Tamper-evident preparation | No Trace Project

Contents

Description
Techniques addressed by this mitigation
- Targeted digital surveillance
  - Authentication bypass
  - Physical access

Contents

Description
Techniques addressed by this mitigation
- Targeted digital surveillance
  - Authentication bypass
  - Physical access

A mixture of red and black lentils with a complex pattern. Electronic devices can be immersed in the mixture so that when they are accessed, the pattern changes.

Tamper-evident preparation is the process of taking precautionary measures to make it possible to detect when something has been physically accessed by an adversary.

Tamper-evident preparation can be used:

To detect if an adversary has accessed an electronic device during a covert house search (in which case they may have installed malware on the device).
To detect if an adversary has accessed a stash spot or safe house.

Examples of tamper-evident preparation techniques include:

Applying nail polish to a laptop screws and taking pictures of the screws. Because nail polish has a complex pattern, it will be very difficult for an adversary to remove the screws without altering the pattern. Therefore, when you want to verify that the laptop has not been opened, you can take new pictures of the screws and compare them with the original pictures: if the nail polish patterns are identical, it means that the laptop has not been opened.
Immersing electronic devices in a transparent box filled with a mixture of small objects of different colors (for example, half black pebbles and half white pebbles) and taking pictures of the sides of the box. Because such a mixture has a complex pattern, it will be very difficult for an adversary to remove the electronic devices without altering the pattern. Therefore, when you need to remove the electronic devices from the box, you can take new pictures of the sides of the box and compare them with the original pictures: if the mixture patterns are identical, it means that the electronic devices have not been accessed. A systematic application of this technique is to ensure that an electronic device (e.g. a laptop) is always immersed in such a box when you're not near it.

Techniques addressed by this mitigation

Name	Description
Targeted digital surveillance
	Authentication bypass	You can use tamper-evident preparation to detect when a device has been physically accessed. Once a device has been physically accessed by an adversary, you should consider it compromised and never authenticate to it again. This is because, in a worst-case scenario, the adversary may have copied the device's data and compromised its firmware so that when you enter your password, they can remotely obtain it and use it to decrypt the data.
	Physical access	You can use tamper-evident preparation to detect when something has been physically accessed by an adversary.

Name

Description

Targeted digital surveillance

Authentication bypass

You can use tamper-evident preparation to detect when a device has been physically accessed.

Once a device has been physically accessed by an adversary, you should consider it compromised and never authenticate to it again. This is because, in a worst-case scenario, the adversary may have copied the device's data and compromised its firmware so that when you enter your password, they can remotely obtain it and use it to decrypt the data.

Physical access

You can use tamper-evident preparation to detect when something has been physically accessed by an adversary.