Friday, February 15, 2008

Can I protect private data from the threat of coerced password disclosure?

Bruce Schiener mentioned the threat of government authorities asking you to divulge the password to your encrypted file or disk:

The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe -- and permanent. And some countries -- the United Kingdom, Singapore, Malaysia -- have passed laws giving police the authority to demand that you divulge your passwords and encryption keys.

This is indeed a pain. The same could be done by an adversary by holding you at gun-point etc. Truecrypt, a free disk encryption software that I use, has a partial solution. It allows you to create a hidden volume within an encrypted volume. So to protect yourself from the above threat you can enter the password for the outer volume and deny the existence of any inner volume. I don't know how Truecrypt implements this but I think it works somewhat like this:

The descriptor of the inner volume(and not just the user data) is stored at a fixed location and encrypted with the inner volume's password. Until that password is typed there is no way to know whether there is a valid descriptor(and hence a hidden volume) or not.

This is nice since one can pretend that the inner volume does not exist and the adversary has no way to prove otherwise(all unused space is initialized with random bytes). However, a clever adversary may threaten to overwrite the fixed location where the hidden volume's descriptor resides. At that point you can choose between disclosing the data to the adversary or losing it forever. And in many cases it is good to have that choice.

No comments: