Encrypting Phone Storage and Transmission?

An anonymous reader writes "Soon I'll be moving to one of the hot, culturally restrictive countries which has recently been in the news ... and which monitors and filters web traffic. ISPs and cellular providers are both owned by the government. Needless to say, I'm concerned about privacy and am even posting to my fellow Slashdotters as an anonymous coward. Which smart phones are the best for a) encrypted storage, and b) encrypted transmission? I'm not worried about encrypting SMSs or traditional voice traffic, but I would like all IP traffic as secure as possible. Setting up a server in my less restrictive home country is an option. What storage encryption and transmission encryption would you recommend for that situation? I'm willing to buy yet another device, if necessary. (No, I won't get a SatPhone.) I currently have a Nokia N900 running Maemo5 and another device running Symbian S60v3. I was hoping to have a secure OS like BackTrack running on the N900, but it looks like the software was never totally ported for the device."

Traditional VPN?

[RyuuzakiTetsuya]

Why not a traditional VPN with an Android or iOS device? Symbian should also be able to support VPN connections as well.

Re:Traditional VPN?

[b0bby]

That's my thought too. There are lots of reasonably priced VPN services out there, or you could run your own. But for ~$10 a month or less, why bother? I've used the $6 "Premium" service from hideipvpn.com & it was fine, I'm sure that there are others that are just as good though.

Re:Traditional VPN?

[morcego]

I have OpenVPN running nicely on my Android 2.1 phone. Had to root it, tho.

And since you are rooting it, you shoud be able to partiton you sdcard and setup some kind of encrypted filesystem. I havent tried it yet, but might just to see if is possible.

Also, in a country like that, you might try getting a phone without a camera... just in case.

Re:Traditional VPN?

[MoonBuggy]

I thought the same, but there are a few important supplementary questions (to which I don't know the answers):

• By consistently streaming encrypted information out of the country, will you just make yourself a target for more invasive surveillance measures (and perhaps some rubber hose cryptanalysis)?
• When the ISP themselves are your adversary, you're at an immediate security disadvantage. How far can they go towards cracking your connection when they can monitor everything you transmit, and cross reference it with real-world info about you?
• If your connection is compromised, how much extra risk are you at? Is the sense of security leading you to transmit things that you wouldn't otherwise have committed to writing, and might they cause you trouble?
• Are these encryption measures legal where you're going? Even if so, are the state the type who might see it as a reason throw you in jail on vague espionage charges?

I understand wanting to maintain your privacy as a matter of principal, but ultimately you're the one choosing to go to their country. You don't have to like it, but you do have to live by their rules. From my own experience travelling in some of the more repressive parts of the world, I would say that there's generally a certain amount of leeway given to foreigners that isn't afforded to locals, but you're still safer not giving them an excuse to pay you any extra attention. What I can't tell you (especially without knowing which country you're going to) is what they will or will not consider to be an excuse; honestly I doubt that even a police chief in the country could give you a definitive answer in a lot of places - the strictness of the definition tends to be inversely proportional to the wealth and influence wielded by the person that it is being applied to.

Just bear in mind that while it may be discomforting to know they're reading your emails home, they probably don't care what you're saying. They might well start caring about the fact that they can't see what you're saying.

Re:Traditional VPN?

[gandhi_2]

Could a constant stream of encrypted data going thru his carrier and ISP bring government attention to him or her?

Will this hot, culturally restrictive government just throw their hands up and say, "well... he's got a VPN... not much we can do"?

Re:Traditional VPN?

[Unequivocal]

All good points. To add a concern: I don't know the laws in these countries, but perhaps even possessing crypto tools is illegal? I'd check into that before using this stuff in country.

Re:Traditional VPN?

[cayenne8]

I think the best advice would be...to stay as far the fuck away from any middle eastern country to begin with!!

That's just asking for trouble....unless you happen to be someone that wears some form of the various headgear/hats the peoples over there seem to all sport.

Why any sane person from the free part of the world would go over there....especially NOW...is beyond me.

I mean, hell...I'd do just about anything for a dollar..but I'd not risk my life (and head) by going over there for any amount of money.

Re:Traditional VPN?

[jrumney]

Exactly. My advice to someone going to a country like this is to make damn sure you stay under the radar. Be prepared to give up your daily porn habit, your torrenting, and your urge to give your opinion on every political topic under the sun. If this is too much for you, then don't go to countries with oppressive regimes.

Re:Traditional VPN?

[orasio]

I think the best advice would be...to stay as far the fuck away from any middle eastern country to begin with!!

There is a western, christian country, that is in the news at all times, known for seizing laptops at borders and keeping your data.
In fact, when I travel there, I don't carry my laptop or any personal/work data with me, that's how worried I am.

