"data-less" travel opsec

Operational security practices for international travel

aka

Secure Covert Backup Strategy for Tails using Tahoe-LAFS

note: Tails is a good choice but this could be applied to other operating systems/Linux distros. In some ways this article is a continuation of Simple Tails Backup procedure with Tahoe-LAFS

context

When traveling in surveilance states where there is risk of search of seizure... you do not want to be in posession of ciphertext, key material or other sensitive data. If you are detained and have ciphertext they can request you for the phassphrase to decrypt your data. Things may not go so well for you if you don't comply with their demands.

To fulfill this objective of not carrying sensitive data we can choose to either carry benign data like a Tails disk with no Persistent volume... or no data at all. This means either "secure erasing" your drive(s). Perhaps some people will opt to not carry any drives at all. Of course carrying no drives at all would mean that in the future you'll have to acquire an operating system and a drive to put it on... like Tails on a USB disk for instance.

To meet this goal of not carrying any critical data we need to reduce the complexity of restoring our confidential backup to two pieces of information that can be remembered (and should not be written down):

  1. passphrase to unlock critical blob
  2. retreival information of critical blob

Once you've setup several redundant hiding places for your critical ciphertext blob of Tahoe-LAFS information then you "secure erase" your drive(s) before traveling.

Create your critical ciphertext blob like this:

This critical blob contains Tahoe-LAFS cryptographic capabilities and grid connection information. That is... everything we need to restore all our sensitive data; key material and configuration files in my case. It's a total loss if an attacker gains access to our Tahoe-LAFS cryptographic capabilities. We therefore protect this data by symmetrically encrypting with an entropic passphrase.

Create a textfile containing Tahoe-LAFS onion grid connection information and root cryptographic capability:

cat <<EOT>critical
export introducer_furl='pb://MyTubID@MyOnionAddress.onion:OnionPort/SuperSecretSwissnum'
root_cap='URI:DIR2:aaaaaaaaabcaaaaaaaaaaaaaaa:kkkkkkkkkkkkkkfghkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk'
[client-server-selection]
server.v0-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.type = tahoe-foolscap
server.v0-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.nickname = RobotKillHuman
server.v0-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.seed = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
server.v0-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.furl = pb://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@cccccccccccccccc.onion:34273/cswisssssssssssssssssssssssssnum
server.v0-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.type = tahoe-foolscap
server.v0-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.nickname = RobotPlanetConspiracy
server.v0-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.seed = bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
server.v0-bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.furl = pb://bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb@dddddddddddddddd.onion:34273/bswisssssssssssssssssssssssssnum
server.v0-cccccccccccccccccccccccccccccccc.type = tahoe-foolscap
server.v0-cccccccccccccccccccccccccccccccc.nickname = StorageForRobotsOnly
server.v0-cccccccccccccccccccccccccccccccc.seed = cccccccccccccccccccccccccccccccc
server.v0-cccccccccccccccccccccccccccccccc.furl = pb://ccccccccccccccccccccccccccccccc@eeeeeeeeeeeeeeee.onion:34273/aswissssssssssssssssssssssssssnum
EOT

Unfortunately we have not yet merged Leif Ryge's truckee feature branch of Tahoe-LAFS upstream. Use this truckee so that you have my introducer-less feature which allows you to specify storage node connection information directly in your tahoe.cfg... thus eliminating the introducer node as the single point of failure and success.

Currently I use DJB's NaCl SecretBox to verifiably encrypt/decrypt the critical connection information and root cap like this: secretBox.py

./secretBox.py --encrypt critical > critical.secretbox

Make sure to pick a long entropic passphrase with enough interesting words.

What does retrieval information of critical blob mean?

Your threat model may permit you to publicly stash your critical blob in a memorable location such as:

  • on a gist or github repo
  • in a tweet
  • in a blog post
  • web host at memorable url

On the other hand your threat model may advise against exposing your critical blob to cryptanalysis... You might prefer more covert methods of recovery:

  • use ssh to retreive the file from a private shell account
  • Pond message a friend; retreive from friend directly
  • PGP e-mail a friend; retreive from friend directly

Restore procedure:

  1. acquire Tails disk
  2. acquire critical ciphertext blob
  3. decrypt ciphertext blob
  4. configure Tahoe-LAFS client
  5. download all your private data