blog-contributions/opsec/deniability/index.html

195 lines
11 KiB
HTML
Raw Normal View History

2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>What is Plausible Deniability ? Why is it Important ?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
2024-10-06 21:59:43 +02:00
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
2024-07-25 12:23:36 +02:00
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
2024-08-12 23:22:38 +02:00
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
2024-07-25 12:23:36 +02:00
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
2024-08-18 22:50:34 +02:00
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-05-01</ba></p>
2024-07-25 12:23:36 +02:00
<h1>What is Plausible Deniability ? Why is it Important ? </h1>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Encryption Provides Privacy </b></h2>
<p>Let's take our previous analogy to explain what Privacy is:</p>
<pre><code class="nim">
Bob wants to talk to Alice, He wants the conversation to remain private, so he closes the door
Jack can't spy on bob and alice's conversation, because the door is closed,
The door is closed, the conversation remains between Alice and Bob, their conversation is Private.
</code></pre>
<img src="1.png" class="imgRz">
<p>For Alice and Bob to protect their conversation from being spied on by Jack, they encrypt their conversation for example by using <a href="../pgp/index.html">PGP</a>.</p>
<img src="2.png" class="imgRz">
<p>Here the most common usecase for encryption is for people to encrypt their system disk on their computers, because if someone (like jack) were to steal their computer, they don't want to read all of their data.</p>
<img src="3.png" class="imgRz">
<p>All in all, encryption is used to provide privacy. As long as the encrypted volumes are closed when Jack is trying to open them, Jack cannot read the contents of the volumes.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>What happens when Bob is forced to give out his password ?</b></h2> </br> </br>
<p>Encryption however, cannot protect against everything.</p>
<img src="4.png" class="imgRz">
<p>In this case, Bob is legally, although questionably morally, forced to decrypt his encrypted system disk by the judge. Keep in mind that this is not a far fetched scenario, this has happened previously.</p>
<ol>
<li><p>in January 2012 (<a href="https://www.wired.com/2012/01/judge-orders-laptop-decryption/">source</a>)</p></li>
<li><p>in Febuary 2009 (<a href="https://www.cnet.com/tech/tech-industry/judge-orders-defendant-to-decrypt-pgp-protected-laptop/">source</a>)</p></li>
</ol>
2024-11-02 10:14:09 +01:00
<p>Now here there are multiple scenarios. Either you live in a country that doesn't respect human rights, and they torture you until you spit out the password, or the country you live in has to respect human rights, they throw you in jail for let's say 6 months, for contempt of court (arguing that you swore to tell the truth, and you lied about having forgotten your password), <b>which is also an attempt to break your will, to make you spit out the password.</b> the only problem is that they can't legally torture you any other way, so they have no other option than to do it like that.</p>
<p>If you are ever dragged into court, <b>the judge will appreciate much more if you actually hand over your laptop, and show that you are willing to cooperate with the authorities by providing your password to unlock it</b>, rather than starting to pretend you forgot your password (which can end badly like in <a href="https://lawblog.legalmatch.com/2018/07/23/florida-man-jailed-allegedly-forgetting-password-on-cell-phones/">this court case</a>, where the defendant was found to be in contempt of court, and thrown in jail for 6 months for it), </p>
2024-07-25 12:23:36 +02:00
<p>When that is the case, simply encrypting the disk is not enough, as <b>all that is required is for the adversary to know of the existance of the encrypted drive, to be able to force Bob to open it</b></p>
<img src="6.png" class="imgRz">
<p>As far as key encryption laws, the trend is that most developed countries are forcing their citizens to incriminate themselves and to surrender the encryption keys to authorities, when asked. In short,<b>If the encrypted volume is proven to exist, you can be forced to surrender the decryption key/password to open it.</b></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
2024-11-03 18:16:29 +01:00
<h2><b>Why is Deniable Encryption Vital?</b></h2> </br> </br>
2024-08-24 16:01:33 +02:00
<p>From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive <b>is to be able to deny the existence of said encrypted volume (Plausible Deniability)</b> . If the encrypted volume does not exist, there is no password to be given for it.</p>
2024-07-25 12:23:36 +02:00
<p>So here we need a technology that can provide us Plausible Deniability. <b>That is what Veracrypt can do for us</b>.</p>
<img src="5.png" class="imgRz">
2024-08-24 16:01:33 +02:00
<p>In short, Veracrypt allows you to encrypt volumes, just like LUKS encryption does. <b>However it gives you the choice to hide another encrypted volume inside the same volume</b>, that is exactly what you can deny the existence of.</p>
2024-07-25 12:23:36 +02:00
<p>So you can hide some random meaningless data inside the decoy volume, while the real data that needs protection sits inside the hidden volume.</p>
2024-08-24 16:01:33 +02:00
<p>This means, when Jack forces Bob to open the vercrypt volume, Bob types Password A to open the decoy volume, Then, when asked by Jack, <b>Bob declares that there is no Hidden volume, and Jack has no way to prove the existence the Hidden Volume</b>.</p>
2024-07-25 12:23:36 +02:00
<p>To see how to implement Plausible Deniability protection with Veracrypt, check out this <a href="../veracrypt/index.html">tutorial</a>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
2024-11-03 18:16:29 +01:00
<!-- +++++ Second Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Live mode - Protecting your Deniability</b></h2> </br> </br>
<p>Now when there is an adversary busting down your door, running towards your computer to collect as much incriminating evidence as possible on you, you need to make sure that they are not finding anything incriminating on you. Thing is, if he were to seize your computer, there are many places he can check inside your computer for anything incriminating (system logs, kernel logs, non-standard log-files, the contents of the RAM, etc)</p>
<p>In the context of you using <a href="../veracrypt/index.html">deniable encryption</a>, <b>the adversary must not able to prove the existance of said encrypted volume</b> that you are trying to keep hidden. This is where using an operating system in live mode comes in the picture:</p>
<img src="7.png" class="imgRz">
<p>To make it short, if you start your operating system in live mode, <b>you are not writing anything on the system disk</b>, but rather <b>you are loading the entire operating system in the RAM</b>. Everthing that you write on the system drive while in live mode gets erased upon rebooting. </p>
<p>The idea behind using live mode is that <b>every forensic trace regarding the hidden encrypted volume</b> that would normally be written into the system logs, kernel logs, and various other system files <b>(that we would normally need to manually clean up after closing the hidden volume)</b> will all be written into RAM instead of being written onto Disk, and then <b>will all be completely erased upon rebooting the computer.</b> </p>
2024-11-03 18:22:39 +01:00
<p>As you'll see in <a href="../tailsqemuvm/index.html">this tutorial</a>, we can make use of a VM's live mode to securely erase every trace of sensitive activity.</p>
2024-11-03 18:16:29 +01:00
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
2024-07-25 12:23:36 +02:00
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
2024-11-16 15:54:12 +01:00
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
2024-07-25 12:23:36 +02:00
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
2024-10-03 21:57:20 +02:00
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
2024-07-25 12:23:36 +02:00
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
2024-08-28 20:13:19 +02:00
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
2024-07-25 12:23:36 +02:00
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>