On Mon, Jul 5, 2021 at 2:04 PM Karl Semich <0xloem@gmail.com> wrote:
>
> I'm afraid I can't give a good answer because of my "locks" situation, but obviously we are enswathed with multi-user disk situations, for real.
Karl,
If I asked 'what do you have to hide?' then I think your spidey sense
should tingle :) That's not the case.
ORAM is a technique that you can apply to a system, an encrypted
filesystem ideally incorporates the requisite design and mix of
primitives in order to achieve effective operational security, with
that meets operational impact objectives.
I'm wondering why I would take on the operational costs (to my
mission, say, 'taking over the moon', and cost, for example, of
decreased bandwidth and increased latency) of a filesystem that uses
ORAM, rather than conventional encrypted filesystems.
As another example, a 'hidden volume' is a feature that an encrypted
filesystem can have, I can explain that a hidden volume exists to
counter a rubber hose attack. If someone
asked why a hidden volume is
useful there's no problem in asking or answering the question. The
attack isn't obvious to everyone and consequently the benefit of
suffering the operational burden of solving the problem (e.g. using
hidden volumes with plausible contents) can't be understood until
explained.
So maybe with this framing in mind; what attacks does the use of
ORAM-FS counter?
What's your threat model? I bet I can think of a lot.
Would you consider a rubber hose attack to be the only thing a hidden volume can help against?
-Travis
--
Twitter | LinkedIn | GitHub | TravisBiehn.com