Why any sane person from the free part of the world would go over there....especially NOW...is beyond me.

There is no free part of the world. There are only shades of grey. There are places where you are safer and worse places, but enemies of freedom exist and act everywhere.
Add to that the fact that your definition of freedom probably doesn't match what some other people believe, and the whole "free world" concept becomes a dumb idea.

I mean, hell...I'd do just about anything for a dollar..but I'd not risk my life (and head) by going over there for any amount of money.

And you probably make enough. The world is full of people who risk their lives to make a dime. Otherwise, there would be no cops, no antenna installers, no tall buildings. That is because they can make a better living that way than staying safe.

Watch out

If you are going to Saudi...co-workers couldn't wait to get the hell out of there. VERY SCARY PLACE. Public beheadings on Fridays.

Re:Watch out

But the Saudi's are an American ally? How could they be a brutal, repressive dictatorship that exports terror to the world if they're an American ally?

I heard from Glenn Beck that Kenyan Muslim Communists like Obama want to overthrow our allies in the middle east to spread the Muslim Caliphate across the world. Are you a Kenyan Muslim Communist?

Buy the phone in that country

[ogfomk]

You will just need to buy that phone in the country you are going in. Otherwise you may loose it through customs unless you are a diplomat. Best to get something boring and assume that everything you send is readable by anyone. If you keep something that is valuable there is nothing that customs would like better than to have your device.

boncee

[Lord+Ender]

Bouncee is a VPN service designed to protect the privacy of international travelers. It encrypts all your network traffic and routes it through a server in the United States.

It's also really, really cheap. This sounds like what he's looking for.

Re:boncee

[zonky]

I'm not sure why everyone always trusts the other ends of these cheap vpn services so readily. If you wanted to set up a credential fishing operations - why wouldn't you just set one of these up and watch the exit gateway?

Re:boncee

[Lord+Ender]

If you wanted credentials you would host a free service. A commercial service would have far fewer users and a money trail to the person who runs it.

Solution.

[Zurk]

I have the same problem. I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants. its not paranoia -- they really do tap phones of attorneys to get around atty/client and ive seen the records more than once. I use an SSH connection to a tomatousb router (ASUS RT-N16) and forward ports to my N810. you can do the same with your N900. this allows me to do VOIP directly and also share the same connection locally by letting my N810 serve as a local hotspot. All traffic is encrypted with SSH until it reaches my home which is on a dynamic ip anyway. This has worked against local and fed agencies but may not work against NSA/big brother type agencies or against foreign government state departments. You need a fast upload connection (my 25/2 Mbps cable connection works fine). For anything more than the usual calls i meet people in person at the office. meeting in person is covered by priv and works well.

Re:Solution.

[BluBrick]

I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants.

Y'know, if the second part of that statement really is true, you might just want to re-think the first.

Re:Solution.

[guruevi]

Welcome to the US. If you're speaking on a phone, you're not talking in private, if you're talking in a room where other people are or have been, you're not talking in private. Better-paid attorneys will actually sweep the rooms regularly for bugs and have external audits performed.

Why you ask? The duty to keep the attorney/client privilege is not on the state but on the attorney so the state could get a warrant (or not if you're DHS/FBI, the Patriot Act cares for it) for the wiretapping of an attorneys office if they could demonstrate (or not) that it could further their case. If a cop 'accidentally' overhears a conversation between an attorney and his client, it can be used or even if it can't be used in court it could be used in questioning and pressuring. The only exception to that is at a prison or a state office where the attorney or client can request a private area to conduct their conversation (again, duty is on the attorney or his client to request such privacy) but most likely they won't carry on a conversation in those settings - the focus would be to get them out of there first without saying too much if possible.

consider steganography over cryptology

[smoothnorman]

I'd be most worried about the: "he's using techniques which we can't crack. so he's really up to no good, and we must therefore have him 'pay us a visit'" (cf the usual: http://xkcd.com/538/). So perhaps you should consider communication that doesn't trivially look like communication that's subversive to the powers-that-are? Just something to mull over; because you see, the birds do fly west on a sunny day.

Re:consider steganography over cryptology

[izomiac]

I was just about to pop in and say that. Plausible deniability is the only sane choice for this environment. It basically doesn't matter to you if your encryption is never broken if they just take that as an admission of guilt.

IMHO, the way to go would be an android phone with an extra /data/ partition that's encrypted, and swap them out using the terminal. Be sure to use a strong screen lock (i.e. a long password or very long series of numbers, no patterns). That way, you have a benign /data for investigators, you get *everything* (i.e. thumbnails, logs, etc.) encrypted, and if they question you about the partition you can feign ignorance and claim that it must be a corrupted flash chip. All that said, I'm not sure how technically feasible this is, but it seems straight-forward enough with root access and some familiarity with the Linux terminal.

