On Mon, Jul 5, 2021 at 5:07 PM Karl Semich <0xloem@gmail.com> wrote:
Karl, pleasure writing to you, I hope you understand a bit better why I'm asking about ORAM-FS's benefits.
I hear you asking with an eye towards when a large business or government might find it efficient to use.
I don't understand why you are asking this. I observed you didn't share a threat model.
Oramfs is actually completely pluggable under the hood. What do you think about expanding it so it can do non-obfuscated encryption if desired?
This would be incredibly easy to add.
Karl, How do we know that your commentary isn't in bad faith? Textbook disruption techniques. Please share your rationale for questioning my rationale.
Just kidding,
-Travis
Thanks for the joke, Travis.
Yeah, don't trust me, I'm messed up in the head from my fears and experiences. It's nice to read your quote that answered part of your question.
I composed a couple emails that answered more as I saw them, but honestly I was scared to send them, I'm so sorry.
We need to build, share, and use stuff like oramfs more. I don't know what to say to cause that.
Yes, The development, open distribution, and use of tools like ORAM-FS is important. Here's where I'm at; A frame; just one example of the differences between windows' early NTFS file encryption and 'TrueCrypt''s approach. In NTFS the structure of the filesystem was not encrypted, so an adversary could see all the filenames and metadata but no content. In a TrueCrypt volume an adversary has an opaque blob. An adversary can look at r/w access to a TC-like blob (a non-ORAM encrypted FS) and determine what filesystem is in use, then the attacker might guess at the boundaries of individual files, determine the specific implementation of the filesystem (a specific version), the Operating System writing to it, and when some typical files are being written to or read from. If you don't hook any commodity software up to the ORAM-FS then the attacker can probably at most glean the filesystem type and the boundaries of individual files. Depending on the filesystem they may also recover more structural information. I don't see a clear benefit when the files being r/w'd are a variety that your attacker can't predict (a mix of non-standardized mission specific artifacts). But I see an advantage if they can. It looks like access patterns are really useful when the domain of the data is constrained (in structure and type, or perhaps the access domain (e.g. search)); e.g. medical records and emails. The ORAM topic is fresh to me, maybe it's time to do a deep dive on the academic work. Happy for other examples or pointers to content that might help. -Travis -- Twitter | LinkedIn | GitHub | TravisBiehn.com