External links
Articles and media coverage
- Gentoo Monthly Newsletter: August 31 2008
- Hackaday.com: Nov 20th 2008
- Golem.de (German): March 12th 2009
- Desktoplinux.com: March 12th 2009
- OpenNet.ru (Russian): March 12th 2009
- Root.cz (Czech): March 15th 2009
- LWN.net: March 18th 2009
- Pofacs #067 (German Podcast): January 21st 2010
- Xakep.ru (Russian): February 27th 2010