HOME | DD
l33tn3rdz — Rubber hose cryptographically deniable file system
Published: 2013-05-01 19:07:58 +0000 UTC; Views: 974; Favourites: 0; Downloads: 4
Redirect to original
Description
> I figure the best we can do is to hide the contents of S with crypto and> hide its existence through other means. Traditional stego works well
> for this latter goal, but it does not give us a way to cough up something
> meaningful in place of S, which could be very handy.
>
> In short, certainly the existence of S needs to be hidden, and it would be
> best to do hide it in plain sight as it were, in a big junk pile with
> everything else on the drive.
>
> Indexing this huge mess of data to allow for a practical system to work
> with is certainly a challenge, and in all likelyhood impossible given the
> parameters of the system.
>
Rubberhose (our rubber-hose proof filing system) addresses most of these
technical issues, but I'd like to just comment on the best strategy
game-theory wise, for the person wielding the rubber-hose.
In Rubberhose the number of encrypted aspects (deniable "virtual"
partitions) defaults to 16 (although is theoretically unlimited). As
soon as you have over 4 pass-phrases, the excuse "I can't recall"
or "there's nothing else there" starts to sound highly plauseable.
Ordinarily best strategy for the rubber-hose wielder (let us say Eve) is to keep on
beating keys out of (let us say, Alice) indefinitely till there are no
keys left. However, and importantly, in Rubberhose, *Alice* can never
prove that she has handed over the last key. As Alice hands over more
and more keys, Eve can make observations like "the keys
Alice has divulged correspond to 85% of the bits". However at no point
can Eve prove that the remaining 15% don't simply pertain to
unallocated space, and at no point can Alice, even if she wants to,
divulge keys to 100% of the bits, in order to bring the un-divulged
portion down to 0%. An obvious point to make here is that
fraction-of-total-data divulged is essentially meaningless, and both
parties know it - the launch code aspect may only take up .01% of the
total bit-space.
What I find interesting, is how this constraint on Alice's behaviour
actually protects her from revealing her own keys, because each party,
at the outset can make the following observations:
Eve: I will never be able to show that Alice has
revealed the last of her keys. Further, even if
Alice has co-operated fully and has revealed all of
her keys, she will not be able to prove it.
Therefor, I must assume that at every stage that
Alice has kept secret information from us, and
continue to beat her, even though she may have
revealed the last of her keys. But the whole time
I will feel uneasy about this because Alice may
have co-operated fully. Alice will have realised this
though, and so presumably it's going to be very hard
to get keys out of her at all.
Alice: (Having realised the above) I can never prove that I
have revealed the last of my keys. In the end I'm
bound for continued beating, even if I can buy
brief respites by coughing up keys from time to
time. Therefor, it would be foolish to divulge my
most sensitive keys, because (a) I'll be that much
closer to the stage where I have nothing left to
divulge at all (it's interesting to note that this
seemingly illogical, yet entirely valid argument of
Alice's can protect the most sensitive of Alice's
keys the "whole way though", like a form
mathematical induction), and (b) the taste of truly
secret information will only serve to make
Eve come to the view that there is even
higher quality information yet to come, re-doubling
their beating efforts to get at it, even if I have
revealed all. Therefor, my best strategy would be
to (a) reveal no keys at all or (b) depending on
the nature of Eve, and the psychology of
the situation, very slowly reveal my "duress" and
other low-sensitivity keys.
Alice certainly isn't in for a very nice time of it (although she
she's far more likely to protect her data).
On the individual level, you would have to question whether you might
want to be able to prove that, yes, infact you really have surrendered
the last remaining key, at the cost of a far greater likelihood that
you will. It really depends on the nature of your opponents. Are they
intelligent enough understand the deniable aspect of the cryptosystem
and come up with the above strategy? Determined to the aspect they
are willing to invest the time and effort in wresting the last key out of
you? Ruthless - do they say "Please", hand you a Court Order, or is it
more of a Room 101 affair?
But there's more to the story.
Organisations and groups may have quite different strategic goals in
terms of key retention vs torture relief to the individuals that
comprise them, even if their views are otherwise co-aligned.
A simple democratic union of two or more people will exhibit this behaviour.
When a member of a group, who uses conventional cryptography to
protect group secrets is rubber-hosed, they have two choices (1)
defecting (by divulging keys) in order to save themselves, at the cost
of selling the other individuals in the group down the river or (2)
staying loyal, protecting the group and in the process subjugating
themselves to continued torture.
With Rubberhose-style deniable cryptography, the benefits to a group
memember from choosing tactic 1 (defection). are subdued, because
they will never be able to convince their interrogators that they have
defected. Rational individuals that are `otherwise loyal'" to the
group, will realise the minimal gains to be made in chosing defection
and choose tactic 2 (loyalty), instead.
