Hacker News new | past | comments | ask | show | jobs | submit login
Designing Crypto Primitives Secure Against Rubber Hose Attacks (usenix.org)
56 points by zvrba on Jan 27, 2015 | hide | past | favorite | 24 comments

"While the planted secret can be used for authentication, the participant cannot be coerced into revealing it since he or she has no conscious knowledge of it." Quite interesting idea. But don't we now move from "rubber hose" to "Please sit down and authenticate here." territory?

Unless it somehow fails subconsciously when under duress, yes, so this has no practical applications I can think of. It's still fascinating research, though.

The problem with deniable cryptosystems that make it intractable to prove you've complied, like the old stegfs or the not-quite-as-old Marutukku (aka Rubberhose, which Julian Assange worked on by the way) is that it really sucks to be the keyholder! You can try to secure a system against duress disclosure, but you can't safeguard the people as well - it is possible to make wrench-resistant systems, but unfortunately not wrench-resistant kneecaps. I don't think any good solution exists for that: that's a physical/political/legal/OPSEC problem, not a technical one.

It's also impossible for the key holder to prove to his assailants that he has provided the correct keys, so there is little incentive to comply in some situations, since you will likely be killed / tortured, either way.

The best of both worlds. Tortured until you reveal your password, then tortured some more!

Exactly. Valuable if you want to ensure the confidentiality of the data no matter what - but you'd better really mean that "no matter what", because if the eventuality arises where the system's properties might be desirable, those same properties essentially spell your own doom.

That and the disk-space penalty for the compartments (either fixed or stochastic) meant that, even in areas of potential forced key-disclosure, these systems didn't take off and are as far as I know mothballed and unmaintained.

A time based quorum of knee caps would increase the complexity of the attack, providing deterrent and better protection.

Yes - the paper does acknowledge this, and makes the assumption that the point of entry is physically secured, for example by a human guard standing watch. This means you couldn't kidnap someone, steal their TOTP token, beat the password out of them, and then go to the location and authenticate as them. It doesn't help in a situation such as being able to log in from any internet connected terminal.

Not this paper again. It can't be used for cryptographic usage and the title(which is the original title of the paper) is completely misleeading.

The device you're authenticating must have the secret you're authenticating with in it in a retrievable format. So it can't be used for e.g. disk encryption, etc, because the attacker can just get the secret from the device and decrypt.

All it can be used for is authentication, and for that they require a human security guard to ensure it's actually a human playing the authentication game. If you were to attach a computer, its likely it could impersonate you. So almost completely useless (except for getting people's hopes up).

More discussion here : https://news.ycombinator.com/item?id=4266115

This paper is from a few years ago, but I think that for folks who aren't quite as in to the net/info security side of things, it's better to think of "rubber hose attacks" as a polite way to say "having to fight too many subpoenas from a more wealthy adversary".

Hopefully doesn't apply to your businesses, but it sure delayed a lot of things in the 80s and 90s before the EFF/CDT/and so on helped settle a lot of the law that we take for granted now.

(No I do not work for the EFF, CDT, or any other TLA. I just think that programmers and painters both need to be cognizant of copyright)

Nothing will save you from discovery in a civil case. You either hand the data over, perjure yourself and hope nobody has evidence the data existed, or get sanctioned then the court make an adverse inference that you the evidence must have been bad and can use that against you.

I think that the finger-prick scanners from Gattaca are the future. We already have them in the form of diabetes scanners. They could look for matching genetic material to identify the user, and generate a hash based on the average amounts of hormones in the body, for example. It would only produce the correct hash if you felt 'normal', so a flood of fear hormones or an abundance of drugs would make it throw an invalid hash.

Do you actually need to prick for that? Both fingerprint scanners and thermometers (cf. http://en.wikipedia.org/wiki/Mood_ring) already exist; analyzing reflections of the finger may provide even more information.

A computer that doesn't work when the users is stressed is still going to get defenestrated, though.

This is probably the most reasonable idea I've seen so far, however, this is problematic if you're under stress while simultaneously trying to access whatever system you want access to.

To be honest, while this line of inquiry is satisfying intellectually, I don't expect it to have any practical value.

This really has nothing to do with crypto primitives, but is all about memory. One would still use exactly the same crypto primitives and protocols as we have already, just the method of memorising secrets would be different.

It would be interesting to see how their approach does against attacks against subconscious reactions that can nevertheless be measured by more sophisticated devices.

Hmm, training 30-40 min, authentication 5 min. That's a huge inconvenience. It's very interesting research but I don't see this being used in real life.

Well, one has to think of the contexts in which rubber hose cryptography might be used. If you're a political dissident or whistleblower, you might invest the time. Think Edward Snowden, etc. Clearly this is not meant to lock your phone. :)

Even if it was used for launching nukes. Do you want the president to play a game for 5 minutes to give consent? It's unrealistic.

> It's unrealistic.

I think you'll find this is true of most academic research :)

Yes but the commenter was arguing specifically for this method being applied in real life. While my opinion is that the research is very interesting but that's unlikely.

This might be useful for password recovery in some scenarios.

yeah I fail to see how this actually defends against the `I'm going to hit you with this rubber hose until you login` attack

If you don't know the password to your system it can't be forced out of you.

For example, if you have a password algorithm that takes an input value (lets say a website name) and a seed that is stored on your system somewhere (that you don't have memorized), concats them together and then hashes the result to generate the password, the rubber hose attackers would to both beat the input value out of you and have physical access to the machine your seed is stored on to recover the password.

The trick, it seems, is to be able to convince the guy wielding the rubber hose that you don't have the information he wants.

"Give me the password!" "Password to what?" {whack}

This is a problem that has been solved by every Hollywood movie ever. The bank vault can only be unlocked by the bank manager? Kidnap bank manager's daughter, tell him to unlock the vault. The person with the password and the person who gets the hose don't have to be the same person.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact