DOCSLIB.ORG

Mobigyges: a Mobile Hidden Volume for Preventing Data Loss, Improving Storage Utilization, and Avoiding Device Reboot

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mobigyges: a Mobile Hidden Volume for Preventing Data Loss, Improving Storage Utilization, and Avoiding Device Reboot MobiGyges: A Mobile Hidden Volume for Preventing Data Loss, Improving Storage Utilization, and Avoiding Device Reboot Wendi Fenga, Chuanchang Liua, Zehua Guob,c, Thar Bakerd, Gang Wangb,c, Meng Wanga, Bo Chenga, and Junliang Chena aBeijing University of Posts and Telecommunications, 10 Xitucheng RD, 100876, Beijing, China bBeijing Institute of Technology, 5 Zhongguancun ST South, 100081, Beijing, China cUniversity of Minnesota Twin Cities, 117 Pleasant ST, 55455, Minneapolis, USA dLiverpool John Moores University, James Parson Building, Liverpool, L3 3AF, UK Abstract Sensitive data protection is essential for mobile users. Plausibly Deniable Encryption (PDE) systems provide an effective manner to protect sensitive data by hiding them on the device. However, existing PDE systems can lose data due to overriding the hidden volume, waste physical storage because of the \reserved area" used for avoiding data loss, and require device reboot when using the hidden volume. This paper presents MobiGyges, a hidden volume based mobile PDE system, to fill the gap. MobiGyges addresses the problem of data loss by restricting each storage block used only by one volume, and it improves storage utilization by eliminating the \reserved area". MobiGyges can also avoid device reboot by mounting the hidden volume dynamically on-demand with the Dynamic Mounting service. Moreover, we identify two novel PDE oriented attacks, the capacity comparison attack and the fill-to-full attack. MobiGyges can defend them by jointly leveraging the Shrunk U-disk method and multi-level deniability. We implement the MobiGyges proof-of-concept system on a real mobile phone Google Nexus 6P with LineageOS 13. Experimental results show that MobiGyges prevents data loss, avoids device reboot, improves storage utilization by over 30% with acceptable performance overhead compared with current works. Keywords: data loss preventing, hidden volume, improving storage utilization, sensitive data protection, avoiding reboot 1. Introduction tive data on both stationary systems and mobile systems by providing deniability for the sensitive Mobile devices (e.g., smartphones) have become data. Deniability means that sensitive data owner prevalent in recent years, especially in the era of 5G can deny the existence of the data. Modern PDE hidden volume mechanism and the Internet of Things (IoTs) [1]. Hence, pro- systems use the to im- tecting private and sensitive data on mobile devices plement the deniability. The hidden volume based are very important to users [2, 3]. One existing solu- PDE system stores the sensitive data on the hidden volume, yet the hidden volume itself is concealed arXiv:2004.10849v1 [cs.CR] 22 Apr 2020 tion is to use Full Disk Encryption (FDE) [4]. FDE uses an encrypting key to encrypt user data before inside the device. Logically, the storage space on storing it on a device and decrypt the data before the hidden volume based PDE systems can be di- hidden volumes outer volume applications using it [5]. Nonetheless, FDE is not vided into and an . secure because sensitive data can be compromised The outer volume is visible to all users for daily when the encryption key is exposed, since the en- purposes and will be used automatically as the sys- crypted data can be easily decrypted with the only tem starts up, while hidden volumes are concealed encryption key. in the device and store the sensitive data. Such hidden volume based solutions have the fol- Recent works [6{10] propose Plausibly Deniable lowing limitations: Encryption (PDE) to enhance the security. PDE is a data protection paradigm that protects sensi- • Data loss. Hidden volumes are concealed in- Preprint submitted to Journal of LATEX Templates April 24, 2020 Outer Hidden Wasted Hidden Hidden volume volume volumes storage volume’s view blocks blocks blocks Hidden volume writes to Outer volume capacity shown to users Reserved for hidden volume Outer volume Hidden volumeUser’s vie w Outer volume writes to Waste storage blocks Waste storage blocks Outer Outer volume volume’s view (a) Previous works solution. Outer volume capacity shown to users Figure 1: Data loss caused by data override. The outer volume writes data on hidden volume occupied blocks. side the outer volume [7{11], but the outer vol- Physical disk capacity ume does not know the existence of hidden vol- (b) MobiGyges solution. umes. Therefore, it is likely to write data on the storage blocks that are occupied by hidden Figure 2: Hidden volume is placed into a reserved area volumes. Thus, sensitive data stored on the to avoid data override. Large amount of storage space is hidden volume will be lost. Figure 1 shows an wasted. MobiGyges can fully utilize almost all the storage space. example of data overriding between the outer volume and the hidden volume. In the figure, the outer volume considers all the storage space two modes in their system, namely, the nor- (red space) to be usable. When the outer vol- mal mode and the PDE mode [7{11]. The ume writes data on the space of the hidden normal mode uses the outer volume while the volume (purple space), the data on the hidden PDE mode uses the hidden volume, respec- volume will be lost. tively. When users want to use the hidden volume, they have to use the PDE mode. How- • Storage waste. Studies [7{10, 12] attempt ever, device reboot is required to switch modes. to solve the data loss problem by placing the Rebooting the device to use the PDE mode hidden volume into a \reserved area", and the wastes time and is not convenient for users es- outer volume will not write data to that area. pecially those who want to use the hidden vol- The size of the \reserved area" is bigger than ume urgently. the capacity of the hidden volume. As depicted in Figure 2a, in previous works, the right part Apart from the drawbacks, we identify two pos- (green blocks plus the blue block) of the phys- sible PDE oriented attacks (detailed in Section 4) ical volume is reserved for the hidden volume. that might compromise the sensitive data, and cur- Since the capacity of the hidden volume (the rent solutions fail to defend. blue block) is much smaller than that of the \reserved area", the hidden volume can “float” • The capacity comparison attack. The at- inside the \reserved area". Hence, the exact tacker may discover the hidden volume by com- starting position of the hidden volume can be paring the capacity of the outer volume and arbitrary, hidden volumes are thus protected. the hidden volume. If their capacities are dif- However, this mechanism could waste a large ferent, the attacker can doubt the device is par- amount of storage space (green blocks). We ticularly designed, which is prone to expose the find in these solutions [7{9], up to 45%1 of the hidden volume and hence compromises the sen- total storage space is wasted, which is huge for sitive data. For example, a 32GB device uses the resource-limited mobile devices. 5GB for the hidden volume, so the capacity of the outer volume is 27GB. The attacker can • Device reboot. State-of-the-art works use doubt about the 5GB capacity difference, and conduct further investigation. 1Including storage space taken up by the structure of a file system. The calculation of the utilization is detailed in • The fill-to-full attack. If the attacker iden- Section 7. tifies the potential existence of the hidden vol- 2 Encrypted Logical Volume read() write() Linux Figure 3: Data protection systems classification. Encrypt & Application Decrypt <latexit sha1_base64="qyKLrfeuHx+zQREtin+3Dsc5MJU=">AAACGXicbVDJSgNBEO1xN25Rj14ag+DFMCOKHkUvggoKZoFMCD09laSxp3vorhHDkN/w4q948aCIRz35N3aWg9uDgsd7VVTVi1IpLPr+pzcxOTU9Mzs3X1hYXFpeKa6uVa3ODIcK11KbesQsSKGgggIl1FMDLIkk1KKbk4FfuwVjhVbX2EuhmbCOEm3BGTqpVfRDpYWKQWGIcIeIeZzscNNLsU/PhcruwrBwBkaBpBc6ziS0iiW/7A9B/5JgTEpkjMtW8T2MNc8St4JLZm0j8FNs5syg4BL6hTCzkDJ+wzrQcFSxBGwzH37Wp1tOiWlbG1cK6VD9PpGzxNpeErnOhGHX/vYG4n9eI8P2YTMXKs0QFB8tameSoqaDmGgsDHCUPUcYN8LdSnmXGcbRhVlwIQS/X/5LqrvlYK+8f7VbOjoexzFHNsgm2SYBOSBH5JRckgrh5J48kmfy4j14T96r9zZqnfDGM+vkB7yPL7eMoVY=</latexit> dm-crypt Kernel Module ume, he/she may conduct the fill-to-full attack Physical Disk to explore the real capacity of the outer volume by writing arbitrary data to the outer volume and filling it until full. After filling the outer Figure 4: Encrypted logical volume and physical storage. Applications use the normal system call to read or write data volume, the attacker gets the audited informa- to the encrypted logical volume. The dm-crypt Linux mod- tion and conducts the capacity comparison at- ule automatically encrypts and decrypts the data between tack. If the real capacity is different from that the encrypted logical volume and the physical disk. of the physical disk, the hidden volume will be compromised. Management (LVM) into the Android system Existing solutions cannot solve the three prob- and implementing a TriggerApp to use hid- lems simultaneously, and they cannot defend the den volume on-demand secretly. We conduct two attacks. To this end, we present MobiGyges in experiments to evaluate MobiGyges's storage this paper. MobiGyges is a hidden volume based utilization, performance overhead, and experi- PDE system. It introduces the Volume Manage- mental results show that MobiGyes reaches all ment module and FDE module, which prevents sen- our design goal and improves storage utiliza- sitive data loss by restricting each storage block us- tion by over 30% compared with current solu- able by solely one volume, and improves the stor- tions. age utilization by eliminating the \reserved area" (as shown in Figure 2b), and avoids rebooting The rest of the paper is organized as follows. the device to use the hidden volume by introduc- Section 2 introduces related works, and Section 3 ing the Dynamic Mounting service that mounts presents the threat model and assumptions. In Sec- the hidden volume on-demand. MobiGyges also tion 4, we introduce our newly identified PDE ori- uses the Shrunk U-disk method (detailed in Sec- ented attacks. Section 5 presents the design of Mo- tion 5.3.1(3)) and multi-level deniability (detailed biGyges. In Section 6, we present the implemen- in Section 5.3.2(3)) to jointly defend the aforemen- tation of MobiGyges with LineageOS 13 on Google tioned attacks.
Load more

Recommended publications
  • Mobiceal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices
    2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices Bing Chang∗, Fengwei Zhang†, Bo Chen‡, Yingjiu Li∗, Wen-Tao Zhu§, Yangguang Tian∗, Zhan Wang¶ and Albert Ching ∗School of Information Systems, Singapore Management University, {bingchang, yjli, ygtian}@smu.edu.sg †Department of Computer Science, Wayne State University, [email protected] ‡Department of Computer Science, Michigan Technological University, [email protected] §Data Assurance and Communications Security Research Center, Chinese Academy of Sciences, [email protected] ¶RealTime Invent, Inc. i-Sprint Innovations Abstract—We introduce MobiCeal, the first practical Plausibly searched and copied when he was crossing a border, and he Deniable Encryption (PDE) system for mobile devices that can was inspected for seven times during five years [26]. defend against strong coercive multi-snapshot adversaries, who The existing PDE systems on mobile devices [21], [34], may examine the storage medium of a user’s mobile device at different points of time and force the user to decrypt data. [35], [43], [27], [20] are not resilient against such multi- MobiCeal relies on “dummy write” to obfuscate the differences snapshot attacks since they hide sensitive data in the ran- between multiple snapshots of storage medium due to existence domness initially filled across the entire disk. By comparing of hidden data. By incorporating PDE in block layer, MobiCeal storage snapshots at different points of time, a multi-snapshot supports a broad deployment of any block-based file systems on adversary may detect any unaccountable changes to the ran- mobile devices.
