Nakula: Coercion Resistant Data Storage against Time-Limited Adversary
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
Article No.: 4, Pages 1 - 11
Abstract
Both private citizens and professionals including journalists and whistleblowers can find themselves in a situation where they need to physically carry confidential data on a mobile device, through a situation where they might have their device seized and be subject to interrogation. In that case the user may be required to hand over the data by providing the password to unlock the device, violating confidentiality. Many existing proposals to address this issue involve the user lying to the interrogator to convince them that there is no data present, or that they forgot the password, or provide them with a second password that reveal different information. Although data hiding or alternative passwords can be useful solutions, we want to avoid this and instead focus on a scheme where the user can show that they cannot possibly access the data.
In this paper we propose Nakula, a mechanism that enables a user to lock down data with a single click (or voice command, gesture, etc.), enabling secure data transport. The information remains confidential against a very strong adversary who has full control over both the network and the device; and has the ability to force the user to cooperate through coercion. Nakula is designed so that the user does not have to lie or provide any misleading information at all. To achieve this, the user temporarily loses the ability to access the data and will need a trusted third party to recover it. We present a detailed design and security analysis of Nakula, and a proof-of-concept implementation that demonstrates the feasibility of using standard mobile phones to carry data. Finally we discuss several context-specific authentication methods that can be used with the scheme to enable data recovery in a variety of situations.
References
[1]
Ross Anderson, Roger Needham, and Adi Shamir. 1998. The Steganographic File System. In Information Hiding, David Aucsmith (Ed.). Vol. 1525. Springer Berlin Heidelberg, Berlin, Heidelberg, 73–82. https://doi.org/10.1007/3-540-49380-8_6 Series Title: Lecture Notes in Computer Science.
[2]
Austen Barker, Staunton Sample, Yash Gupta, Anastasia McTaggart, Ethan L. Miller, and Darrell D. E. Long. 2019. Artifice: A Deniable Steganographic File System. In 9th USENIX Workshop on Free and Open Communications on the Internet (FOCI 19). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/foci19/presentation/barker
[3]
Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, and Patrick Lincoln. 2012. Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks. In 21st USENIX Security Symposium (USENIX Security 12). USENIX Association, Bellevue, WA, 129–141. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/bojinov
[4]
Dan Boneh and Richard J. Lipton. 1996. A Revocable Backup System. In Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6 (San Jose, California) (SSYM’96). USENIX Association, USA, 9.
[5]
Nikita Borisov, Ian Goldberg, and Eric Brewer. 2004. Off-the-Record Communication, or, Why Not to Use PGP. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society (Washington DC, USA) (WPES ’04). Association for Computing Machinery, New York, NY, USA, 77–84. https://doi.org/10.1145/1029179.1029200
[6]
Rein Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky. 1997. Deniable Encryption. In Advances in Cryptology: CRYPTO ’97, Burton S. Kaliski (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 90–104.
[7]
Jeremy Clark and Urs Hengartner. 2008. Panic Passwords: Authenticating under Duress. In Proceedings of the 3rd Conference on Hot Topics in Security (San Jose, CA) (HOTSEC’08). USENIX Association, USA, Article 8, 6 pages.
[8]
Sophia Cope, Amul Kalia, Seth Schoen, and Adam Schwartz. 2017. Digital Privacy at the U.S. Border. Technical Report. Electronic Frontier Foundation.
[9]
US Customs and Border Protection. 2018. CBP Directive No 3340-049A. Subject: Border Search of Electronic Devices. https://www.cbp.gov/document/directives/cbp-directive-no-3340-049a-border-search-electronic-devices
[10]
Giovanni Di Crescenzo, Niels Ferguson, Russell Impagliazzo, and Markus Jakobsson. 1999. How To Forget a Secret. In STACS 99(Lecture Notes in Computer Science), Christoph Meinel and Sophie Tison (Eds.). Springer, Berlin, Heidelberg, 500–509. https://doi.org/10.1007/3-540-49116-3_47
[11]
Rick Fillion. 2017. Introducing Travel Mode: Protect your data when crossing borders. 1Password. https://blog.1password.com/introducing-travel-mode-protect-your-data-when-crossing-borders/
[12]
Keith Fisher. 2020. Update on Border Searches of Electronic Devices. American Bar Association. https://www.americanbar.org/groups/business_law/publications/blt/2020/04/border-searches/
[13]
Google for Developers. 2014. Android Studio. Google Developers. Retrieved March 16, 2023 from https://developer.android.com/studio
[14]
Payas Gupta and Debin Gao. 2010. Fighting Coercion Attacks in Key Generation Using Skin Conductance. In Proceedings of the 19th USENIX Conference on Security (Washington, DC) (USENIX Security’10). USENIX Association, USA, 30.
[15]
Drew Harwell. 2022. Customs officials have copied Americans’ phone data at massive scale. The Washington Post. https://www.washingtonpost.com/technology/2022/09/15/government-surveillance-database-dhs/
[16]
Johan Høastad, Jakob Jonsson, Ari Juels, and Moti Yung. 2000. Funkspiel Schemes: An Alternative to Conventional Tamper Resistance. In Proceedings of the 7th ACM Conference on Computer and Communications Security - CCS ’00. ACM Press, Athens, Greece, 125–133. https://doi.org/10.1145/352600.352619
[17]
Rhett Jones. 2017. Border Agent Demands NASA Scientist Unlock Phone Before Entering the Country. Gizmodo. https://gizmodo.com/border-agent-demands-nasa-scientist-unlock-phone-before-1792275942
[18]
Paul Karp. 2018. Coalition’s surveillance laws give police power to access electronic devices. The Guardian. https://www.theguardian.com/australia-news/2018/aug/14/coalitions-surveillance-laws-give-police-power-to-access-electronic-devices
[19]
Philip MacKenzie and Michael K. Reiter. 2003. Networked cryptographic devices resilient to capture. International Journal of Information Security 2, 1 (Nov. 2003), 1–20. https://doi.org/10.1007/s10207-003-0022-8
[20]
Andrew D. McDonald and Markus G. Kuhn. 2000. StegFS: A Steganographic File System for Linux. In Information Hiding, Andreas Pfitzmann (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 463–477.
[21]
NatWest. 2023. What is a card reader and how do I use one? NatWest. Retrieved 16 March 2023 from https://www.natwest.com/banking-with-natwest/how-to/card-reader.html
[22]
Pallets. 2010. Flask: web development, one drop at a time. Pallets. Retrieved March 16, 2023 from https://flask.palletsprojects.com/en/2.2.x/
[23]
Kasper Rasmussen and Paolo Gasti. 2018. Weak and Strong Deniable Authenticated Encryption: On Their Relationship and Applications. In 2018 16th Annual Conference on Privacy, Security and Trust (PST). IEEE Computer Society, Belfast, 1–10. https://doi.org/10.1109/PST.2018.8514181
[24]
Joel Reardon, David Basin, and Srdjan Capkun. 2013. SoK: Secure Data Deletion. In 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society, San Francisco, California, USA, 301–315. https://doi.org/10.1109/SP.2013.28
[25]
Nathan Reitinger, Nathan Malkin, Omer Akgul, Michelle L. Mazurek, and Ian Miers. 2023. Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging. In 2023 2023 IEEE Symposium on Security and Privacy (SP) (SP). IEEE Computer Society, Los Alamitos, CA, USA, 274–292. https://doi.org/10.1109/SP46215.2023.00095
[26]
Michael Roe. 2010. Cryptography and evidence. Technical Report. University of Cambridge.
