trying to define Deniability in context of computer security
leaving no traces. a method of operating a computer – that leaves no clue (on the harddisk? in the RAM?) who did what and when and where.
real world usecase example:
The Mafia comes to your house – threatens to kill your family – if you do not hand over your private-secret keys… or other valuable data they suspect to be stored on your machine(s)/server(s).
… well… the question is: How did they know, that you are operating an secret network?
so there is the problem. How did they got to know this?
everything else is… well… covering up traces:
You could say „i am not part of that network… “
They say: „We have prove so and so…“
So there should be no prove… no clue… no trace… no nothing… that leads to YOUR HOUSE in the first place.
But if there is… you are probably f***ed already.
Because you can deny… but they probably will not believe you… because they have some clue… and will continue to search for proof… so if they confiscate your hardware… there should better be no prove… not even password prompts… no „click here to mount hidden partition“… no truecrypt container… no nothing.
can not proof / analyze / see / detect / decipher / hack / brute force:
- if a person or device has certain valuable data stored
- if a person or device belongs to a certain (soon-illegal as not-in-freedom) network.
- if a person or device did operations on valuable (top secret?) data
- if a person or device transfered certain (top secret?) data
- and if yes
- can not trace to whom/to what machine did the person transfer.
stuff like that 😀
On May 6th, 2016, at Berlin’s OnionSpace (Gottschedstraße 4, 13357 Berlin, Germany) the office space for projects that intend to fix the Internet, we hosted a political discussion regarding the use of scalable, distributed and GNU technologies as a possible way to
recover some bits and pieces of democracy.
Is this all pointless? We invited alert minds to ask us and the audience some tough questions. Participants in the discussion were:
- Renata Avila, Human Rights Lawyer and WebWeWant Campaign Manager;
- Lorenzo Marsili, Co-founder of European Alternatives;
- Hilmar Schmundt, Technology Reporter at DER SPIEGEL;
- Dirk Lütter, Political Filmmaker;
- Claudio ‚vecna‘ Agosti of HERMES and Globaleaks;
- Ms Demos of EDN;
- Christian Ricardo Kühne, Author of „GNUnet and the Power of Information“;
- carlo von lynX (youbroketheinternet.org)
Audio recording of the discussion:
- Part 1 feat. carlo von lynX, Christian Ricardo Kühne, lynX, Demos (ogg, mp3)
- Part 2 feat. Renata Avila, vecna, Hilmar Schmundt, Renata Avila (ogg, mp3)
- Part 3 feat. Hilmar, lynX, Christian, Grindhold, lynX, Renata, Hilmar (fair sound quality) (ogg, mp3)
- Part 4 feat. Lorenzo Marsili, samthetechie, Renata, Christian, vecna, Christian, Renata, lynX (ogg, mp3)
- Part 5 feat. lynX, Dirk Lütter, Renata, Lorenzo, Renata, lynX, Renata, Christian, vecna, Lorenzo (fair sound quality, too) (ogg, mp3)
The quality varies depending on the number of recording devices. Some incomprehensible passages (background noises etc) have been removed. Occasional electric piano was performed live as suggested by vecna. Thanks to the Onionspace for having us and sharing a nice party with us.
Deniable File System
Some years ago I did some design work on something I called a Deniable File System. The basic idea was the fact that the existence of ciphertext can in itself be incriminating, regardless of whether or not anyone can decrypt it. I wanted to create a file system that was deniable: where encrypted files looked like random noise, and where it was impossible to prove either the existence or non-existence of encrypted files.
This turns out to be a very hard problem for a whole lot of reasons, and I never pursued the project. But I just discovered a file system that seems to meet all of my design criteria —
„deniable crypto means in the Rubberhose context is this: if someone grabs your Rubberhose-encrypted hard drive, he or she will know there is encrypted material on it, but not how much — thus allowing you to hide the existence of some of your data.“
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available.
The devil really is in the details with something like this, and I would hesitate to use this in places where it really matters without some extensive review. But I’m pleased to see that someone is working on this problem.
Next request: A deniable file system that fits on a USB token, and leaves no trace on the machine it’s plugged into.