You may have heard about the saying “what you do not know cannot hurt you”, i.e. if something happens without your knowledge and approval you cannot really be held responsible for it. When you apply this idea to security, you get plausible deniability: if you can believably deny knowledge, you are safe.

Quite some time ago, I wrote about plausible deniability concerning cryptography (30 July 2012). Due to the mathematical properties of encryption, the fact that a certain random sequence of bytes is encrypted data can be easily denied. However, you can imagine that, if you lived in a repressive country, you may not be believed. This is where the plausibility in plausible deniability comes in.

Do You Have Something to Hide?
If this was an article about privacy, I would explain why everyone has something they want to hide and why identity protection requires that certain information does not become public knowledge. However, as we are taking the viewpoint of repressive governments, we can permit ourselves to believe this logical fallacy: if you try to hide something, you probably have something to fear.

When you are being marked as a suspect as soon as you encrypt data, you are compromising your personal safety when withholding the key. Simply put, the mathematical properties of cryptography make encrypted data plausibly deniable in theory. However, when you are caught carrying a laptop with random data on it by persons who do not care about a legally required reasonable suspicion, you still have a problem.

Let’s Appear Transparent
In order to keep ourselves from harm, we want to hide sensitive details in a way that does not raise suspicion. An example of such a technique is the obfsproxy add-on for Tor. As I previously explained, Tor is a tool for anonymous browsing, that encrypts all traffic from your machine (20 July 2012). This tool is easily recognisable, due to the constant stream of encrypted data it generates when used. For this reason, the obfsproxy extension was developed. This tool allows obfuscation of the data streams generated by Tor, such that the traffic becomes unrecognisable.

Weinberg et al. (2012) built one of the obfuscation services for obfsproxy called StegoTorus. Their contribution transforms the Tor traffic in a way that it looks like HTTP traffic, i.e. it looks like you are visiting normal websites without any encryption. This is done by chopping the stream generated by Tor in smaller parts, which is common when visiting normal websites, and sending these out with connection intervals and lengths comparable to HTTP traffic. This provides a stronger form of plausible deniability: your surfing habits look completely normal.

Her Majesty the Queen Surely Denies Knowledge of James Bond
The term plausible deniability originates from the world of espionage and intelligence. More specifically, when it was uncovered that there were plans to assassinate foreign leaders during the Kennedy administration, they found the president was not to be informed. The goal of this order was giving the president the ability to plausibly deny knowledge of these assassination plans.

Notions of plausible deniability can be found throughout the intelligence world, whether it is fiction or not. For example, often the hero of an espionage book is on a secret mission nobody knows about, having to do all the hard work by himself. The idea that the special agent is an outsider is what makes the deniability plausible: it is not really known what he is up to, as he appears rather headstrong.

Security by Plausible Negation: Believe Me, I Have No Idea
By making it possible to deny any knowledge of something in a believable manner, a very strong security property is created. This way, not only secrets are kept hidden, but you are also safeguarded against coercion. Therefore, plausible deniability is a wonderful security property that can be used for numerous interesting ends.

Tagged with:
 

Leave a Reply

Your email address will not be published. Required fields are marked *