Introducing TENS

While writing a long review of Windows 10 security issues, I encountered the possibility that some situations might call for use of something like Trusted End Node Security (TENS), formerly known as Lightweight Portable Security (LPS), a Linux distribution developed by the U.S. Department of Defense (DoD). Wikipedia described LPS as

a Linux LiveCD (or LiveUSB), developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory, that is designed to serve as a secure end node. It can run on almost any Intel-based computer (PC or Mac). LPS boots only in RAM, creating a pristine, non-persistent end node. … LPS turns an untrusted system … into a trusted network client. No trace of work activity (or malware) can be written to the local computer hard drive.

Wudewasa (2017) contended that it would be incredibly shortsighted for DoD to build a backdoor into its own software, though maybe doing so for the public version would be too great a temptation to resist. The TENS website said its products “provide network security from the end node perspective while providing user capabilities of remote access, secure web browsing, and file/folder encryption.” Another TENS page said,

If the Mac does not boot using the 'C' key or the option key, then boot the Mac normally, insert the TENS ™ disc, and then select the TENS ™ disc as the boot device. Run the System Preferences utility in the Applications folder, then select Startup Disk. Select the CD; it may be called 'Foreign OS on CDROM'. Then restart the system. As of version 1.7, the distribution was rebranded as Trusted End Node Security, or TENS. So this is very similar to Tails in that you'll lose all your data on reboot and probably have a fair amount of frustration at installing software that doesn't come pre.

TENS™ differs from traditional operating systems in that it isn’t continually patched. TENS™ is designed to run from read-only media and without any persistent storage. Any malware that might infect a computer can only run within that session. A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot TENS™ immediately before performing any online banking transactions. TENS™ should also be rebooted immediately after visiting any risky websites, or when the user has reason to suspect malware might have been loaded. In any event, rebooting when idle is an effective strategy to ensure a clean computing session.

That webpage indicated that there were three editions of TENS. All three ran from bootable media; the so-called Bootable Media edition was apparently intended only for DoD civilian and military personnel. TENS-Professional was for non-DoD federal organizations. The rest of us were left with TENS-Public, in Regular and Deluxe versions. The download page said the difference was that the Deluxe version included software such as LibreOffice and Adobe Reader. Version 1.7.6 (May 2019) was said to be the last version that would include both 32- and 64-bit kernels; later versions would be 64-bit only. DoD said that, in effect, TENS would run on any computer capable of running Windows XP, requiring only 1GB disk space for Regular and 1.GB for Deluxe. The networking feature would run on wired, wireless, or tethered cellular connections. Printing was feasible for both local USB and networked printers.

Installing TENS

I downloaded the Regular and Deluxe Public ISOs (1.7.6). After some struggles, I emailed the TENS office for suggestions. They replied quickly and helpfully. Based on their advice and on the instructions, I started by formatting a USB drive in FAT32 format, with the name of KINGSTON, but otherwise using the Windows formatting defaults. That was going to be my target drive. It was mounted as drive F.

The next step was to run the installer. To do that, I double-clicked the Regular ISO in Windows 10 File Explorer. That mounted the ISO as drive G. I went into its G:InstallToUSB folder. There, I right-clicked the USBInstall.bat file located in that folder and chose Run as administrator.

The installer asked for my source drive. In this case, that was G. Then it asked where my USB flash drive was. I entered F. It asked if I wanted to format the drive. I had to say no. The TENS people had told me that the batch script used an old formatting tool that couldn’t handle a USB drive larger than 4GB. This was why I formatted it myself before starting.

Next, the installer asked if I wanted to install Encryption Wizard. The Encryption Wizard instructions included information on unlocking my computer’s Java installation, so as to enable 256-bit AES encryption. Unlocking Java required additional steps that I did not want to take now. So, at least for this trial run, I said no to Encryption Wizard. I would soon see that Encryption Wizard was included anyway, without these additional steps, so No was apparently the best answer here.

With that done, the installer proceeded to copy files to the USB drive. That took a minute or two. It seemed to succeed. It ended with a warning that I interpreted as follows:

• TENS ran from RAM, so it would not be necessary to keep the USB drive plugged into the computer, once TENS was booted and running. Indeed, the TENS installation would be better protected from malware if the USB drive was removed as soon as possible after TENS was up and running. And if you were a spy who might need to flee at a moment’s notice, getting the USB drive out of the computer and into your pocket would be better done right away.
• Given that advice, and the fact that the TENS USB drive “will NOT automount as a storage device,” they recommended using a separate USB drive to store data used or acquired during the TENS session.