    [Show full text]
  • Omegakey Manage Your Device at the Management Module
    Welcome to use our latest version of Lost Mode How to Start to Use it Bluetooth tracker. Detect the distance between the device and Bluetooth Tracker module your phone under the lost mode .Turn on the Step 1: Download the latest version App(version 1.6.0) from Apple App store. omegakey Manage your device at the management module. alarm at alert whether the device is lost, there Step 2: Open the Bluetooth and App. are two levels of lost alarm mode. Select the Thank you for purchasing omegakey Freely set and remove your device here. Step 3: Tap the Beacon for 3-5 times on hard surface, and the Beacon will be connectable when you Double-click the “call” button to find your device. alarm mode you want from the device. Phone hear a buzz. alarm, and both ends alarm. Step 4: Click the Beacon in the App which you want to configure and enter a name to connect it. Step 5: Now, you can configure and use the Beacon normally. NEXT Note: If you're having trouble with the Bluetooth, we recommend you completely remove the battery from the unit for 10 sec and reinsert it. There are many apps you can download some are better than others, we have linked just click on the apple / android icons on the first page Once you have selected the app you like download it and follow the on screen instructions ATTACH BLUETOOTH BEACON EXTERNALLY FOR MAX PERFORMANCE Found mode More View the alarm location or item's last location Find the device under the find mode according p.s make sure your Bluetooth is on and your phone is compatible with 4.0 Bluetooth to the strength of the signal.
    [Show full text]
  • A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes
    A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes Extremely fast forensic imaging speed surpassing 50GB/min. Clone PCIe to PCIe at speeds above 90GB/min Image to/from Thunderbolt™ 3/USB-C external storage enclosures with an optional I/O card. Image and verify from up to 5 source drives up to 9 destinations simultaneously Create a logical image to capture only specific files needed Concurrent Image+Verify greatly reduces duration of image plus verification process Two 10GbE connections provide fast network imaging performance Network capture feature to capture network traffic, VOIP, internet activity Multi-task. Image from multiple sources simultaneously FEATURES n The Falcon®-NEO achieves imaging speeds when imaging directly to large capacity Thunder- n Image from a Mac® computer with USB-C ports surpassing 50GB/min and can clone PCIe to PCIe bolt 3 RAID storage enclosures for evidence data using a USB-C to USB-A cable and Target Disk at speeds at over 90GB/min. collection. The card connects to the Falcon-NEO’s Mode or use Logicube’s USB boot device to n Image and verify to multiple image formats; 2 write-blocked source I/O ports or 1 destination I/O image a source drive from a Mac computer on the native copy, .dd, dmg, e01 and ex01. The Falcon- port. The I/O card does not currently support imaging same network without booting the Mac computer’s ® NEO provides MD5, SHA1, SHA256, and dual hash in TDM from Mac systems, refer to the Falcon-NEO native OS. The Falcon-NEO supports imaging from ® authentication at extremely fast speeds.
    [Show full text]
  • A Plausibly Deniable Encryption Scheme for Personal Data Storage Andrew Brockmann Harvey Mudd College
    Claremont Colleges Scholarship @ Claremont HMC Senior Theses HMC Student Scholarship 2015 A Plausibly Deniable Encryption Scheme for Personal Data Storage Andrew Brockmann Harvey Mudd College Recommended Citation Brockmann, Andrew, "A Plausibly Deniable Encryption Scheme for Personal Data Storage" (2015). HMC Senior Theses. 88. https://scholarship.claremont.edu/hmc_theses/88 This Open Access Senior Thesis is brought to you for free and open access by the HMC Student Scholarship at Scholarship @ Claremont. It has been accepted for inclusion in HMC Senior Theses by an authorized administrator of Scholarship @ Claremont. For more information, please contact [email protected]. A Plausibly Deniable Encryption Scheme for Personal Data Storage Andrew Brockmann Talithia D. Williams, Advisor Arthur T. Benjamin, Reader Department of Mathematics May, 2015 Copyright © 2015 Andrew Brockmann. The author grants Harvey Mudd College and the Claremont Colleges Library the nonexclusive right to make this work available for noncommercial, educational pur- poses, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. Abstract Even if an encryption algorithm is mathematically strong, humans in- evitably make for a weak link in most security protocols. A sufficiently threatening adversary will typically be able to force people to reveal their encrypted data. Methods of deniable encryption seek to mend this vulnerability by al- lowing for decryption to alternate data which is plausible but not sensitive. Existing schemes which allow for deniable encryption are best suited for use by parties who wish to communicate with one another.
