In the physical world we take measures to ensure evidence is not tampered with like tamper “resistant” packaging etc... We don’t have any such measures at all for the digital “evidence.” And what exactly is digital evidence and how do we keep and maintain the integrity of it from beginning to end. We have trouble maintaining the security of mission critical systems. How are we gonna ensure there are no rogue elements in this process who conveniently can and will digitally frame us. They already use fake evidence in the physical world by planting stuff on us. Digital planting is so much easier.
On a similar note, nation state hackers already have false flag tools in their arsenal, where they “plant” evidence of other nations doing an attack.
"We don't have any such measures at all for the digital "evidence"."
This has not stopped courts from accepting digital evidence and the creation of a "digital forensics" industry. Perhaps the only persons who could successfuly call this into question are the same people, so-called "experts", who are supporting its continued existence.
Right now, there are numerous trials across Europe (and other places too, of course) based in large part on the fallout of the EncoChat hack. https://en.wikipedia.org/wiki/EncroChat
At least in Sweden (where I can follow the discussions easily) the defence are raising questions about the legality and to some extent, the validity of the evidence from EncroChat. So far it seems seems the courts are accepting the evidence.
Also, it is quite amusing to read the EncroChat logs from some of these trials. The user names selected and the messages sent sometimes shows very bad opsec.
I'm not sure digital forensics is invalid, but it certainly needs a process of validating that the evidence wasn't tampered with due to the easier nature of tampering. Independent review/auditing is insufficient because it could be fooled by tampering. Independent oversight, though, perhaps could work.
Imagine a scenario like FBI Bob and EFF Alice show up to image a suspect's hard drive. Both of them image it, Alice hashes it and throws away the image, Bob keeps the image, then if there's a dispute, Alice is called in and provides her hash and if Bob's image doesn't match it, the tampering alarms go off.
Hashes of disk images are definitely recorded and stored as part of forensics evidence trail. Being able to prove that the files you got came from the hard drive of the suspect - essentially a physical chain of custody until the image is taken, recording what was taken, and a digital chain with hashes/signatures starting from the imaging.
The hash verification you describe happens (without independent oversight but enugh to protect against a single bribed/malicious officer) and it does protect from post-factum altering of any digital evidence; you try to do the early (physical) parts quickly, the majority of analysis work comes after you have the images and their hashes - but everything from that analysis can reproduced from the verified images if it's disputed.
For this to work, FBI Bob and EFF Alice need to trust each other. Otherwise, if FBI Bob gets to connect to the hard drive first, the imaging process could tamper with the contents before EFF Alice has a chance to do the hashing. And if instead EFF Alice connects first, she could be wiping the incriminating data before taking her hash and FBI Bob imaging anything.
If course, if they already trust each other (including all the used tools), then the whole excercise is moot.
Both parties could be connected to a bridge device that only allows read commands to pass through the actual drive.
They would need to trust that the bridge is not malicious. And that is a whole other rabbit hole. But I think it is possible for them to attest the firmware/gateware running on it, through some convoluted cryptographic ceremony.
What you could do, theoretically, is optically isolate the drive from the bridge, and have an optical splitter on the reader-to-drive direction who's signal is recorded by both parties.
They'd get a live notification of tampering, and could have independent signal blocksers that could physically block the command from actually arriving at the drive (assuming they use a few hundred meters of coiled fiber as a delay line).
The receiver on the drive side could even be a single phtotodiode, which could be made to allow easy verification with, say, an electron microscope if you're really paranoid. There are probably ways to use field-suitable technology if you only need to ensure the photodiode has the same structure as what you expect.
Cryptography won't help you with trusting hardware. Delays and intervention-ability would help, though.
Not sure how optics would help. If your wire has some kind of side channel, optics can have it too. If you want to detect stray mysterious photons then you could do the same with electrons.
But in any case, this is not really the level of concern here. It's equipment that tampers with the device. The only way to be sure is to roll your own. Which holds for both sides. So the perfect systems needs to be created by two adverse parties, which means it's impossible to do. Qed.
(In the real world with physical proof this is different since tampering is much harder and it's a problem worked on for centuries. It's not bullet proof either but much more mature.)
Just as with most things for physical evidence, paper trail documenting what was done by whom and when, plus the testimony of these people. Think the equivalence of "how do you verify that the fingerprints shown as exhibit A were actually taken off that gun?" - if it's disputed, the forensics expert testifies what they did and without very specific counterarguments the juries generally trust that it's true.
They could be extracting the data once into a Merkel tree and then peruse that. I've got to believe the reason they don't is that various intelligence agencies don't want them to.
Yes, you'd need to have separate storage for intermediate product (or at least periodic incremental hashes) to ensure against tampering. The meatspace chain of control rules would likely be adequate (at least to the current state of the legal art) to handle the two, were they stored separately.
This would require regulation of these devices, and they would have to have adequate hardware protection of the keys used to secure these Merkle hash trees.
Not really: if you copied them to a pair of USB keys, those could be handled like other physical evidence.
The point of the Merkle tree in this case is just to make tampering much more difficult/ easier to suspect; independent entities could hash he result and compare for evidence of tampering.
This isn’t a case of absolute perfection, this is bringing things up to the current standard (aka “state of he art”) WRT courts and police procedure.
Sure, one could design all sorts of additional mechanisms (error correcting codes in the trees etc) but realistically, it’s tamper detection that matters, and it only needs to be as good as paper, candlesticks, fingerprints (sigh) or whatever else is already customary in the evidence room.
Pretty sure we had to do the "trusting trust" patch set as a homework assignment during my CS undergrad. It's not actually super complicated. Backdoor login.c when you see it, and backdoor GCC when you see it.
Sounds like someone took code from their homework assignment and added a few fun extra credit features to screw with their psychology professor.
I can imagine how it would be pretty confusing to stumble across if you hadn't read the paper though :-)
On a similar note, nation state hackers already have false flag tools in their arsenal, where they “plant” evidence of other nations doing an attack.
https://en.wikipedia.org/wiki/Vault_7