Out of curiosity, I ran a partitioner (e.g., MiniTool Partition Wizard, AOMEI Partition Assistant, EaseUS Partition Master) to take a look at the USB drive’s structure. On the first USB drive I used, it had an 18MB unallocated space. I wasn’t sure how that got there — it wasn’t on the other USB drive I used. Either way, the rest of the USB drive was filled with the partition containing the TENS installation. But that partition was mostly empty: TENS Regular edition used only about 550MB.

Later, I repeated those steps to create a bootable version of the TENS Deluxe edition. This time, I formatted the drive as DELUXE. The process otherwise proceeded exactly as just described, except that MiniTool reported a total of about 700MB of disk space being used.

For those interested in trying alternate approaches, my initial struggles included an attempt to use the alternative Linux installation method. The instructions there told me to install and use unetbootin on Linux, and use unetbootin to install the ISO on the USB drive, and then “Follow the ‘If using Linux’ instructions in the program.” This made me wonder if I could do approximately the same thing by starting with a Windows program like Rufus. I ran Rufus, pointed it toward the regular (not deluxe) TENS ISO, and told it to add a 5GB persistent partition. I tried but it wouldn’t boot. But apparently it was supposed to, so presumably something was wrong with my approach.

As another alternative, I booted a Linux Mint live USB and tried to install UNetbootin on it by entering the recommended commands. But those produced errors related to the repositories. The Linux instructions didn’t work for me, no doubt because my Linux skills were pretty rusty. So the procedure described above was the only one that gave me working TENS USB drives.

Booting TENS

TENS required a Legacy BIOS boot. That is, it apparently hailed from the days when you could plug pretty much any USB drive into a computer and boot it. The obvious security risks had led to increasingly widespread use of UEFI booting with Secure Boot, which would essentially refuse to boot most Legacy systems. To boot TENS, I would have to go into what was still often called “the BIOS” — that is, the UEFI setup utility. This would traditionally require hitting F2 before or during the computer’s bootup diagnostic or splash screen. If that didn’t work, it might be necessary to look at the motherboard’s user manual.

Once the user was in the BIOS, s/he would have to change it to boot in Legacy mode. If the BIOS was passworded, as it could well be on a security-oriented system, then I wouldn’t be able to boot TENS unless I had that password or reflashed the BIOS (by e.g., booting with a Windows To Go drive and running the motherboard’s flash utility) — which could make the owner of that computer quite unhappy. This could all add up to a rather complicated scenario for the user who just wanted a simple plug-and-play secure USB drive. It did seem that, if the TENS people updated their tool, they might bring it into the UEFI world. Possibly a Windows To Go version would be an answer.

I didn’t have those problems: I was able to configure my own desktop computer to boot in Legacy mode. To do that, in this computer’s ASUS UEFI BIOS Utility (Advanced Mode), I had to change OS Type from UEFI to Other OS, and Compatibility Support Module to Legacy only. Then I had to reboot and let it run (or, if the system contained other bootable drives, hit F9, or perhaps some other key for some motherboards, to choose from among multiple boot options). Then I booted the TENS USB drive, and after a pause of a minute or so at “Loading /boot/initrd,” it ran successfully. (TENS offered FAQs for problems with booting, among other things.) Here, again, the experiences with the Public and Deluxe editions were identical.

Comparing the TENS Public and Deluxe Editions

When the Public edition ran, it gave me desktop icons for Firefox, Encryption Wizard, User’s Guide, and KINGSTON. I briefly explored these items:

• User’s Guide was a 62-page PDF that opened in the Linux Evince viewer (2014 edition; see also the online version). I found Evince workable but inferior to what I would see in Adobe Acrobat Reader on a Windows system.
• Firefox ran — very quickly. To go online, I had to go to the network connection icon in the system tray (i.e., at the lower right corner of the screen). If I left-clicked on that icon, my only option was to add a VPN connection. That produced an error: “Error creating connection. No VPN plugins are installed.” This was not what I expected from the User’s Guide (p. 18): it said left-clicking should show me a list of available wireless networks. The Guide also showed a network icon different from the one appearing on my screen. If, instead, I right-clicked on that network connection icon in the system tray, I could add a WiFi connection. This was not, however, an automatic detection process: it appeared that I would need technical information that I did not have about my own Internet Service Provider (ISP) at home, and almost certainly would not have in some unfamiliar place where I would have the greatest need for the TENS tool. A search did not lead readily to a solution.
• Encryption Wizard seemed to be working, and as noted above, I would soon find that Java was installed, despite what the installer had said.
• KINGSTON was the name that I had given to the USB drive when formatting it. Double-clicking on this desktop’s KINGSTON icon opened a Linux File Manager window. Despite what the installer said about not being able to use the installer as a storage device, I found that I was able to paste the User’s Manual link from the desktop into the KINGSTON drive in that window. Presumably I could have created a storage folder within the Linux installation, even if it did prove impossible to access any disk partitions outside that installation.

