/* ---- Google Analytics Code Below */

Sunday, February 13, 2022

Plausible Deniability

 Fascinating thoughts on the subject by Bruce Schneier. with considerable comment and discussion, considering about how this would be useful in multiple contexts.  And how it might be best tested in each. Below the intro, more at the link. 

Bunnie Huang’s Plausibly Deniable Database

Bunnie Huang has created a Plausibly Deniable Database.

Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the passwords for these three encrypted files with names A, B and C, or else…”. In other words, security often focuses on protecting the confidentiality of data, but lacks deniability.

A scheme with deniability would make even the existence of secret files difficult to prove. This makes it difficult for an attacker to formulate a coherent demand: “There’s no evidence of undisclosed data. Should we even bother to make threats?” A lack of evidence makes it more difficult to make specific and enforceable demands.   ... ' 

No comments: