An elaborate idea of the ambiguous encryption algorithm
Very vividly illustrates the thoughts on the subject of encryption image from xkcd.com.
But if you continue thinking and try to solve the problem using IT methods, then something interesting can be born. Readers are offered an article-description of the algorithm that could help “the one with the encrypted laptop” from the image to give the password to the portrayed attackers without losing important information. Of course, for this, he would have to prepare well, remember a few passwords and constantly experience a lack of free space on the computer, since The described algorithm in this regard can be greedy (if the owner wants to reduce the risks of being caught in a lie).
')
So, briefly, the owner of “such a laptop” when using the above algorithm will remember several passwords, each of which is the key to its “safe” (file container). The owner determines how to distribute information among the containers. Accordingly, he can create several dummy containers with false information. The result of the illustrated threats could be the issuance of a password from one of these "safes". If the attackers are well acquainted with the stated algorithm, you can, for example, issue another 1 or 2, and / or say that there are no more containers in this archive, and all the rest is random information.
The article is presented in a scientific language and in some places is very difficult to understand, for which I apologize.
All modern cryptosystems are built according to the Kerkgoffs principle, according to which the secrecy of encrypted data is determined by the secrecy of the encryption key, i.e. even with a well-known encryption algorithm, an attacker is not able to receive the decrypted data in a reasonable time if he does not possess the key. However, no modern encryption method or program that implements it will protect the information if its owner is placed in a position that forces him to reveal the key. It is also worth considering the possibility of selecting keys, for example, by exhaustive search or dictionary attack, applying specific knowledge of the owner.
There are various systems that allow you to hide the presence of encrypted data ( Wikis: Denied encryption), but they hide entire sections (for example, FreeOTFE, TrueCrypt) that can be found, if desired. On the other hand, there is the Rubberhose file system ( Wiki: Rubberhose ), created by Julian Assange, Sulette Dreyfus, and Ralf Weinmann in 1997–2000. But it does not allow, as TrueCrypt, to create separate files for data storage, which may be, for example, put on the Internet for storage. In general, the description of the Rubberhose basis turned out to be similar to the ideas described below, but the presented algorithm was developed independently of it.
We formulate a problem that needs to be solved:
The solution to the problem of hiding data on the number of subcontainers in a cryptographic store is to include pseudo-random information along with parts of hidden encrypted data in such a way as to distinguish mixed blocks from carrying real information would be impossible. At the same time, the location of the blocks relative to each other should not depend on the keys, the number of subcontainers, the order of work with them .
The algorithm for creating a cryptocontainer is shown in the following figure:
To clarify the flowchart, I will give the following sketch:
Thus, the user is limited only by reasonable frames in the choice of the following parameters:
Information about the encryption algorithms used and hash functions can be stored in the container header, since required to access data.
The process of decrypting the created cryptocontainer after the user has entered the password includes the following steps:
We list some features that should be considered when creating the described crypto-storage:
The main disadvantage of this algorithm is, of course, the access speed (since we pick up the keys to each superblock, including random ones) and the need to store blocks with random information. On the other hand, the owner of the container itself determines the size of random information, and hence the degree of risk in the case of the need to disclose passwords / passwords from sub-containers described at the beginning of the article, which directly affects the access speed. Moreover, the algorithm implies autonomous operation with each subcontainer, i.e. once selecting the superblock that the entered password matches, the program will no longer need to contact other superblocks.
Thus, the presented method of organizing a crypto-storage solves the problem of increasing its durability. It is believed that the attacker is able to pick up one or more passwords used by the user to encrypt some subcontainers, so the algorithm provides for the possibility of mixing random information along with useful information. Such a measure, together with the creation of several subcontainers, will allow the archive owner to personally determine the applicable security policy in relation to stored confidential information. For example, it becomes possible to create several archives with different levels of password complexity, each of which will contain data of different values, but their main set will become a distraction, since due to the possibility of including random information, some parts of such containers simply cannot be decrypted. Moreover, the attacker will have to pick up the key to all the blocks, so the presence of random parts will slow down the search process.
But if you continue thinking and try to solve the problem using IT methods, then something interesting can be born. Readers are offered an article-description of the algorithm that could help “the one with the encrypted laptop” from the image to give the password to the portrayed attackers without losing important information. Of course, for this, he would have to prepare well, remember a few passwords and constantly experience a lack of free space on the computer, since The described algorithm in this regard can be greedy (if the owner wants to reduce the risks of being caught in a lie).
')
So, briefly, the owner of “such a laptop” when using the above algorithm will remember several passwords, each of which is the key to its “safe” (file container). The owner determines how to distribute information among the containers. Accordingly, he can create several dummy containers with false information. The result of the illustrated threats could be the issuance of a password from one of these "safes". If the attackers are well acquainted with the stated algorithm, you can, for example, issue another 1 or 2, and / or say that there are no more containers in this archive, and all the rest is random information.
