2016-04-29

$5 wrench #IPBill

Encryption is all about keeping your information (e.g. stored data or communications) secure from attack, i.e. so that nobody else apart from those you intend can get access to it.

Technical attack

The first, and most obvious, line of defence against an attack is against the technical aspect of the encryption itself - an attack on the maths. You need systems where it is not possible for a computer to try every password in a few seconds, or where there are not mathematical tricks to extract the data.

It is fair to say that modern encryption systems are pretty good at this and getting better all of the time. This is the main thing people think of when considering the defence against attack.

However, as xkcd make very clear, tackling the mathematics is not how you attack good encryption. The "$5 wrench" is much more effective, sadly. So we need a defence against that.

Detection

One of the first things to consider is whether someone can detect you have something encrypted in the first place! If they cannot tell you have something encrypted, then they will not try and force the keys out of you with a $5 wrench!

There are several techniques for this. They generally rely on the fact that modern storage devices and things we store have spare space. So on a hard drive, you may have terabytes of space and actual content that is only a hundred megabytes. What is in the rest of the space? Well, it can be random data and nobody will think it is anything else. Except, if you know the right key you can turn random data in to an alternate file system with stuff on it. Drives have random data padding, or can, so you have some degree of plausible deniability.

Another, perhaps safer, system is using the random elements in some types of data. Audio, video, images, all have low levels of random noise. By replacing this with encrypted data, which looks like random noise, the images all look pretty much the same, but can be decoded. The nice thing is, as long as they are original recordings (so no reference to which they can be compared) there is typically no way to prove the "noise" is encrypted data and not "random" without the key. Again, plausible deniability.

Duress

Another simple approach, which may mean the $5 wrench gets re-applied, is that you can have a system were there is a duress code which, when used, wipes the data. You may think that it is hard to quickly wipe a hard disk, or that the hard disk can be copied first so you can always try again, but there are simple ways around that. The idea is you have a security device that holds the (long, and random) key used on the hard disk. It needs the code to extract the key to decode the disk. But, if given the wrong code, it wipes the key (which is quick and easy). It cannot be copied and has tamper detection as well, so trying to open it causes the key to be lost anyway. Apparently iPhones have this sort of technology now, but I don't think they have a duress code (yet) just the "wipe after a number of wrong attempts".

Deflection

Another cunning plan in that the encrypted data is arranged such that with one key you get the actual stored data, but with another, you get some benign data - though ideally the benign data wants to be something embarrassing that you might have wanted to encrypt. This is harder to do, as the data has to be somewhere, but with things like alternative file systems in hidden partitions, as above, it means that application of the $5 wrench can get access to encrypted data that "they" were sure was there, but not get the data you want to keep secret.

When it is not a $5 wrench

All of this is trying to address the adversary that is wanting to get to your data, on the assumption that they are "the bad guy". But what if the data is something you want to hide because you are a criminal?

Well, the problem is that every one of these techniques, designed to protect us against "the bad guy with the $5 wrench" work just as well to protect us from the FBI or the police. They will use threats of law enforcement, imprisonment, and so on, rather than a $5 wrench, but the answers are the same. If you can make it so they have no way to know there is something hidden at all, you win. If you can make it so after threats, you give a key that provides non-criminal data, you win. Even the duress code to wipe the data may work, if it does not flash up saying "wiping key" and just says "invalid code" and you can claim you really have forgotten the key.

The protections are the same, and so, if we are to continue to mostly win against the "bad guys" we will have systems that win against the police as well. That is just a fact of life, without which we open doors to criminals (and $5 wrenches). Sadly, maths does not understand law, and law should realise this and jus get over it and stop being an arse.

No comments:

Post a Comment

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...