    [Show full text]
  • Ensuring Data Confidentiality Via Plausibly Deniable Encryption and Secure Deletion – a Survey Qionglu Zhang1,2,3, Shijie Jia1,2*, Bing Chang4 and Bo Chen5*
    Zhang et al. Cybersecurity (2018) 1:1 Cybersecurity https://doi.org/10.1186/s42400-018-0005-8 SURVEY Open Access Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a survey Qionglu Zhang1,2,3, Shijie Jia1,2*, Bing Chang4 and Bo Chen5* Abstract Ensuring confidentiality of sensitive data is of paramount importance, since data leakage may not only endanger data owners’ privacy, but also ruin reputation of businesses as well as violate various regulations like HIPPA and Sarbanes-Oxley Act. To provide confidentiality guarantee, the data should be protected when they are preserved in the personal computing devices (i.e., confidentiality during their lifetime); and also, they should be rendered irrecoverable after they are removed from the devices (i.e., confidentiality after their lifetime). Encryption and secure deletion are used to ensure data confidentiality during and after their lifetime, respectively. This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of the data in personal computing devices, including both encryption and secure deletion. Especially for encryption, we mainly focus on the novel plausibly deniable encryption (PDE), which can ensure data confidentiality against both a coercive (i.e., the attacker can coerce the data owner for the decryption key) and a non-coercive attacker. Keywords: Data confidentiality, Plausibly deniable encryption, Secure deletion Introduction Spahr LLP: State and local governments move swiftly to Modern computing devices (e.g., desktops, laptops, smart sue equifax 2017); Third, it will directly violate regulations phones, tablets, wearable devices) are increasingly used like HIPAA (Congress 1996), Gramm-Leach-Bliley Act to process sensitive or even mission critical data.
    [Show full text]
  • Mobiflage: Deniable Storage Encryption for Mobile Devices 3
    TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 1 Mobiflage: Deniable Storage Encryption for Mobile Devices Adam Skillen and Mohammad Mannan Abstract—Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. Steganographic techniques and deniable encryption algorithms have been devised to hide the very existence of encrypted data. We examine the feasibility and efficacy of deniable encryption for mobile devices. To address obstacles that can compromise plausibly deniable encryption (PDE) in a mobile environment, we design a system called Mobiflage. Mobiflage enables PDE on mobile devices by hiding encrypted volumes within random data in a devices free storage space. We leverage lessons learned from deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. We provide two implementations for the Android OS, to assess the feasibility and performance of Mobiflage on different hardware profiles. MF-SD is designed for use on devices with FAT32 removable SD cards. Our MF-MTP variant supports devices that instead share a single internal partition for both apps and user accessible data. MF-MTP leverages certain Ext4 file system mechanisms and uses an adjusted data-block allocator. These new techniques for storing hidden volumes in Ext4 file systems can also be applied to other file systems to enable deniable encryption for desktop OSes and other mobile platforms. Index Terms—File system security, Mobile platform security, Storage Encryption, Deniable encryption ✦ 1 INTRODUCTION AND MOTIVATION plaintext can be recovered by decrypting with the true key. In the event that a ciphertext is intercepted, and the Smartphones and other mobile computing devices are user is coerced into revealing the key, she may instead being widely adopted globally.
    [Show full text]
  • Deniable Encryption Protocols Based on Probabilistic Public-Key Encryption
    ______________________________________________________PROCEEDING OF THE 20TH CONFERENCE OF FRUCT ASSOCIATION Deniable Encryption Protocols Based on Probabilistic Public-Key Encryption 1LNROD\Moldovyan1,$QGUH\Berezin2, $QDWRO\Kornienko3,$OH[DQGHUMoldovyan1 1SaintPetersburgInstituteforInformaticsandAutomationofRussianAcademyofSciences 2SaintPetersburgElectrotechnicalUniversity”LETI” 3PetersburgStateTransportUniversity St.Petersburg,RussianFederation [email protected],[email protected],{kaa.pgups,maa1305}@yandex.ru Abstract—The paper proposes a new method for designing where P is a public key. At time of the coercive attack the deniable encryption protocols characterized in using RSA-like sender of the message can open a fake message m with another probabilistic public-key encryption algorithms. Sender-, receiver-, random value r =r such that c = EP (m, r ). The fake random and bi-deniable protocols are described. To provide bi-deniability value r can be computed with some faking algorithm FP , in the case of attacks perfored by an active coercer stage of entity parametrized with the public-key value P. The algorithm FP authentication is used in one of described protocols. is considered as a part of the DE scheme. Its input is the pair (c, m), i.e. r = FP (c, m). The fake message can be I. INTRODUCTION selected arbitrary at time when the sender and/or the receiver The regular encryption schemes provide very high security of the ciphertext are coerced. Examples of such design of against known-plaintext and chosen text attacks, therefore they the DE protocols are presented in papers [12], [13]. In that are widely used to protect information sent via telecommuni- protocols the secret message is encrypted consecutively bit by cation channels from unauthorized access.
