Deniable Thumbdrive?

Bill Stewart bill.stewart at pobox.com
Fri Jan 24 10:40:37 PST 2003


At 11:40 AM 01/24/2003 -0500, Tyler Durden wrote:
>Peter Trei wrote...
>"What's you're threat model? If it's your wife or kid sister, this
>might work. If it's a major corporation or a government, forget
>it - they'll bitcopy the whole flash rom, and look at it with ease."

Agreed.  Furthermore, the whole thing is inherently dependent on the
processing model and programming interfaces of your thumbdrive.
What does it look like to your PC if you're not using the right thumb?
What does it look like to your PC if you want to use the right thumb?
Three obvious models are
- PC doesn't need Thumbdrive-specific drivers, just generic USB disk,
         and the CPU in the drive decides whether it's seen your thumb
         and reveals the otherwise-hidden files if it likes you.
- PC has specific drivers for the Thumbdrive,
         Whole drive plus the thumbprint pad are visible to the PC,
         and you can only decrypt the secret part if you put a matching
         thumb on the thumbprint.
- PC has specific drivers for the Thumbdrive
         Public drive, thumbprint pad, and hooks for secret drive are
         visible to the PC, and putting the correct thumb on the pad
         lets the PC find out the password to mount the secret drive.

>At this point, most of my threat models are on this level or the next one 
>higher--local cops or dumb goons grab a protestor or whatever and try to 
>shake his photos and whatever digital else out of him..."OK punk, you're 
>not calling a lawyer until you show me what's on this thing"..."Don't tell 
>me nothing's in there I see a login prompt, ya' commie faggot...open it up."

First of all, as Peter says, high-tech cops won't be fooled.
Low-level goons may not recognize it,
or if the thumbprint part requires specific drivers or data on the PC,
you can tell them "sorry, that part's for access to my work PC,
and if you'd like to get a search warrant, they'll let you in the building",
and make sure the public part has some pictures of your dog or whatever.
For medium-tech cops, you can say that it requires installing drivers
on their PC (assuming that it does), and offer to download them,
and prearrange that there's a set of drivers at www.kevinmitnick.com
just in case they actually take you up on it.

>As for the thumbprint, I'm wondering if other parts of the body could be used
>(then even very savvy rubberhosers couldn't just make you try every finger).
>I'll try using my, um, nose tonight.

Depending on the interface presented to the PC, it may or may not be obvious
to the PC whether there are zero, one, or more secret areas on the drive.
If it's not obvious, then the obvious extension to the product would be to
support multiple fingerprints for multiple secret areas, the business model
being so that multiple people can use the same drive, so your right thumb
gets your right-wing-conspiracy data, your left thumb gets your Commie stuff,
and your middle finger gets the picture of J.Edgar Hoover in his black negligee
or whatever else you want the cops to see.

Otherwise, figure out which body parts you don't mind them cutting off...





More information about the cypherpunks-legacy mailing list