Tin Hat Linux

This article is about Tin Hat Linux. For the compact, security-minded Linux distribution, see Tinfoil Hat Linux.

Tin Hat Linux

Company / developer	Anthony G. Basile, et al.
OS family	Unix-like
Working state	Current
Source model	Open source
Latest stable release	20110613 / June 13, 2011; 8 months ago (2011-06-13)
Available language(s)	Multilanguage
Package manager	Portage
Supported platforms	IA-32, x86-64
Kernel type	Monolithic
Default user interface	GNOME
License	Various
Official website	opensource.dyc.edu/tinhat

Tin Hat is a Linux distribution derived from Hardened Gentoo Linux. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM^[1]. Tin Hat boots from CD, or optionally from USB flash drive, but it is not a LiveCD in that it does not mount any file system from the boot device^[1]. Rather, Tin Hat employs a massive SquashFS image which expands into tmpfs upon booting. This makes for long boot times, but remarkable speeds during human-computer interaction.

Design goal

The central design consideration in Tin Hat is to construct an operating system that is resistant to forensic analysis. Physical access to a computer with unencrypted filesystems provides no securing of the data and an attacker would have no problems retrieving the data. Encrypting the filesystem is a major step in frustrating such an attack. Many implementations of encryption do not hide the fact that data is encrypted on the filesystem. For example, the LUKS encryption system includes a metadata which details the block cipher and block cipher mode used in encryption. This information itself does not help the attacker decrypt the filesystem, but does show that encryption has been employed. The attacker would at least have one piece of information: that he is looking at encrypted data and not random data.

An alternative is to configure the system to use two passwords; one mounts a fake volume, while the other leads to a hidden volume whose existence may be denied. Tin Hat doesn't use this method, and instead relies on the fact that encrypted data cannot be differentiated from truly random data, and the user can pretend that their hard drive didn't contain encrypted data, but only random data from overwriting it. It is debatable as to how successful this approach would be in practice, as the presence of large amounts of random data would in itself give rise to reasonable suspicion that the data is encrypted.

Tin Hat's preferred method of encryption is via loop-aes v3.

Finally, beyond these considerations, Tin Hat has to also protect against all the more familiar network/code born exploits. The hardening model chosen is PaX/Grsecurity which is already provided by the Hardened Gentoo project. Hardening of the kernel and the toolchain make most code born exploits less likely. A non-modular compiled kernel further frustrates the insertion of malicious kernel modules.^{[citation needed]}

Difference from Gentoo

The design goals of Tin Hat necessitate branching from Gentoo, rather than adding features from within by adding software to Gentoo's native portage system.^{[citation needed]}

See also

Cryptography portal

References

This article uses content from this page on opensource.dyc.edu, where it is licensed under the Gnu GPL.

1. ^ "Tin Hat". D'Youville College. http://opensource.dyc.edu/tinhat. Retrieved 2009-01-22. 

External links

• Official site
• Hardened Gentoo Project

Articles and media coverage

• Gentoo Monthly Newsletter: August 31 2008
• Hackaday.com: Nov 20th 2008
• Golem.de (German): March 12th 2009
• Desktoplinux.com: March 12th 2009
• OpenNet.ru (Russian): March 12th 2009
• Root.cz (Czech): March 15th 2009
• LWN.net: March 18th 2009
• Pofacs #067 (German Podcast): January 21st 2010
• Xakep.ru (Russian): February 27th 2010