[27]
M. Satheesh Kumar, Jalel Ben-Othman, and K.G. Srinivasagan. 2018. An Investigation on Wannacry Ransomware and its Detection. In 2018 IEEE Symposium on Computers and Communications (ISCC) (25-28 June 2018). IEEE Computer Society, Natal, Brazil, 1–6. https://doi.org/10.1109/ISCC.2018.8538354
[28]
Bruce Schneier. 2009. Protect Your Laptop Data From Everyone, Even Yourself. Wired. https://www.wired.com/2009/07/protect-your-laptop-data-from-everyone-even-yourself/
[29]
Kian-Lee Tan, Hwee Hwa Pang, and Xuan Zhou. 2004. Hiding Data Accesses in Steganographic File System. In Proceedings. 20th International Conference on Data Engineering. IEEE Computer Society, Los Alamitos, CA, USA, 572. https://doi.org/10.1109/ICDE.2004.1320028
[30]
Elise Thomas. 2018. Sydney airport seizure of phone and laptop ‘alarming’, say privacy groups. The Guardian. https://www.theguardian.com/world/2018/aug/25/sydney-airport-seizure-of-phone-and-laptop-alarming-say-privacy-groups
[31]
Amar Toor. 2013. UK border police can seize and download your phone’s data for no reason at all. The Verge. https://www.theverge.com/2013/7/15/4524208/uk-border-police-seize-download-mobile-phone-data-under-anti-terror-law
[32]
Truecrypt. 2023. Truecrypt. TrueCrypt Foundation. https://truecrypt.sourceforge.net
[33]
VeraCrypt. 2022. Veracrypt. IDRIX. https://www.veracrypt.fr/en/Hidden%20Volume.html
[34]
Ben Wolford. 2018. How to protect your phone or computer when crossing borders. Proton. https://proton.me/blog/border-crossing-protect-electronics
[35]
Adam Young and Moti Yung. 1996. Cryptovirology: Extortion-Based Security Threats and Countermeasures. In Proceedings of the 1996 IEEE Conference on Security and Privacy (Oakland, California) (SP’96). IEEE Computer Society, USA, 129–140.
[36]
Xingjie Yu, Zhan Wang, Kun Sun, Wen Tao Zhu, Neng Gao, and Jiwu Jing. 2014. Remotely wiping sensitive data on stolen smartphones. In Proceedings of the 9th ACM symposium on Information, computer and communications security(ASIA CCS ’14). Association for Computing Machinery, New York, NY, USA, 537–542. https://doi.org/10.1145/2590296.2590318
[37]
Kexiong Curtis Zeng, Yuanchao Shu, Shinan Liu, Yanzhi Dou, and Yaling Yang. 2017. A Practical GPS Location Spoofing Attack in Road Navigation Scenario. In Proceedings of the 18th International Workshop on Mobile Computing Systems and Applications (Sonoma, CA, USA) (HotMobile ’17). Association for Computing Machinery, New York, NY, USA, 85–90. https://doi.org/10.1145/3032970.3032983
[38]
Lianying Zhao and Mohammad Mannan. 2015. Gracewipe: Secure and Verifiable Deletion under Coercion. In Proceedings of the 2015 Network and Distributed System Security. Internet Society, San Diego, California, USA, 16 pages.
Index Terms
- Nakula: Coercion Resistant Data Storage against Time-Limited Adversary
Recommendations
Data confidentiality
When releasing data to the public, data disseminators typically are required to protect the confidentiality of survey respondents' identities and attribute values. Removing direct identifiers such as names and addresses generally is not sufficient to ...
A computational model to protect patient data from location-based re-identification
Objective: Health care organizations must preserve a patient's anonymity when disclosing personal data. Traditionally, patient identity has been protected by stripping identifiers from sensitive data such as DNA. However, simple automated methods can re-...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2023
1440 pages
ISBN:9798400707728
DOI:10.1145/3600160
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 August 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2023
ARES 2023: The 18th International Conference on Availability, Reliability and Security
August 29 - September 1, 2023
Benevento, Italy
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 51Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format