These outcomes suggested that TENS Public edition had been updated in ways not reflected in the words of the installation batch file.

The only official Kaplan Lecture Notes for USMLE Step 1 cover the comprehensive information you need to ace the exam and match into the residency of your choice. Up-to-date: Updated annually by Kaplan’s all-star faculty. Integrated: Packed with clinical correlations and bridges between disciplines. Features of Kaplan USMLE Step 1 Lecture Notes. Used by thousands of medical students each year to succeed on USMLE Step 1, Kaplan’s official lecture notes are packed with full-colour diagrams and clear review. The 7 volumes—Pathology, Pharmacology, Physiology, Biochemistry and Medical Genetics, Immunology and Microbiology, Anatomy, and Behavioral Science/Social Sciences—are updated annually by Kaplan’s all-star expert faculty. In order to study for the USMLE Step 1 of human anatomy, the book which you should get is the one from Kaplan. To get it for free, a free download link for Kaplan USMLE Step 1 Anatomy Pdf is available on our website. The lecture notes are available of the same book for free. Let us move towards the review now. Kaplan step 1 anatomy lecture notes pdf.

Along with those desktop items and Evince, in the Regular edition, the Start button at the bottom left corner of the screen offered other software:

• Configuration. Items in this menu pick consisted of Date and Time, Desktop Settings (i.e., appearance, e.g., fonts), Display Properties, Keyboard, Mouse, Power Management, and Printer Administration. There was also a Java item. It confirmed that Java 8.0_201 (2018) was installed.
• Connectivity. Items here: Citrix Receiver, Citrix Receiver Preferences, Minicom Terminal Emulator, Network Proxy, Ping, PuTTY, Remote Desktop, SSH, and VMware View Client. My impression was that these were tools one might use in manually setting up or troubleshooting an Internet connection.
• Debug. Items here: Diagnostics and Task Manager. There was more to Diagnostics than first appeared: I had to keep clicking its OK buttons to get to the next set of options. I tried using it for my WiFi situation, but unfortunately found it unhelpful. The Task Manager tool did not seem to be working, or at least it seemed to say that nothing was running when, in fact, Evince was open.
• Documentation. Aside from the User’s Guide, the principal item here was Encryption Wizard User Manual.
• Multimedia offered only Volume Control.
• Security. Items here: Check for OpenDNS and Enable DNSCrypt.
• Utilities. This last category on the Start menu (aside from Shutdown) contained most of the useful if basic software: Calculator, CD Burning, Character Map, File Manager (not available via Win-E), Image Viewer, Onscreen Keyboard, Paint, SCR Firmware Update, Terminal Emulator, Text Editor, and UnZip.

The Deluxe edition was the same in most regards. The Networking icon in the system tray worked — or, more accurately, failed to work — the same as in the Regular edition. The Deluxe desktop offered one additional icon, for LibreOffice. That loaded successfully and ran quickly. The Start menu offered the same categories, with just a few additional items: I noticed Adobe Reader 9, Instant Messaging, Secure Email, and Media Player. Although Adobe 9 would be superior for some purposes, it appeared that it was too old for the font used in the User’s Guide: the text was rendered strangely. Conversion to PDF/A could be a solution.

Perhaps it was necessary, for DoD purposes, to endure the overhead of offering two separate, highly similar editions for public use. But I would expect a private developer to either merge these two products or differentiate them more sharply, presumably by adding more software and/or better-developed features to the Deluxe version. Possibilities in that direction could include basing Deluxe on a more secure or Internet-oriented Linux distribution (e.g., Qubes, Tails, Peppermint), including a preconfigured VPN, using a more secure browser (e.g., Brave), and adding more privacy- and security-oriented extensions (e.g., Disconnect, Privacy Badger, LastPass). The following section adds a few other possibilities.

Tweaking TENS

If I decided to use TENS, I would surely begin by solving the networking problem, so that I could actually go online as intended. I did not explore that at this time, mostly because I hated trying to troubleshoot WiFi and networking problems. But certainly an ability to explore the use of this tool online would have enhanced my interest in it at this point.

It was not clear what “plugins” were intended, in the reference to plugins in connection with Firefox (above). The FAQs did mention several plugins; perhaps these were the only ones available. I was interested in the VPN plugin mentioned above; I just didn’t know where to get it.

The installed Firefox seemed willing to synchronize with the user’s Firefox account. This would open up the possibility of synchronizing the user’s Firefox bookmarks. Bookmarks could give the user — especially a user of the non-persistent TENS system — quick access to a wide variety of web-based tools (e.g., Microsoft Office Online, Slack, Dropbox, Evernote, Trello). An alternative would be a bookmark leading to a webpage set up by the user (or, conceivably, by TENS) providing easily accessed links to webpages of interest, including the websites of those cloud tools. Cloud tools could prove superior, in both capability and variety, to the tools presently included in TENS.

Firefox extensions could also introduce security risks. I didn’t read the manual in full. Possibly it warned against this. Possibly a highly secure public version of TENS would restrict or at least warn against naive synchronizing of Firefox extensions.

I appreciated the advice about removing the TENS drive quickly, interpreted (above) as seeking to protect it from possible infection. Given the relative scarcity of Linux malware, however, there was also an argument for making that bootable USB drive as useful as possible, especially for users who wouldn’t or couldn’t reliably use two USB drives in every TENS session. These days, it was getting hard to find USB drives as small as 4GB. Thus there was likely to be a large amount of unused space available on the TENS drive. According to 12 StackExchange discussions, Windows was only capable of seeing the first partition on a USB drive. It seemed, then, that the Linux bootable partition should be the second partition on the USB drive, and the first one should be formatted in FAT32, so that both Windows and TENS could use it. Ideally the TENS setup would take care of that. I tried doing it myself. I used a partitioner to move the TENS partition to the last 4GB of its USB drive, and to create a ~25GB partition that I labeled as TENStorage and set as drive J. Unfortunately, this experiment failed: the drive was not bootable. Apparently further exploration would be needed to figure out where I had departed from the suggestions in those StackExchange discussions.

I was not sure whether it would also be possible to run other software within the TENS system. For instance, MakeTechEasier (Tee, 2017) listed a miser’s dozen portable Linux apps. The question was whether TENS would run them, if I plugged in a second USB drive containing those tools. This was another question that I might explore if I went further with TENS.

A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other (un)trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks (e.g. exfiltrate sensitive information, ingest malware, etc.). SENs often connect through an untrusted medium (e.g. the Internet) and thus require a secure connection and strong authentication (of the device, software, user, environment, etc.). The amount of trust required (and thus operational, physical, personnel, network, and system security applied) is commensurate with the risk of piracy, tampering, and reverse engineering (within a given threat environment). An essential characteristic of SENs is they cannot persist information as they change between networks (or domains).

The remote, private, and secure network might be organization's in-house network or a cloud service. A Secure End Node typically involves authentication of (i.e. establishing trust in) the remote computer's hardware, firmware, software, and/or user. In the future, the device-user's environment (location, activity, other people, etc.) as communicated by means of its (or the network's) trusted sensors (camera, microphone, GPS, radio, etc.) could provide another factor of authentication.

A Secure End Node solves/mitigates end node problem.

The common, but expensive, technique to deploy SENs is for the network owner to issue known, trusted, unchangeable hardware to users. For example, and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoDSoftware Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persistent, remote client that boots over the network.^[1]

A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing) and higher software. An implementation of this is a LinuxLive CD that creates a stateless, non-persistent client, for example Lightweight Portable Security.^[2][3][4][5] A similar system could boot a computer from a flashdrive^[6][7] or be an immutable operating system within a smartphone or tablet.

See also[edit]

References[edit]

1. ^SEN/SKG, 'Archived copy'(PDF). Archived from the original(PDF) on 2011-10-18. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)
2. ^LPS main page, 'Archived copy'. Archived from the original on 2012-09-02. Retrieved 2012-07-31.CS1 maint: archived copy as title (link)
3. ^Lifehacker, http://lifehacker.com/5824183/lightweight-portable-security-is-a-portable-linux-distro-from-the-department-of-defense
4. ^Linux Journal, http://www.linuxjournal.com/content/linux-distribution-lightweight-portable-security
5. ^InformationWeek, http://www.informationweek.com/news/government/security/231002431
6. ^Secure Pocket Drive, 'Archived copy'. Archived from the original on 2011-09-03. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)
7. ^Trusted Client, 'Archived copy'. Archived from the original on 2010-12-06. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)