1

Huang: The Plausibly Deniable DataBase

 2 years ago
source link: https://lwn.net/Articles/884085/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Huang: The Plausibly Deniable DataBase

[Posted February 8, 2022 by corbet]
Andrew 'bunnie' Huang introduces PDDB, a database meant to allow users to (plausibly) deny the existence of specific data within it.

Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages. We also want it to offer plausible deniability in the face of an attacker that has unlimited access to a physical device, including its root keys, and a set of “broadly known to exist” passwords, such as the screen unlock password and the update signing password. We further assume that an attacker can take a full, low-level snapshot of the entire contents of the FLASH memory, including memory marked as reserved or erased. Finally, we assume that a device, in the worst case, may be subject to repeated, intrusive inspections of this nature.

We created the PDDB (Plausibly Deniable DataBase) to address this threat scenario.

(Log in to post comments)

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 6:45 UTC (Wed) by rdeforest (subscriber, #153619) [Link]

I haven't dug very deeply into this, but it's setting off my BS detector.

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 9:24 UTC (Wed) by t-v (guest, #112111) [Link]

Having seen some great previous work bunnie did, I would prima facie expect it to be legit.

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 16:15 UTC (Wed) by martin.langhoff (subscriber, #61417) [Link]

Yeah, I'm expecting it to be legit, but can't find reasonable use cases that aren't full of downsides, limits and gotchas.

It might be a failure of my imagination, or it might need to be coupled with something else to make sense.

Damn interesting machinery in any case.

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 13:39 UTC (Wed) by k3ninho (subscriber, #50375) [Link]

>it's setting off my BS detector
I've been following Precursor. Bunnie and team have a track record in this area. Before now, I've found myself surprised by my ignorance -- I suspect what you don't know, here, is surprising you. Ultimately, the code is there[1] and you could educate yourself.

1: https://github.com/betrusted-io/xous-core/tree/main/servi...

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 14:28 UTC (Wed) by nix (subscriber, #2304) [Link]

It's legit, and as such it necessarily has potentially huge downsides. I can easily see a routine precaution by attackers (like, say, customs agents) on this being to force everyone who passes through customs to have their entire disk imaged (so customs can, in theory, recover the data if they ever get the related passphrase) and then forcing the user to download a disk-full of random noise, wiping out all their locked secret bases. Now the attackers potentially have all the secrets, and the user's lost access to the lot (in the absence of backups). It's still deniable, but now it's deniable and *missing* every time it passes through such an attacker's control.

Huang: The Plausibly Deniable DataBase

Posted Feb 10, 2022 0:46 UTC (Thu) by NYKevin (subscriber, #129325) [Link]

Most of these attackers (particularly in western countries like the United States) are heavily dependent on most of their victims not caring enough to try and assert their rights. If you grossly inconvenience a large enough subset of the public, political or legal countermeasures will eventually be brought to bear. CBP doesn't want to explain itself to senators and judges, so therefore they are generally inclined to avoid doing things that cause an unacceptable level of difficulty to a large subset of the public, like wiping everyone's laptop. Lots of ordinary people don't have backups (although they probably should), and if you erase their only copy of their data, they are going to be rather upset about that.

Huang: The Plausibly Deniable DataBase

Posted Feb 10, 2022 2:18 UTC (Thu) by faramir (subscriber, #2327) [Link]

But the CBP didn't erase your laptop. They just rewrote all the empty space on the drive, so what are you complaining about? Since nothing was there, you couldn't possibly have lost anything unless you actually are one of those hackers/terrorists/etc. OTOH, if they did start doing this to everyone it could take a while depending on the storage size. Delaying lots of people at the border in order to overwrite empty space on their disk is likely to get a lot more traction with political leaders.

Huang: The Plausibly Deniable DataBase

Posted Feb 9, 2022 17:45 UTC (Wed) by pebolle (subscriber, #35204) [Link]

When things like this come up one might as well advise people to memorize psalm 91 instead. So that they can silently recite it while they are dragged into yet another nightly interrogation...

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK