1

If I have a Live USB Linux stick and I plug it into a computer which is not connected to the internet and boot the computer using the Live USB stick. How secure is this interms of not leaving any traces of work I do via the Live USB stick? i.e. will any traces be left on the host computer once the computer has been switched off and the Live USB stick has been removed?

I basically want to store passwords on the USB stick Live USB. If it's possible to encrypt the Live USB and store passwords on it. That should mean that I can use any computer to check my passwords by first disconnecting the computer from the internet? I understand I can do this with a spare computer which is never connected to the internet, but that would be a whole computer, and I'd rather not carry a full computer with me. If it's a usb stick, then I can use any computer which I know is disconnected. So I just wanted to make sure that no traces are left of my passwords on the host computer.

oshirowanen
  • 705
  • 3
  • 10
  • 21
  • What work are you going to do from the linux system ? – ack__ Apr 18 '14 at 19:11
  • @ack__ Added the details to the question. – oshirowanen Apr 18 '14 at 19:19
  • why would you want to run a live linux system to access some data and store it securely ? Wouldn't a strongly encrypted usb stick be enough? – ack__ Apr 18 '14 at 19:23
  • also, I think you're confusing things re internet connection. – ack__ Apr 18 '14 at 19:26
  • @ack__ How would I use that strongly encrypted usb stick on a computer without leaving a trace? I was hoping by using an encrypted Live USB stick, I would be protected from keyloggers, malware, and be trace-free on the host computer which is disconnected from the internet? While at the same time, if I lost the Live USB, it's encrypted, so hopefully, it wouldn't matter if I have a backup of it. – oshirowanen Apr 18 '14 at 19:27

2 Answers2

1

(Quick answer, I don't have the time to research all I remember and double-check my facts.)

There are multiple things to consider here:

  1. USB sticks may carry payload that you do not know is there, e.g. a virus to infect the computer it's plugged in to.

  2. Things like BIOSes, network cards, etc. can often be flashed to upgrade the firmware. You could also install viruses on here and they often have full memory access.

  3. USB sticks are rewritable. There are very few that actually implement hardware write locks, e.g. by using a physical switch. I think Jacob Appelbaum (from The Tor Project) looked into this, he mentioned it somewhere... I forgot where. Such USB-sticks are basically unobtainium as far as I know.

  4. RAM memory is not off and gone: it fades. Off the top of my head, it's gone after about a minute in room temperature. You can google this, search for cold boot attacks.

  5. Be sure to power off the computer (if you aren't sure, pull out the cable and battery), in standby mode memory is obviously retained.

  6. The data is only as secure as the host. If your offline computer contains a hardware keylogger that someone then later retrieves when you are out of the house, well, being offline didn't help much in this case.

  7. I think it was with a microphone inside the same computer, but some chips on the motherboard may leak data. There was some sort of side channel attack to extract private keys... I don't really remember, but you might want to keep a bit of distance between the computer and other systems. This Google search seems to give some info.

So it depends what you want to protect against. Are you hiding state-secret information, or are it love letters that you are trying to keep private?

In theory you're right: under normal circumstances all data will be gone when the live USB-stick is removed and the computer is powered off. In practice, there are a lot of things that (powerful) adversaries can do to all parts of the system.

If you buy a USB-stick, assuming it's not backdoored to start with (which is a reasonable assumption under normal circumstances) and you only use it on your offline computer, then I don't see how it could get infected without someone physically touching it. Same goes for the computer. The problem is: how do you get your OS while offline? Somewhere you somehow need to connect to the internet to create the live boot. Perhaps this would be safest on a computer of a friend that is not tech-savvy and has no clue what you are talking about, and who is preferably not a close friend either. For bonus points, pick another friend and use his computer to verify the checksum. I think as individual, this is about as close as you can get to protect against extremely powerful adversaries.

By the way, lots of stuff in this post may be tinfoil hattery, but I'm trying to talk in terms of "what would be provably secure." For example one would normally assume that "of course a computer that you just bought is not backdoored", and it would be tinfoil hattery to assume otherwise, but how do you know? If you are not trying to protect against powerful adversaries like a government though, much of the advice in this post can be disregarded.

Edit: This answer is only about the first paragraph of the question, not the second that the asker added in an edit.

Luc
  • 31,973
  • 8
  • 71
  • 135
  • All that makes sense, thanks. I am just interested in storing and recalling passwords quickly and easily from more than 1 computer without leaving a trace. Computers which I feel are fairly un-tampered with. Only thing I didn't get was "Somewhere you somehow need to connect to the internet to create the live boot." Why is it a problem if I download the iso from my normal computer to create the Live USB? – oshirowanen Apr 18 '14 at 19:48
  • @oshirowanen Your normal computer might have a virus to alter the USB stick's contents, that's why. *Usually* not the case I guess, but again, if you're talking about "usually" then much of the advice in my post can be disregarded. – Luc Apr 18 '14 at 19:49
  • Thanks again for the info and the edit. I think an encrypted live usb is fine for my needs. Now I need to figure out if it's actually possible to encrypt a live usb... – oshirowanen Apr 18 '14 at 19:56
  • You can also just encrypt the volume where the passwords are stored (i.e. encrypted partition or truecrypt volume). – ack__ Apr 19 '14 at 07:27
0

Try using Ubuntu Privacy Remix. Its a live usb with encrypted persistent data storage on your usb. And is permanently offline.

It is live iso boot so that your linux system cannot be altered or infected by rootkit etc.

Only the persistent files are writable but are also encrypted in your usb.

It can be used to open, edit, and store your sensitive files without relying on a computers regular os which may leak info thru being infected by viruses, rootkit, or rat.

Jackal
  • 1