return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Considering plausibly deniable cryptography as a response to a Distributed Networking Attack ]

Considering plausibly deniable cryptography as a response to a Distributed Networking Attack


In Staying off the Wall of Sheep, the first lesson of Defcon was "the importance of using encryption, not just at Defcon but in all network traffic." For most users; however, unencrypted cleartext is the order of the day for transmitting UIDs, passwords, and body text as users do not equate their email with post cards, except that it is likely that more can read an email than the post card. Outside government systems, encryption tends to belong to legitimate commercial confidential business, criminal and terrorist enterprises, and the randomly paranoid.

The US Secret Service is responding to the widening use of encryption software by criminals in "higher profile and higher value targets [where] from an evidentiary standpoint they have more to hide" by harnessing its employees PCs (4,000 to date, extending to all 10,000 in 2005) in a Distributed Networking Attack (DNA) program running in background using a fractional part of each CPU's cycle time. As even networks far larger than that of the Secret Service would have great difficulty in brute force decryption of a 256-bit key, the authorities are turning their attention not to the encrypted text but to the encryption passwords

User generated passwords or passphrases are usually flawed, not random, and have some relation to an aspect of their personal or professional life. Information about the "suspect's personal life and interests collected by field agents" is blended with cleartext (email, documents, browser cache, frequented URLs, et al) resident on the suspect's PC hard drive, then submitted to DNA to create a tailored password/passphrase set specific to the PC's owner that is then tested to determine the password. (Criminal gangs that employ multiple languages and alphabets - an increasingly common condition of transnational criminal gangs - add additional complexity.)

As DNA may be expanded to larger parts of DHS, I would expect to see a renaissance in deniable cryptography systems such as Rubberhose (apparently not now available) and StegFS as criminals seek a counter response. Consider the case in which:

A spy travelling with a laptop [with traditionally encrypted files] is arrested by a foreign government, detained, and tortured until he gives up the keys to his data… Encrypted filesystems fail against the Rubberhose Attack [because] traditional encrypted filesystems leak information. While the Bad Guy doesn’t know what the encrypted data is, he is able to see that there -is- encrypted data. Thus, he can beat our spy until all encrypted data has been decrypted.

Deniable cryptography allows a captive or defendant that does not wish to disclose the plaintext corresponding to their cyphertext to be able to that there is more than one interpretation of the encrypted data, i.e., an investigator will likely know that encrypted material exists on the drive, but will not know how much as so there is an opportunity to keep the existence of the most essential data hidden. Designed by Julian Assange, co-author of The Underground, Rubberhose is named after the decryption tactic it attempts to defeat: Rubberhose Cryptanalysis, in which suspects are exposed to repeated beatings or torture until their password is surrendered.

Rubberhose was originally conceived [as] a tool for human rights workers who needed to protect sensitive data in the field, particularly lists of activists and details of incidents of abuse… Human rights workers carry vital data on laptops through the most dangerous situations, sometimes being stopped by military patrols who would have no hesitation in torturing a suspect until he or she revealed a passphrase to unlock the data.

In some cases the inquiring governmental agency does not have to be a third world satrap when it comes to demanding access to private encrypted data. (I often tell US nationals that the Patriot Act is modest in terms of many English laws.) The Regulation of Investigatory Powers Act 2000 of the UK (commonly called RIP) allows UK law enforcement agencies:

the right to demand decryption keys from anyone, and it imposes prison sentences on those that refuse to hand them over. The RIP Act also forbids people, under threat of prison, from telling anyone that they have been asked to hand over their key.

Rubberhose thwarted this by allowing a large number of encrypted messages to be stored on the same drive, each encoded with a different password. As the total number of levels is unknown, the captive can surrender one or more levels with some confidence that the arresting entity cannot easily discern that they do not have access to all the data on the drive. Rubberhose had a modular architecture, self-test suite, employed information hiding (both steganography and deniable cryptography), worked with any file system, had freely available source, and supported ciphers such as DES, Blowfish, Twofish and CAST. Rubberhose could deter forensic disk-surface analysis as a portion of disk blocks from file systems would be randomly repositioned on the drive so as to defeat a statistical analysis of the more frequently used "real" file system.

With Rubberhose down, users can look to StegFS (Steganographic File System) for Linux (also here and FAQ):

StegFS looks like a [completely standard Linux file system (ext2)], except that all free blocks are immediately written over with random data when they are deleted [and] a small portion of files are written to random free areas… Additional directories... appear for each security level… Each hidden file belongs to one of 15 security levels. There are also 15 security contexts, each giving access to a subset of all security levels and protected with its own password. Outsiders can see that a drive is StegFS enabled, but cannot see how many layers of encryption there are on the disk. Users can plausibly deny the number of files stored on disk. The installation of the driver can be justified by revealing one lower layer, and denying the existence of any additional layers.

DNA Key to Decoding Human Factor
By Brian Krebs
Washington Post
March 28, 2005

Defending against Rubberhose Attacks
Christopher Soghoian
JHU Systems Seminiar
March 9 2004
SPAR instance scrolled off

StegFS: A Steganographic File System
HweeHwa PANG, Laboratories for Information Technology; Kian-Lee TAN, Xuan ZHOU, , National University of Singapore, Singapore

Hiding Data Accesses in Steganographic File System
Xuan ZHOU, Kian-Lee TAN, National University of Singapore; HweeHwa PANG, Institute for Infocomm Research, Singapore

Warning over e-mail snooping
BBC News
1 June, 2001

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

<<  |  December 2019  |  >>
view our rss feed