The article is presented in a scientific language and in some places is very difficult to understand, for which I apologize.
All modern cryptosystems are built according to the Kerkgoffs principle, according to which the secrecy of encrypted data is determined by the secrecy of the encryption key, i.e. even with a well-known encryption algorithm, an attacker is not able to receive the decrypted data in a reasonable time if he does not possess the key. However, no modern encryption method or program that implements it will protect the information if its owner is placed in a position that forces him to reveal the key. It is also worth considering the possibility of selecting keys, for example, by exhaustive search or dictionary attack, applying specific knowledge of the owner.
There are various systems that allow you to hide the presence of encrypted data ( Wikis: Denied encryption), but they hide entire sections (for example, FreeOTFE, TrueCrypt) that can be found, if desired. On the other hand, there is the Rubberhose file system ( Wiki: Rubberhose ), created by Julian Assange, Sulette Dreyfus, and Ralf Weinmann in 1997–2000. But it does not allow, as TrueCrypt, to create separate files for data storage, which may be, for example, put on the Internet for storage. In general, the description of the Rubberhose basis turned out to be similar to the ideas described below, but the presented algorithm was developed independently of it.
We formulate a problem that needs to be solved:
- first, let us take for the fact that the attacker has a user-created cryptographic container , and is also aware of the features of the encryption algorithm used ;
- secondly, the data of real value should be hidden so that the attacker could not calculate the total number of nested sub-containers in the crypto-container, even after gaining access to several of them.
The solution to the problem of hiding data on the number of subcontainers in a cryptographic store is to include pseudo-random information along with parts of hidden encrypted data in such a way as to distinguish mixed blocks from carrying real information would be impossible. At the same time, the location of the blocks relative to each other should not depend on the keys, the number of subcontainers, the order of work with them .
The algorithm for creating a cryptocontainer is shown in the following figure:
To clarify the flowchart, I will give the following sketch:
Thus, the user is limited only by reasonable frames in the choice of the following parameters:
- used hash functions and their combinations to create encryption keys for subcontainers and headers for superblocks,
- subcontainer block encryption algorithm (AES, Blowfish, DES, etc.),
- the number of blocks in the superblocks (their increase will speed up access to information, reduce the size taken up by reducing the number of headers, but increase the chances of selecting brute-force keys).
Information about the encryption algorithms used and hash functions can be stored in the container header, since required to access data.
The process of decrypting the created cryptocontainer after the user has entered the password includes the following steps:
- Create a key to decrypt the headers based on the received password using a predefined hash function.
- We check each header of all superblocks from the container for possible decryption by the existing key (to verify its correctness, each header includes a confirmation word, which should consist of ASCII characters, for example, “OK” or “TRUE” as in TrueCrypt, as well as contained in the superblock of blocks, for more accurate verification of the key in cases of coincidence of the confirmation word), and thus we obtain a set of superblocks that can be decrypted.
- We build the resulting superblocks into a logical chain in accordance with the indices indicated in their headings (ascending). More superblock headers are not needed and are not involved in the further process.
- Create a key based on the password obtained earlier (encryption key generation algorithms for headers and subcontainers may be different), and use it to decrypt the existing subcontainer.
We list some features that should be considered when creating the described crypto-storage:
- passwords for different sub-containers should be different;
- the probability of receiving a confirmation word after applying the key to the headers created from random bytes should be reduced to zero, by carrying out checks at the corresponding step;
- the size of the superblock headers, minus the length of the confirmation word, should be sufficient to store at least the total number of superblocks built from the blocks of one subcontainer.
The main disadvantage of this algorithm is, of course, the access speed (since we pick up the keys to each superblock, including random ones) and the need to store blocks with random information. On the other hand, the owner of the container itself determines the size of random information, and hence the degree of risk in the case of the need to disclose passwords / passwords from sub-containers described at the beginning of the article, which directly affects the access speed. Moreover, the algorithm implies autonomous operation with each subcontainer, i.e. once selecting the superblock that the entered password matches, the program will no longer need to contact other superblocks.
Thus, the presented method of organizing a crypto-storage solves the problem of increasing its durability. It is believed that the attacker is able to pick up one or more passwords used by the user to encrypt some subcontainers, so the algorithm provides for the possibility of mixing random information along with useful information. Such a measure, together with the creation of several subcontainers, will allow the archive owner to personally determine the applicable security policy in relation to stored confidential information. For example, it becomes possible to create several archives with different levels of password complexity, each of which will contain data of different values, but their main set will become a distraction, since due to the possibility of including random information, some parts of such containers simply cannot be decrypted. Moreover, the attacker will have to pick up the key to all the blocks, so the presence of random parts will slow down the search process.
Source: https://habr.com/ru/post/169689/
All Articles