Re:consider steganography over cryptology

[izomiac]

Put an easy one on the benign /data partition, and a hard one on the encrypted one. That way, if you're about to be captured, turn off your phone. If you're already captured, tell them it's been buggy lately and to do a battery pull. The point is to force a reboot of the phone, which conceals everything.

Re:consider steganography over cryptology

[hoadlck]

All of my passwords are "AhhhhThePainICanNotTakeIt". This way even if I break, they will never actually get at my data.

What's missing on the N900?

[vadim_t]

It has support for OpenVPN, SSH and tor out of the box. There was one guy in #maemo I think that said he succeeded at implementing full disk encryption, you might want to come there and ask. And if you install kernel-power you'll be able to be use iptables, which should help with making sure only what you want gets in and out.

Now, will encryption help you? What is going to happen to you if you're arrested and suspected of accessing something you shouldn't? I'm thinking that in such a place, if they find you have a heavily encrypted phone they're just not going to let you go if they can't get data off the device, and refusing to tell the password might not be a great idea.

Perhaps you should look more at plausible deniability. Try to set up the phone in a manner that is as un-suspicious as possible, make sure nothing incriminating gets logged on the device, and do all your suspicious activities on some remote server, with some panic system that can remove anything suspicious like tor or ssh without leaving a trace if you get in trouble.

For testing what gets stored, you could try using rsync. Sync the entire phone, do something like loading a website, sync again and see what changed.

Blackberry + BES Express

[ballwall]

Set up a BES Express server, and get a BlackBerry. I'm not sure you can find equivalent security on any other platform. The BES Express server (free) offers transparent VPN. The devices themselves are unmatched, security-wise (though you'd be stepping back like 5 years in features). Email might be a problem if you don't want to also run exchange or lotus domino, but you could easily set up an IMAPS server and use that.

Re:Blackberry + BES Express

[netsharc]

If you use your own BEServer, it encrypts traffic between the phone and the server using keys known only to it and the phone (I think during pairing the server tells the phone its public key, the phone generates a key-pair, encrypts its public key using the server's public key, and transmit it to the server -- this is probably a wrong explanation, since the public key is supposed to be public, why should it be encrypted before transportation), so not even RIM can see what the data payload is, if you trust their marketing material... and it seems a lot of government agencies (e.g. the German Security Agency) do.

BlackBerry even does bogus CPU cycles to prevent attackers from seeing which part of the CPU/RAM is warmer than the others and gain information about their en-/decryption from that...

Re:Blackberry + BES Express

[taylortbb]

You can get a hosted BES/Exchange setup for a small fee. You have to have a trusted hosting provider in a country you consider safe.

Unlike many of the custom Android solutions being suggested on here, this requires an unmodified BlackBerry in a setup that is standard for pretty much any company. Having a setup which is highly customized for evading surveillance might work well, but if you're caught with it the consequences could be severe. Having something which is standard fare among business travellers makes you far less suspicious. Many oppressive regimes will throw you in jail even without being able to decrypt your data if they think it's suspicious enough.

As other posters have pointed out, RIM only provides access to BIS data. If you're running BES (an enterprise server) there's no way RIM can hand over your data. They've had the BES server software audited by independent agencies to confirm its security. Additionally, the on-device security is excellent. Unlike certain other mobile platforms there have been no attacks that can bypass the password lock screen. Additionally there's a full set of encryption and memory cleaning options.

Your best bet ...

[tgd]

Is not to use those services. Generally speaking, if the country is that restrictive, they probably will not take kindly to a foreigner trying to bypass the restrictions.

A good rule of thumb to travel: obey local laws. If you don't like them, don't go there. As a foreigner, you are in a pretty risky spot to try to take matters into your own hand.

Re:Your best bet ...

Is there a local law against encryption?

The problem isn't the laws, it's the lack of "the rule of law".

You're deluding yourself.

[Stoutlimb]

You're going to a restrictive country with little human rights, and you think that encryption will keep you safe?

I think that XKCD put it best... http://xkcd.com/538/ I'm surprised nobody's posted this yet.

BackTrack != Secure

[keckbug]

I feel compelled to point out that while BackTrack is a great distro, it's primary goal isn't really being secure from outside intruders. It is designed for auditing and testing other systems. I'm sure with a reasonable effort you could lock it down to be relatively secure, but you're looking at the wrong tool for the task. Hell, it runs everything as root by default.

Bad Idea

[cypherdtraitor]

I would recommend just censoring yourself.

The fact of the matter is that if the country is actually using sophisticated techniques to look for spies, they will be actively looking for data traveling in an encrypted form to the united states.