Presumably most people in the group do not want to be forced to give
up their ability to choose defection. On the other hand, no one in the
group wants anyone (other than themselves) in the group to be given
the option of defecting against the group (and thus the person making
the observation). Provided no individual is certain* they are to be
rubber-hosed, every individual will support the adoption of a
group-wide Rubberhose-style cryptographically deniable crypto-system.
This property is communitive, while the individual's desire to be able
to choose defection is not. The former every group member wants for
every other group memeber, but not themselves. The latter each group
memeber wants only for themself.
* "certain" is a little misleading. Each individual has a threshold
which is not only proportional to the the perceived likely hood
of being rubberhosed over ones dislike of it, but also includes
the number of indviduals in the group, the damage caused by a
typical defection to the other members of the group etc.
Related content
Comments: 14
I must commend you on interest on your subject matter. I have not seen a person with this must interest in cryptography in a long time.
But concerning people responses to the above situation. In different cultures there are number of other responds either by the side trying to find out the meaning of the code or people with the keys to the code. The side trying to obtain the information may just ignore the information to be obtained completely. You might call that the Gordian Knot method. The person with the code may respond in a different manner than predicted, going insane while being beaten and or biting their tongue off. Or maybe just plan lying a lot to have some relief for the pain. In some cultures receiving pain is a wanted religious experience, they actually like it. (Shia, Devishies, Fakers, etc.). I can go on and on. For dealing with the subject in a SF setting the problem can become more extreme. If you want me to I can send you a SF bibliography on the subject of cross cultural response problems.
👍: 0 ⏩: 1
Well in my setting everything related to warfare has not progressed beyond the sword and bow. But everything else is future tech.
So when my character was put under torture He told the court this:
"You really think you can get me to confess everything I know? That's funny because you see, I use the rubber hose cryptographically deniable file system to protect my classified information.
Not only does it use unbreakable encryption algorithms specifically the Blowfish cipher with 448 bit keys, but the beauty of the system is that it is impossible to prove that I disclosed everything I know.
You cannot prove it nor can I. So I can continue to devulge keys in perpetuity and still you will never know if I have cooperated fully or not. So you might as well save yourself the trouble, give it up, and let me go."
So neither of us have advantage over each other. Because I the uke cannot prove that I confessed all, the whole thing is rendered moot.
Pretty clever eh?
👍: 0 ⏩: 1
Generally yes. It is fair argument to use on the interrogators, depending on their level of skill and experience. But they may not want to know everything, only something, and it may not be related to the message at all. Or they may just be collecting bits and pieces to be studied later. The uke (subject) may never know what the interrogators really want. It also depends how much time the interrogators have to get the information.
👍: 0 ⏩: 1
Well when I play out the scenario next gaming session, I will provide keys to harmless and useless unclassified information like personal poems, pictures of the family and such.
Of course keeping the keys to any type incriminating or scandalous classified information to myself. Further more I will explain to them that
"Even if I don't know why you are doing this to me or what you want, you still will never know if I have given you what you want. So you can to this to me indefinitely and still you will never know nor can you prove that I even have the information you are looking for."
Of course if they try harder then they will realize the futility and impasse that I have established. And since they can find no suitable charges to trump up they will have no choice but to let me go right?
So what do you think of this plan, pretty fool proof or not?
👍: 0 ⏩: 1
It depends on the rules of the society. For example in many societies association and even suspicion of an activity can end a person up in a hard labor camp for life. So the openly challenge the authorities during an interrogation is a death warrant. Life can be very cheap. The easiest course, in that case, is usually to give them what they want, what ever that is. In many cases the opportunity of becoming a double agent or even switching sides presents itself.
👍: 0 ⏩: 1
Well the results of my situation are now in.
What happened was I suspected I knew what they were after and that was a series of Top Secret SCI reports documenting a suspected conspiracy between the Utaku family and the Scorpion Clan against my Clan.
So they continued to torture me and I continued to reveal harmless keys to the drive. Eventually I began to say that there are no more keys to reveal. While their computer forensics team tried to look for the encrypted data and they could not.
Their head computer forensics expert said this about my Rubberhose computer hard drive:
"He's using a polymorphic engine to mutate the disk layout, when ever I try to gain access it changes. It's like solving a rubiks cube that's fighting back. But I don't seem to see anything to indicate the presence of any additional encrypted data anywhere on the disk. So he could be telling the truth about there being no more keys because I can't find anything else on the disk. As far as I am concerned. The rest of the disk looks blank."
