On Mon, Jul 5, 2021 at 4:40 PM Karl Semich <0xloem@gmail.com> wrote:
Hidden volumes solve for any type of coerced decryption.
That's what a rubber hose attack is.
I can use Tahoe-LAFS for personal backup and it'll be encrypted, but it wont have ORAM. Most academic work on ORAM is in the context of a centralized cloud service provider. ORAM was not invented in absence of a threat, but it may be applied to a system with no benefit.
Here's an example statement from https://arxiv.org/pdf/1605.09779.pdf "ObliviSync: Practical Oblivious File Backup and Synchronization"
"ORAM is a powerful tool that solves a critical problem in cloud security. Consider a hospital which uses cloud storage to backup their patient records. Even if the records are properly encrypted, an untrusted server that observes which patient files are modified will learn sensitive medical information about those patients. They will certainly learn that the patient has visited the hospital recently, but also may learn things like whether the patient had imaging tests done based on how large the file is that is updated. Moreover, they might learn for instance that a patient has cancer after seeing an oncologist update their records. This type of inference, and more, can be done despite the fact that the records themselves are encrypted because the access pattern to the storage is not hidden".
Karl, pleasure writing to you, I hope you understand a bit better why I'm asking about ORAM-FS's benefits.
I hear you asking with an eye towards when a large business or government might find it efficient to use.
I don't understand why you are asking this. I observed you didn't share a threat model.
Oramfs is actually completely pluggable under the hood. What do you think about expanding it so it can do non-obfuscated encryption if desired?
This would be incredibly easy to add.
Karl, How do we know that your commentary isn't in bad faith? Textbook disruption techniques. Please share your rationale for questioning my rationale. Just kidding, -Travis -- Twitter | LinkedIn | GitHub | TravisBiehn.com