    [Show full text]
  • Mobihydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices?
    MobiHydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices? Xingjie Yuy;z;\, Bo Chen], Zhan Wangy;z;??, Bing Changy;z;\, Wen Tao Zhuz;y, and Jiwu Jingy;z y State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, CHINA z Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, CHINA \ University of Chinese Academy of Sciences, CHINA ] Department of Computer Science, Stony Brook University, USA Email: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract. Nowadays, smartphones have started being used as a tool to collect and spread po- litically sensitive or activism information. The exposure of the possession of such sensitive data shall pose a risk in severely threatening the life safety of the device owner. For instance, the data owner may be caught and coerced to give away the encryption keys so that the encryption alone is inadequate to mitigate such risk. In this work, we present MobiHydra, a pragmatic plausibly deniable encryption (PDE) scheme featuring multi-level deniability on mobile devices, to circumvent the coercive attack. MobiHydra is pragmatic in that it remarkably supports hiding opportunistic data without necessarily rebooting the device. In addition, MobiHydra favourably mitigates the so-called booting-time defect, which is a whistle-blower to expose the usage of PDE in previous solutions. We implement a prototype for MobiHydra on Google Nexus S. The evaluation results demonstrate that MobiHydra introduces very low overhead compared with other PDE solutions for mobile devices.
    [Show full text]
  • Deniable Encryption with Negligible Detection Probability: an Interactive Construction
    Deniable Encryption with Negligible Detection Probability: An Interactive Construction Markus Durmuth¨ ?1 and David Mandell Freeman??2 1 Ruhr-University Bochum, Germany [email protected] 2 Stanford University, USA, [email protected] Abstract. Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to “fake” the message encrypted in a specific ciphertext in the presence of a coercing adversary, without the adversary detecting that he was not given the real message. To date, constructions are only known either for weakened variants with separate “honest” and “dishonest” encryption algorithms, or for single-algorithm schemes with non-negligible detection probability. We propose the first sender-deniable public key encryption system with a single encryption algorithm and negligible detection probability. We describe a generic interactive construction based on a public key bit encryption scheme that has certain properties, and we give two examples of encryption schemes with these properties, one based on the quadratic residuosity assumption and the other on trapdoor permutations. Keywords. Deniable encryption, electronic voting, multi-party computation. 1 Introduction One of the central goals of cryptography is protecting the secrecy of a transmitted message. The secrecy property of an encryption scheme is usually formalized as semantic security [10], which guarantees that an adversary cannot gain even partial information about an encrypted message. The notion of semantic security has proven to be very useful in a large number of applications. However, there are some scenarios where semantic security is not sufficient. For example, semantic security does not ensure message secrecy if the adversary can coerce the sender or the receiver of a message to reveal the secret keys and/or the randomness that was used to form an encryption.
