decentpatterns
[submission] Basis (pl Bases)
Obviously this is a work in progress, and I am particularly not sure about the name Basis because the plural invites confusion with Base. This also may be more privacy-oriented than decentralization oriented, so maybe it's out of scope?
The Design Problem
You need to protect information from a physical search where the user may be under pressure to unlock / give up passwords - e.g. at a border checkpoint or in an abusive relationship.
The Design Solution
Provide multiple independent encrypted storage areas that, without the encryption key, appear to be free space or cached data that the user reasonably wouldn't have the means to decrypt. The user can then selectively reveal passwords that expose less sensitive information, without the intruder being able to tell whether there are more passwords.
Examples
- Bases in the Xous Operating System's Plausibly Deniable Database.
- TrueCrypt's Deniable File System.
Why Choose ... ?
Best Practice: How to Implement ...
Potential Problems with ...
- The software must be useful independently of its privacy features to avoid suspicion under some threat models. And ideally the more common and widespread the better, even if most people don't use multiple bases.
- Under extreme scenarios, the intruder does not know when to stop applying pressure.
- The surrounding environment may contain references that imply the existence of a particular basis, even if implementation is perfect.
The Take Away
References & Where to Learn More
- https://betrusted.io/xous-book/ch09-00-pddb-overview.html
- https://www.schneier.com/academic/archives/2008/01/defeating_encrypted.html
Thinking this over, "layers" may be a better name. Especially with the behavior that bunnie describes here (see contacts app thought-experiment) in the plausible-deniability database, where key-values in unlocked layers replace key-values in locked layers.