Electronic lockbox - detecting breakins

[Trombe]

Greetings

I'm not 100% sure whether this is the correct forum to ask, but since the subject is about trying to circumvent security to gain access I decided to go ahead. I hope this subject is acceptable here.

I'm an electronic hobbyist, and I'm looking to design a small safebox (an electronic/digital lockbox/strongbox if you will) to protect some electronics from tampering. Basically all I'm trying to do in this step is to *detect* possible tamper attempts. The electronics inside the box will be one of those arduino-style projects that you see everywhere on the internet today, and mine will focus on break-in detection. The device will always be connected to an external power supply (i.e. mains + 5VDC adapter), so there's no fear of batteries running out. Anyway I'm curious about the design, so I decided to ask here on a lockpickers forum for possible ideas. The main thing I'm considering is which tamper sensors to use, and how to deploy them. The sensors should be able to pickup breakin attempts and trigger an alarm. An alarm is a condition where a possible break-in attempt is detected.

I came up with some of my own ideas about sensors. Some are great, others are not so great.


Pressurized box
The insides of the box are put under pneumatic pressure. Obviously I don't want to use very high pressure because I don't want the box to explode, but it should be enough to trigger an alert when an internal pressure sensor detects the pressure drop, if the housing has been breached i.e. a drilling attempt. This would be difficult to pull off, because it would need a tight housing, and each smallest leak would cause the box to depressurite slowly. As an addition the box will have to be repressurize each time I want to open it myself. Also, if an attacker knew the box was under pressure, he could use a pressurized chamber to equalize the pressure and then open the box without triggering an alarm.

Vibration sensor
I can install a small vibration sensor in the box. However how can the sensor differ between a real breakin attempt, and myself being clumsy and accidentally bumping the box? Perhaps the vibration sensor should be able to sense a large spectrum of vibrations/frequencies. Each attack (i.e. drilling or attempting to open the box by force) produces a different spectrum of vibrations. Earthquakes cause vibrations too... I can think of a lot of false positives.

Microphone
We can install a small mic to monitor the noise level. Surely a power drill or a saw produces the whole lot of racket that's not going to sit well with the mic's ears and will trigger an alarm. Obviously the box will have to be placed in a very quiet environment to avoid false positives.

Light sensor
A sensor that measures the amount of light can be installed. If the box is opened, it will trigger an alarm when there is sufficient light. The downside is that an attacker can simply open the box in a dark place. Or possibly use a light with a frequency that the sensor doesn't detect.

Gyroscope
This will only detect, if the box has been turned in any of the 3 axes. But how does it detect a break-in attempt? The box would need to be attached to some static object i.e. a wall. Then if someone attempts to unmount it, he is possibly going to rotate it a little and an alarm will trigger.

Accelerometer
I would need an extremely sensitive sensor. This can detect whenever the box is moved. So any movement will cause alarms. Again the box should be statically attached to some object for this to work.

GPIO sensor
I was thinking of equipping the interior walls of the box with a mesh screen of wires. Well actually there's going to be only a single wire that's densely packed together and attached to all sides of the box with glue. Both ends of the wire will be attached to some GPIO ports on the arduino. If an attacker tries to break in and happens to damage the wire, he is going to sever the contact, the voltage will drop, and an alarm will trigger. It is possible to bypass this sensor by carefully drilling in a certain location and short-circuiting the wire. This would leave a portion of the wire mech unresponsive.

Capacitive sensor
Another idea I read about somewhere is to use a capacitive sensor. The walls of the box should be equipped with a special thin-layer foil that acts like a capacitor. The sonsor picks up differences in capacitance. If a break-in attempt is taking place, and the attacker manages to damage this thin film metal layer, the capacitance will change and an alarm will trigger. The sensor is also going to detect closeby metal objects, so some false positives are possible. An attacker can use diamagnetic non-metallic non-conductive tools to reduce the possibility of triggering an alarm.

Power loss
Okay, so how is my device supposed to work, if an attacker simply unplugs the device from power? Simple. If the power is lost, trigger an alarm. Need to implement a fail-secure mechanism. This however cannot differ between unplugs and real-life power cuts. Even a mains fuse can get blown in my appartment so...


That's about it from my side. Comments, ideas, suggestions?

[Squelchtone]

overly elaborate protection scheme is overly elaborate.

always use the KISS rule: Keep it simple stupid

do you care if someone is drilling or only if they successfully open the door? if you only care if the door is opened, use magnetic contacts, and look into a seismic sensor on ebay that bank vaults use to detect drilling and vibration.

is there already a customer for this and what electronics exactly are inside?

is this box in an unattended area that the public has 24/7 access to?

are the electronics inside something most people would want to attack, or is this a fun project theoretical james bond movie paranoid example?

if someone walks up and tries to pry the door open with a screw driver but does not actually open the door, I'm not sure there is any sensor that would detect that sort of thing other than a human being watching the box via a CCTV camera.

Squelchtone

[mseifert]

!!! Squelch you beat me to the punch .. I was going to ask similar questions.. Ill just have to wait for the answers now..

One this.. I would stay away from pressure sensor .. Hard to keep a cabinet pressurized without a constant source.

[bembel]

Acceleration sensors in smartphones are really impressive. They should detect breakin attempts even when your box is mounted to the wall.
You can test it on your smartphone by downloading a simple seismo app (like SimpleSeismograph on Android)
With an arduino controller there should be no problem to tell the difference between earthquakes and other false alarms.

[Trombe]

Thanks for the comments so far.

do you care if someone is drilling or only if they successfully open the door? if you only care if the door is opened, use magnetic contacts, and look into a seismic sensor on ebay that bank vaults use to detect drilling and vibration.

I would prefer to detect the drilling attempt too because that's not a normal attempt to open the box. I'll check ebay for seismic sensors, thanks for the tip. Do you perhaps know of any other types of sensors that might come in handy for this scenario?

is there already a customer for this and what electronics exactly are inside?

There are no customers, the project is meant for myself and maybe a friend of mine (for now). As of yet there are no electronics inside, but I'll likely install some custom-made boards inside, maybe even an ARM board like Raspberry Pi. Right now I'm just designing the box and the sensors/alarm system. And there are going to be some other *cough* valuable *cough* items inside.

is this box in an unattended area that the public has 24/7 access to?

Well it's supposed to be in a private area like my house, but it will likely be unattended most of the time i.e. a basement or an attic or maybe a storage room. As for the attackers they might be burglars, but there's always a possibility of an insider attack. You know... family members, relatives and friends with itchy fingers who would take their time to try and open the lockbox while I'm away from home.

are the electronics inside something most people would want to attack, or is this a fun project theoretical james bond movie paranoid example?

Not really, most people wouldn't bother attacking the electronics inside, but I'm building the device for those few people who would (e.g. my cousin). Don't worry, it's not an ATM or anything *that* valuable, but it is something like the james bond paranoid movie thing, so you're absolutely correct about that.


It's really more like a hobby/fun project of mine. I'll reveal what exactly this device is after a while.

[Achyfellow]

The thing is, if you NEED the enclosure to have a door there will be a way to open it. For example with the GPIO sensor: It's not going to be any good if someone just opens the door. Any measure you put on it is only going to be good as long as the attacker knows absolutely nothing about what you have put on it and has no way of finding out (Which is not the point I assume).

And... Well, you can always hook the whole thing to a battery pack and take it with you. If you are 50 miles away from where the box is supposed to be you are not really going to care about an alarm going off unless the device has some sort of GPS on it (And even in that case you can just toss it in a faraday cage while you cut it off).

[Squelchtone]

So we're just helping you put an alarm on the box you store your weed in arent we...

[Trombe]

The thing is, if you NEED the enclosure to have a door there will be a way to open it. For example with the GPIO sensor: It's not going to be any good if someone just opens the door. Any measure you put on it is only going to be good as long as the attacker knows absolutely nothing about what you have put on it and has no way of finding out (Which is not the point I assume).

I'm not sure, if the box is going to have a door at all. I wanted to add one in case there's going to be maintenance so that I won't have to destroy the enclosure to access the internals. Alright, I'll be honest here. The reason I favored a design where an attacker knows how the box is constructed is because I hoped for an equivalent of open source software - it is generally said that open source is more secure because more eyes look at the structure and find potential flaws. Not sure, if this applies to hardware, but that was the idea.

So we're just helping you put an alarm on the box you store your weed in arent we...

I won't blame you for suspecting it, but no. It has nothing to do with drugs or forbidden substances. It's more like a security system I'm building for my apartment. As an addition I'd like to mention that I don't smoke. I never have.

[Evan]

Alright, I'll be honest here. The reason I favored a design where an attacker knows how the box is constructed is because I hoped for an equivalent of open source software - it is generally said that open source is more secure because more eyes look at the structure and find potential flaws. Not sure, if this applies to hardware, but that was the idea.

Ah another computer/software hippie that thinks all security measures are somehow equivalent to software in that they can be patched easily down the road...

Sorry, safes and strongboxes aren't made in a way which can be easily upgraded later on like the virtual world created by all the little 1's and 0's that are at the heart of software...

Want to keep something safe, a burglary rated container with a decent electronic combination lock which complies with government security specs (meaning its the kind they use to lock their secret stuff inside of) is what you want, not some homemade construct with an open source control box fitted with sensors that honestly just about anyone is going to be able to neutralize by shutting off the power/disconnecting your internet since alarm companies don't use circuitry which is not UL rated since their insurer won't take the risk exposure on unproven and untested designs...

Do you care to actually disclose what it is you are planning to keep inside such a "monitored container" besides some vague "electronic stuff" ? Until then it is sounding totally like you are wanting to keep your stash of drugs/pills/cash/loot safe and sound while you work your legit 9 to 5 job...

~~ Evan

[Trombe]

LOL! Does it really sound like I'm trying to hide drugs? Sorry, I didn't want it to sound this way. Alright then, I'll spill the beans.

Ah another computer/software hippie that thinks all security measures are somehow equivalent to software in that they can be patched easily down the road...

Patching hardware is a matter of building a newer revision. It's true that hardware is much more difficult to upgrade than software, yes, but I was not implying that the two are equivalent. Instead I opted for an open design as opposed to a closed one i.e. trying to design the device myself, and keep the schematics secret.

Want to keep something safe, a burglary rated container with a decent electronic combination lock which complies with government security specs (meaning its the kind they use to lock their secret stuff inside of) is what you want, not some homemade construct with an open source control box fitted with sensors that honestly just about anyone is going to be able to neutralize by shutting off the power/disconnecting your internet since alarm companies don't use circuitry which is not UL rated since their insurer won't take the risk exposure on unproven and untested designs...

Shutting off power or disconnecting the device in any way raises an alarm - I win. Please read on, I am curious how would *you* manage to break into my strongbox.

Do you care to actually disclose what it is you are planning to keep inside such a "monitored container" besides some vague "electronic stuff" ? Until then it is sounding totally like you are wanting to keep your stash of drugs/pills/cash/loot safe and sound while you work your legit 9 to 5 job...

Unfortunately I don't have any of those. But I'll describe what I am building, so...



Okay, here's the thing. The stuff I'm building is going to be a a sort of a secure file storage device. It's basically a NAS (network attached storage) device with some added security. So yes, the thing I will be protecting inside is a hard disk with digital data on it, be that my private banking data, buisness records, proprietary software source code, legal documents, pictures of my naked gf, etc. I'll just call it "data" from now on. Why store it in a box like this and not on a laptop you ask? It's because sometimes I need to access the data from multiple locations, and carrying a laptop along gets rather tiresome. The data is going to be stored inside the box on an encrypted hard disk partition. This disk will be connected to an ARM board like Raspberry Pi via an USB cable. The RasPi also has an ethernet port that will be connected to my home network. I'll be able to access the data from anywhere within my appartment by using a computer, and logging in to the remote file share with a proper username + password.

Evan: You said earlier that "anyone is going to be able to neutralize" the box "by shutting off the power/disconnecting your internet". Now think about it. What would happen if the power was shut off for a moment?

Let me answer that for you. I thought this well over. Since the data resides on an encrypted disk, shutting off power would simply wipe the access keys from memory, and cause the device to fail in a secure manner i.e. preventing all unauthorized access to the data (even if the box was opened afterwards and the disk stolen). So you see I'm actually a few steps ahead over here. The second stage are all the alarms I've been talking about earlier. If an alarm is triggered, the board automatically wipes the disk password from RAM and shuts down, thus preventing unauthorized access. It does not have to be connected to internet for this to work. And if someone tried to open the box I'll know because I won't be able to access the data myself since the device powered down. It would have to be manually restarted, and I'm the only one who knows the password for the internal HDD.



So what do you think of the design? Now that I went through the trouble of explaining what my device does how about you go through the trouble, and see if you can break into the box and download my super secret data.

How about it?

[Achyfellow]

Not an expert here, my computer science skills are bare minimum, but I'll try to give constructive feedback... Sounds like a nice challenge.

As far as I know (And from what I've seen), if you connect it to the internet it is not safe anymore, no matter how hard you try. Every computer you use to connect to it will be a potential risk an attacker could use to access the data, so you should be ridiculously careful with each one of those if you are really paranoid about it.

We are discussing physical security here, so I'll stick to that: As you probably know, data stays in RAM for some time after cutting the power off (Here is a nice paper), so someone with physical access to the hard drive AND the memory modules would be able to pull the encryption keys off and watch that data of your naked GF. I've never used a RPi so I don't know how would that work in this case, but you should know that there are ways to exploit that.

If they have physical access to the NAS/disk that would probably mean they have access to the whole thing (i.e. your house and everything it contains), including your network equipment, the computer you use to log in, the disk and the RPi... Everything!. They could simply hook their own computer to the switch and do whatever they wanted there. And if the access your RPi or they are able to login, disk encryption does not matter anymore. I mean, when there is a breach and someone gets physical acces to your stuff there are so many things that can be up that you can't possibly protect yourself against all of them.

As for the "And if someone tried to open the box I'll know because I won't be able to access the data myself since the device powered down" part, they could easily connect another computer/device to the network to emulate connected devices in every available IP in the 192.168.0.0/20 range so you could ping 'your' server but not download files, thinking it's malfunctioning somehow and not really worrying about it (Like someone proposed years ago to prevent/combat network attacks to collect information).

It's 4AM, I just came from hanging out with some friends and to be hones I can't think very clearly, I hope it made sense. It's a really difficult thing to do to be honest, you'll have to think very out of the box if you want something like that to work.

[Trombe]

Yes, I understand that connecting a device to internet poses significant risks. My device is going to be connected to a LAN behind a firewall, and not directly to the internet. There's still a chance somebody hacks into the network i.e. a laptop, and tries to progress from there, but that's another subject. I should probably use an IPS like Snort.

Interestingly I've heard that the cold boot attack doesn't work very well against newer RAM modules like DDR3 because those lose memory bits much faster than the older modules like SDRAM or DDR after the power has been removed. RPi perhaps doesn't use DDR3, but there are other development boards out there that do e.g. Cubieboard. As an addition I could easily fill the box and electronic parts with epoxy resin to prevent such access. Thanks for the tip!

Hooking into my home LAN does give an attacker a significant advantage. It is generally accepted that a security system is only as strong as its weakest link. So yes, an attacker is going to attempt to exploit another part of the system such as my computer. If he has physical access he can install a keylogger, a trojan horse, a RAT, etc. This is why I always encrypt each end every hard disk in my possession. This will technically prevent tampering with the operating system, but does not prevent attacks like evil maid or the use of hardware keyloggers.

A MITM attack on my network can be thwarted by using certificate-based authentication. Although I can't see a reason why try to emulate devices where clearly not having access to files would automatically worry me. And the IP range is 192.168.0.0/24, not 192.168.0.0/20

Alright, thanks for the constructive feedback.

[Achyfellow]

OK, here are a bunch more of wild ideas while I slowly come back to life:

-Installing the RPi and the drive in a place that is not easily accessible, using SSD disks so it does not make any noise and sticking it to the inside of an air conditioning duct for example (That should both hide it and keep it cool, but it could make manteinance complicated).
-Using a separate network for your NAS and your regular home network. That way a potential attacker will only intercept/screw with traffic in a separate network.
-¿Do you need constant access to the data? If not, just put everything in a LTO tape and rent a safe in a bank to store it.
-Instead of one drive, use 10 different and sepparate hard drives scattered around the house with an exotic RAID system so they can't get/decode all of the data even if they get a drive or two and the keys.
-¿Is the data *REALLY* important? ¿Are there real, actual chances that someone else wants it? If you build an incredibly good system and someone wants the data really bad they are not going to bother attacking the system, they are just going to attack you and "kindly" ask for the keys. (>Link). This is getting in the really paranoid area, so it may be overthinking it.

But the question that I have been asking myself this night is: ¿Is a sofisticate tamper proof/evident box going to solve the problem? If an attacker get the keys for the drive, ¿Does he care about being subtle or will he just smash the box and grab it? Sometimes we overthing security problems and design very fancy and complicated stuff to solve them, and it often turns out that there were really simple things we were ommiting or taking for granted.