    [Show full text]
  • Uncoercible Communication and Deniable Encryption, Or How to Lie with Impunity
    Uncoercible Communication and Deniable Encryption, or How to Lie With Impunity Matthew Kerner 3/4/2006 1 Introduction Use of some cryptographic protocols implies a commitment to the data operated on by those protocols. For example, a digital signature may ensure the property of nonrepudiation: the signer would be unable to claim that the signed document is a forgery. Similarly, encrypting data can form a kind of commitment to the data: the decryption process reveals the committed plaintext. In some scenarios, commitment to a plaintext may be undesirable. For example, in an election setting, we would like to prevent voters from being able to generate proof of their votes, ensuring that they cannot be coerced into voting a certain way, or rewarded for doing so. A secret agent may wish to be able to communicate with her sponsoring organization freely even if a coercive adversary is applying pressure to have her send a particular message. A corporate employee may wish to act as a whistle-blower without fear of management reprisal for having disclosed sensitive information. A variety of techniques have been developed in recent years to provide various cryptographic services, including privacy, without implying a commitment to the plaintext, even under coercive circumstances. We examine a variety of techniques in this vein. But first, we should establish some informal definitions. Coercion occurs when one party forces another, through physical threats, monetary or other rewards, legal action, or other pressure to follow certain be- havior. Coercion can occur before, during or after a transaction of interest. Multiple parties involved in a transaction may be coerced, by the same or dif- ferent adversaries, and each may be asked to follow different behavior.
    [Show full text]
  • Deep Web for Journalists: Comms, Counter-Surveillance, Search
    Deep Web for Journalists: Comms, Counter-surveillance, Search Special Complimentary Edition for Delegates attending the 28th World Congress of the International Federation of Journalists * By Alan Pearce Edited by Sarah Horner * © Alan Pearce June 2013 www.deepwebguides.com Table of Contents Introduction by the International Federation of Journalists A Dangerous Digital World What is the Deep Web and why is it useful to Journalists? How Intelligence Gathering Works How this affects Journalists 1 SECURITY ALERT . Setting up Defenses 2 Accessing Hidden Networks . Using Tor . Entry Points 3 Secure Communications . Email . Scramble Calls . Secret Messaging . Private Messaging . Deep Chat . Deep Social Networks 4 Concealed Carry 5 Hiding Things . Transferring Secret Data . Hosting, Storing and Sharing . Encryption . Steganography – hiding things inside things 6 Smartphones . Counter-Intrusion . 007 Apps 7 IP Cameras 8 Keeping out the Spies . Recommended Free Programs . Cleaning Up . Erasing History . Alternative Software Share the Knowledge About the Authors Foreword by the International Federation of Journalists Navigating the Dangerous Cyber Jungle Online media safety is of the highest importance to the International Federation of Journalists. After all, the victims are often our members. The IFJ is the world’s largest organization of journalists and our focus is on ways and means to stop physical attacks, harassment and the killing of journalists and media staff. In an age where journalism – like everything else in modern life – is dominated by the Internet, online safety is emerging as a new front. In this new war, repressive regimes now keep a prying eye on what journalists say, write and film. They want to monitor contacts and they want to suppress information.
    [Show full text]
  • Or As I Like to Call It, Occult Computing Adrian Crenshaw
    Or as I like to call it, Occult Computing Adrian Crenshaw http://Irongeek.com I run Irongeek.com I have an interest in InfoSec education I don’t know everything - I’m just a geek with time on my hands http://Irongeek.com Occult comes from the Latin word occultus (clandestine, hidden, secret), referring to "knowledge of the hidden". Forensic: Relating to the use of science and technology in the investigation and establishment of facts or evidence in a court of law. Since hiding activities is what we are doing, Occult Computing seems like a good name. Since people are not necessarily hiding their activities from a court of law, the term anti-forensics may not apply. Occult Computing sounds cooler than Anti-forensics Cthulhu fhtagn http://Irongeek.com Thanks to Wikipedia and Wiktionary for wording of definitions Why: Not about just hiding your stash from the Fuzz… Law/policy enforcement may find it useful to know how folks hide their computer activities Users may want to know how to hide their activities from invasive law/policy enforcement Companies may want to know how to clear boxes before donating them What: Mostly Windows, but most ideas are applicable to other operating systems Not going to cover malware analysis, nor network anti-forensics (at least not much) Mostly we will cover hiding tracks left on storage media http://Irongeek.com 1. Don’t leave tracks in the first place 2. Selective file removal and encryption tools 3. Parlor Tricks 4. Nuke it from orbit, it's the only way to be sure http://Irongeek.com Bow down before my Venn diagram of doom!!! If it’s not easy, folks won’t do it.
    [Show full text]