On Mon, Jul 5, 2021 at 3:31 PM Karl Semich <0xloem@gmail.com> wrote:
On Mon, Jul 5, 2021, 3:17 PM Travis Biehn <tbiehn@gmail.com> wrote:
On Mon, Jul 5, 2021 at 2:04 PM Karl Semich <0xloem@gmail.com> wrote:
I'm afraid I can't give a good answer because of my "locks" situation, but obviously we are enswathed with multi-user disk situations, for real.
Karl, If I asked 'what do you have to hide?' then I think your spidey sense should tingle :) That's not the case.
ORAM is a technique that you can apply to a system, an encrypted filesystem ideally incorporates the requisite design and mix of primitives in order to achieve effective operational security, with that meets operational impact objectives. I'm wondering why I would take on the operational costs (to my mission, say, 'taking over the moon', and cost, for example, of decreased bandwidth and increased latency) of a filesystem that uses ORAM, rather than conventional encrypted filesystems.
As another example, a 'hidden volume' is a feature that an encrypted filesystem can have, I can explain that a hidden volume exists to counter a rubber hose attack. If someone
asked why a hidden volume is useful there's no problem in asking or answering the question. The
attack isn't obvious to everyone and consequently the benefit of suffering the operational burden of solving the problem (e.g. using hidden volumes with plausible contents) can't be understood until explained.
So maybe with this framing in mind; what attacks does the use of ORAM-FS counter?
What's your threat model? I bet I can think of a lot.
https://lists.cpunks.org/pipermail/cypherpunks/2021-July/088855.html
Would you consider a rubber hose attack to be the only thing a hidden volume can help against?
-Travis
-- Twitter | LinkedIn | GitHub | TravisBiehn.com
Hidden volumes solve for any type of coerced decryption. I can use Tahoe-LAFS for personal backup and it'll be encrypted, but it wont have ORAM. Most academic work on ORAM is in the context of a centralized cloud service provider. ORAM was not invented in absence of a threat, but it may be applied to a system with no benefit. Here's an example statement from https://arxiv.org/pdf/1605.09779.pdf "ObliviSync: Practical Oblivious File Backup and Synchronization" "ORAM is a powerful tool that solves a critical problem in cloud security. Consider a hospital which uses cloud storage to backup their patient records. Even if the records are properly encrypted, an untrusted server that observes which patient files are modified will learn sensitive medical information about those patients. They will certainly learn that the patient has visited the hospital recently, but also may learn things like whether the patient had imaging tests done based on how large the file is that is updated. Moreover, they might learn for instance that a patient has cancer after seeing an oncologist update their records. This type of inference, and more, can be done despite the fact that the records themselves are encrypted because the access pattern to the storage is not hidden". Karl, pleasure writing to you, I hope you understand a bit better why I'm asking about ORAM-FS's benefits. -Travis -- Twitter | LinkedIn | GitHub | TravisBiehn.com