Because their computer forensics expert could not find anything to suggest that I was not telling them everything they wanted to know, after continuing to say there was no more data on the drive for a few hours, they finally let me go because there was just no possible way for them to tell that I even had what they wanted.
So I walked out and took my computer with me knowing that what ever information that they were looking for was safe. Later when another intelligence report came in, I was able to confirm that I was correct about my suspicion of what they were looking for was indeed the "Scorpion Papers".
As for how they suspected me of having them, a fink (leaker) was the one that tipped them off. My Clan is looking for him now, their orders; eliminate on sight.
👍: 0 ⏩: 1
Interesting. But the Gorgian knot solution might be used by an adversary, who doesn't care about the niceties of guilt or innocents. The very fact that something was fighting back on the disk would cause notice. They could have simply let you go to track you. After giving you a pack of lies about what they though. If they didn't mirror the hard drive it would surprising.
👍: 0 ⏩: 1
Oh yeah my intelligence agency found out they cloned the drive before giving it back to me. But I set it so that the polymorphic engine divides the fragments into 8 bit blocks and then scrambles them that way.
My estimates on them just mapping the drive even in a static non mutating state would take about 10x longer then the current age of the universe.
Not to mention even if by some fluke they manage to extract the drive's internal master key, I set it up so that any attempts to decrypt the drive directly using the master key will not only wipe it clean but also upload a extremely destructive computer virus to their systems. And because the Rokugani Government does not fully understand hacking and cracking, there are no laws against it, so everything I do is 100% legal. Sure it would result a lot of dishonor but there are ways around that too via a little something damage control.
But I would not worry about being tracked or lied to. I am a whole lot smarter then what meets the eye. I will figure something like that out in a very short period of time because you cannot con a con man.
If something happens that could cause me to have to kill myself, I just do what the government does, mark all the evidence as classified and sweep it under the rug.
👍: 0 ⏩: 1
The is history of cryptography is full of unbreakable codes which were compromised or broken. Mathematical probabilities are only probabilities. Hubris is worse than dangerous in security management. Information concerning capabilities of an adversary is most likely disinformation. The first casualty in war is the truth.
👍: 0 ⏩: 1
Based on your feed back, while my character is under imperial sanction, reeducation in the way of the warrior (was way too brutal in combat to the point of sickeningly gruesome killings), is working on some modififacations to the rubber hose system.
He is adding a One-Time Pad based encryption layer to the whole disk. As you know the One-Time Pad cipher is completely unbreakable when used properly. The one time pads will be generated by Cryptographically Secure Pesudo Random Number Generators or CSPRNGs. These pads can be refreshed periodically if you believe they have been compromised.
The pads will be using an AES based obfuscation algorithm to prevent compromise.
👍: 0 ⏩: 1
The problem with codes are that someone has to read them. So they have to give to a number of other people, who hopefully are trustworthy. Usually what happens, with codes, is that they are compromised in one fashion or another. Everything from traitors, to fools, to improper waste management (including emails). Even changing to codes constantly does make it fool proof, someone getting the changes may be the problem. To say any code system is completely safe is dangerous. For example in the history of codes, the US has consistently broken possibly everyone's codes from the American Civil War onward. Many times it has been almost an embarrassment. From the Zimmerman Telegram to the Japanese Declaration of war. During the 1920's before the secretary of state stopped it the US was reading the diplomatic coded messages of even friendly countries.
👍: 0 ⏩: 3
Ironically it seems we were still spying on our friendly countries. Edward Snowden blew the lid off of this one. The NSA was still spying and cracking diplomatic coded messages in secret. Even bugging embassies. Now our allies are very pissed at us and have put us in the dog house. Some are thinking about cutting some ties with us. France, Germany, and Russia are the one who are the most angry at this.
👍: 0 ⏩: 0
Oh I forgot to mention that the Rubber Hose Secured Hard Drive is in my character's personal computer. So only he has the keys to open it because only he has access to it. Sorry about that, does that change this situation any?
👍: 0 ⏩: 0
Of course, after the modifications are completed I will focus on other internal security measures. Such as traitor tracking and proper management of classified information.
For example finding out who fink is who ratted me out. Not to mention investigating to see if this or any other finks we don't know about who have or are still leaking classified information.
Also preventing the misappropriation of classified information is also an issue too. Not to mention the way information is archived and managed. All documents and emails and such are archived in a place called the memory hole. No one is allowed inside that place except me.
The originals are flash incinerated and electronic data is cryptographically erased. I.E. the drives are not only wiped clean but also over written with garbage data 7 times over.
You must focus on all aspects of security both internal and external and not just one like you just said.
👍: 0 ⏩: 0