It would be a shame to be captured and interrogated because the tyrants didn't know that "secret message" was about how much you hate your boss.

n900 is probably the most flexible

[xeno]

Some resources for the n900:

----- file system encryption--
Truecrypt for true cross-platform encryption on the phone's non-boot volume
  (available by default in the N900's Extras-Testing repository)
A nice script to simplify use of TrueCrypt (no screen icon = non-obvious = good)
  http://forums.internettablettalk.com/showthread.php?p=597269
Also note that for your pc, you can put the x86 tc.exe on the phone's unencrypted boot volume, ...and then mount the phone's encrypted volume from the card, thru 1 usb connection

----- IP encryption
Tor is available as a package and works well, tho with caveats
  http://www.torproject.org/docs/N900.html.en
SSH is also available

----- semi-secure voip
Skype support is inbuilt (tho sometimes suspect w/proprietary encryption & whatnot)
  configure thru Settings>Connectivity>VoIP and IM.
Run your own Asterisk PBX on the n900 with an encrypted config/tunneled
  available in the Extras repository

----- alt boot options
option to boot alt OS hidden on card
  http://wiki.meego.com/ARM/N900/Install/Dual_Boot
  http://neopwn.com/ (sometime soon, one hopes)
option to carry a hidden/alt bootable PC OS in your phone
  http://zitstif.no-ip.org/?p=451

Plausible deniability?

[c0lo]

Entering as a foreigner in the country will flag you for sure. Man-in-the-middle attacks are possible.

I'm not worried about encrypting SMSs or traditional voice traffic, but I would like all IP traffic as secure as possible.

If your traffic doesn't require real-time reporting of events (i.e. a delay of 2-3 hours between the event and the report is OK) and doesn't require large amount of data (i.e. text reports rather than video).
1. As you control both ends of the communication, consider a prearranged set of one-time pads
2. Plausible deniability - including steganography and Rubberhose filesystem
3. Netbook instead of a smart-phone? (easier to arrange, no need to hack the phone)

Good luck.

Re:Plausible deniability?

[jmuzz]

3. Netbook instead of a smart-phone? (easier to arrange, no need to hack the phone)

Exactly, why trust any phone hardware? Too much unknown in the drivers/custom firmware and serials linking coms to your device and location within 1km.
99.9% of phones wont have non standard security features setup, any which do are just asking to be confiscated for further investigation, which is inconvenient if nothing else.

Encryption of stored data is useless, your options are to supply the key, or to be charged with some other falsified charge such as drug possession which you will have no defence against.

If secrecy is important it is better to stick with a notepad PC, security is much more established, sensitive material can be hidden amongst 100GB of junk, or stored on "flushable" memory cards. VPN's/remote desktop back to the office are perfectly normal for business people. You can old school dialup modem from any telephone line.

Could be dangerous ...

[gstoddart]

Before you start trying to figure out how to circumvent being spied upon by the host government, maybe you should look into the possible consequences of this. It may well be that if they find out that you're doing this, things could really turn out bad for you.

It's generally a good idea to try to actually obey the laws of the country you're going to, especially if it's as volatile as you say it is. If you're a foreign national and don't have any sort of diplomatic protections, you could be playing a risky game.

Re:Could be dangerous ...

[wakim1618]

I currently live in and have been working in one of those 'hot' countries for several years. First, your concerns about privacy seem misplaced to people who live around here. Tracking is for the general plebes who live there and have nowhere else to go. As a foreigner, your behaviors doesn't matter as much so long as you are not part of the problem. If you are a problem, forget about your supposed rights and privacy that you believe that you are entitled to.

First, the government/state/security/police can just break into your house whenever it wants, and your only recourse is that you are important enough that your embassy or company will raise a big enough fuss. Otherwise, you are out of luck. Unless, you want to carry around your laptop with you all the time, you can assume that they can get physical access to your computers when they really want. Same for your phone.

The government/state/security/police will question your building security, maid, nanny and almost certainly obtain their cooperation in tracking your movements and rumaging through your personal belongings. They also have access to all your financial transactions within the country, and all cross-border movements.

Is it your financial privacy that matters to you? Or is it that you do not want your phones or computers seized? In the latter case, just keep a low profile and don't cause trouble.

Re:Be careful

[Alex+Belits]

After coming back on in an hour, and attempting to establish the tunnel again, we discovered, that traffic had slowed by 70% over the tunnel, and that two routers in the hops right before the gateway link out of China were dropping packets, but only the tunneled traffic. It looked to us that we had triggered some type of attempt to monitor our traffic, we stopped tunneling. In the coming months we found a bug in our board room, there were several attempts to hack into our office netwokr, two that we knew were successful. Coincidence?

No. Your network administration people suck incredible amount of ass, so they can't configure routers in a non-SSL-breaking way, and allow your network to be "hacked" by random skr1pt kiddies.