13

We've seen it in the movies. A spy or important government agent uses a pre-determined authentication word to not only prove who they are, but also that they are in danger.

I have not seen it implemented directly in any of the big day to day OSes we (the consumer public) use: Windows, Mac, Linux, iOS, Android, Windows Phone, or Blackberry.

I have found an instance of home security systems that have a duress code that will send a signal to the police, but I'm more interested in personal computer or mobile applications.

Does this technique get used in the real world? Are there particular OSes that support a duress code? Could I add this feature to any of my devices through third party software?

Corey Ogburn
  • 742
  • 5
  • 15
  • 1
    you need to define your scope for the "duress code" – schroeder Oct 13 '15 at 15:18
  • 1
    I'm open to systems that have unique ways to define duress code. But if a definition is required, I would think that a system or maybe a website would have two passwords for a user: a normal password exactly like the passwords we use today, and a duress password that meets all requirements for a regular password (except it must be different from the normal password) that when used to log into the account would trigger some sort of event like a script, a lockdown, a signal to a third party, etc. – Corey Ogburn Oct 13 '15 at 15:28
  • Like, for a contrived example maybe there's a duress password for ATMs that when used would behave like a successful PIN but would report insufficient funds so a user at gunpoint couldn't withdraw the money that is in the account. It could also alert the authorities. – Corey Ogburn Oct 13 '15 at 15:31
  • Ok, it looks like the scope is to alert or to provide false data. I'm not sure there is an InfoSec question here. For the OS or ATM example, it would be trivial for a user to set this up themselves: configure a fake account that runs a script upon login, or an ATM card for an account with no or low funds. This is an operational issue, not a secure design issue. – schroeder Oct 13 '15 at 15:41
  • 2
    It absolutely seems in the territory of protecting data. Either through showing alternate, wrong data or through capturing a perpetrator who is after the data. These ends are reached through a system design that could protect the user and/or the data. Alternative measures might be taken but those are usually because the system isn't designed with this security feature in mind. – Corey Ogburn Oct 13 '15 at 15:57
  • Sure, but as I said, this is an operational issue, not something that would be integrated into operating systems. – schroeder Oct 13 '15 at 16:00
  • Personally, I'll never want such a duress code to be built into the OSes of my personal devices. I am already being spied enough. No, thank you. If i really need one, then I will code it myself. – JOW Oct 13 '15 at 16:24
  • 1
    @schroeder Whether you think this is an operational issue, or design issue, it's still an information security question. I could easily see it integrated into operating systems, though it might be a rather narrow user base that would need such a feature. – Steve Sether Oct 13 '15 at 21:28

1 Answers1

11

TrueCrypt supported a duress password which would appear to decrypt the system, but not allow access to the true data, which they called "deniable encryption".

It's been discussed here on security.SE: Plausible deniability with TrueCrypt , Truly deniable encryption

Ben Voigt
  • 754
  • 1
  • 11
  • 17