[Evan]

But the question that I have been asking myself this night is: ¿Is a sofisticate tamper proof/evident box going to solve the problem? If an attacker get the keys for the drive, ¿Does he care about being subtle or will he just smash the box and grab it? Sometimes we overthing security problems and design very fancy and complicated stuff to solve them, and it often turns out that there were really simple things we were ommiting or taking for granted.

Smash box and grab it...

People really think that if you encrypt something that it is impossible to decode it later on without your key -- perhaps it would take some time IF you programmed your own software to do the encryption, but anything you can buy and use has one or more backdoor(s) built into it... Think you can download something "open source" on-line and assume that it is okay to use, who do you think creates a lot of that stuff these days, no way it could be the intelligence sector of the government as part of the info wars, could it ?

Locking a hard drive inside a secure box when it is still connected and accessible by the computer which maintains the file system is stupidity... Perhaps if you were discussing hot swappable drives that weren't live and in use in the box your idea might have some merit...

Evan: You said earlier that "anyone is going to be able to neutralize" the box "by shutting off the power/disconnecting your internet". Now think about it. What would happen if the power was shut off for a moment?

Let me answer that for you. I thought this well over. Since the data resides on an encrypted disk, shutting off power would simply wipe the access keys from memory, and cause the device to fail in a secure manner i.e. preventing all unauthorized access to the data (even if the box was opened afterwards and the disk stolen). So you see I'm actually a few steps ahead over here. The second stage are all the alarms I've been talking about earlier. If an alarm is triggered, the board automatically wipes the disk password from RAM and shuts down, thus preventing unauthorized access. It does not have to be connected to internet for this to work. And if someone tried to open the box I'll know because I won't be able to access the data myself since the device powered down. It would have to be manually restarted, and I'm the only one who knows the password for the internal HDD.

Yes, removal of your internet connection on a computer supervising any sort of security system would remove its ability to sound any sort of alarm... As to your flawed logic about the encryption key to the data being lost, that might affect your ability to access it but sadly there are government personnel and those in the commercial espionage fields whom that wouldn't slow down at all...

As to the physical box you would create to secure this device, unless you adopt some sort of standard safe container for your purpose, it is not very likely that you would be able to fabricate something that is all that secure...

~~ Evan

[Trombe]

People really think that if you encrypt something that it is impossible to decode it later on without your key -- perhaps it would take some time IF you programmed your own software to do the encryption, but anything you can buy and use has one or more backdoor(s) built into it... Think you can download something "open source" on-line and assume that it is okay to use, who do you think creates a lot of that stuff these days, no way it could be the intelligence sector of the government as part of the info wars, could it ?

It's not impossible to decrypt, but rather difficult enough so that any decryption attempts would require to invest so many resources (time) that they would outweigh the benefits of obtaining the decrypted data by far far far, thus making the whole attack unfeasible. That's the general idea behind encryption. And I seriously doubt it that all and every program has a backdoor. Sure it's possible that ciphers contain cryptographic weaknesses that will become exploitable once the math and the computer power advances to a certain level. This is why it's generally advised to choose a certain set of encryption depending on how long a person expects the encrypted data to stay secure... 10 years, 20 years, 30 years from now.

I am aware of the intelligence agencies trying to backdoor stuff, specially the recent NSA scandal. These bastards think they're smart. They've backdoored the clipper cipher, but fortunately it was never widely adopted. They tried to backdoor the linux kernel itself, and they're trying to work with hardware manufacturers to backdoor most of their products. This is deeply worrying. Hardware backdoors are much more difficult to detect than software backdoors. I sense all hell is going to break loose pretty soon.

But assuming the hardware isn't backdoored I generally prefer to use open source software because it's much less likely to be backdoored. At least according to Bruce Schneier. Read this article, it's really interesting: https://www.schneier.com/blog/archives/ ... ain_1.html

Yes, removal of your internet connection on a computer supervising any sort of security system would remove its ability to sound any sort of alarm... As to your flawed logic about the encryption key to the data being lost, that might affect your ability to access it but sadly there are government personnel and those in the commercial espionage fields whom that wouldn't slow down at all...

But the alarm does not need to be sounded over the internet! I'm not talking about a sound alarm i.e. a buzzer or a bell alarm that is mounted on a wall somewhere within my house and goes "DING DING DING DING" when triggered. And I am most definitely not trying to alert authorities here. The sole purpose of the "alarm" is to wipe the access keys from RAM and shut down the safebox. And the safebox itself is the one that triggers the alarm condition. I'm not sure what is so fundamentally flawed about this design. There's always an encrypted backup I keep at another place.