Absolutely Secure File System
Based on this post. Suppose you have some system that needs to be protected from hypothetical intruders. Suppose also that attackers can gain physical access to data carriers, and, even more unpleasantly, physical access (with the possibility of applying physical measures) directly to you. The following conditions must be provided:
I think I know how this can be implemented.
First of all, I want to say that all of the above and the foregoing are only theoretical considerations that do not call for anything but to discuss the potential possibility of creating such a file system.
So, initially the disk is represented by a set of blocks of a fixed size, the blocks go in a row and can be numbered from 0 to N. Suppose we have a certain function F (i, K) that takes the block number i and a certain key K. such that for any 0 <= i <= N its result lies in the range [0..N] and for different i the result will be different. In other words, the function F translates the “logical” block number into the “physical” one, depending on the key K. Such a function can be constructed, for example, by rearranging the bits in i.
First, we generate the key K1 and create the file system on the “mixed” disk using F. We fill it with some data, which we will call “open”. Data is encrypted according to a specific algorithm (about it below). The key K1 we can safely inform the attackers. Let us assume that these data occupied a certain set of M [] blocks on the FS.
In the next step, we generate the key K2 so that the blocks included in M [] correspond to the known set i, say, i = N-Nm ... N, where Nm is the number of blocks in M []. In the future, we do not use these blocks. This is probably the most non-trivial step, but it can be facilitated if the algorithm for placing files by blocks in the FS is quite simple.
In the remaining place, in the blocks i = 0 ... N-Nm-1, we place the closed data, the access of attackers to which should be excluded. Data is encrypted.
About the encryption algorithm. To ensure the impossibility of modifying data on the FS without destroying it, it is necessary to use asymmetric public key encryption. In this case, the "public key" is used for reading (data decryption), and the "private" - for writing (encryption). The public key used to decrypt the "public data" can be reported to the attackers, but they should not be given the private key (this will be difficult, yes, but quite possible). Attackers will be able to read data from the open part of the FS, but will not be able to modify it.
The encryption algorithm of the closed part of the FS should be such that the entropy of the encrypted data is as large as possible. Those. so that the encrypted data block is indistinguishable from just a block clogged with random numbers. If at the same time the file system blocks the freed blocks with “garbage” when deleting the file, then the blocks with hidden data will not differ from simply free blocks when using the K1 key.
Thus, in the event of a hijacking of the disk by you, you can safely tell them K1 and the public key to read data from the "open" section. The presence of some other data on the disk you can safely deny, to prove their presence without knowing K2 and the second set of encryption keys will be impossible. Also, as it will be impossible to modify the data in the "open" section, since you will, of course, refuse to inform these very attackers of the "private" key for writing.
I don’t think that I am the first to come up with a similar idea, so if any of the readers point to an existing implementation of this, I will be very grateful.
- Attackers must have read access to some data on the disk, but not to all data.
- Attackers should not know about the existence of data that they do not have access to. The file system should look solid and free of hidden data.
- Attackers should not be able to modify data on the disk. Any attempt to modify the data should lead to irreversible and easily provable damage to the file system.
I think I know how this can be implemented.
First of all, I want to say that all of the above and the foregoing are only theoretical considerations that do not call for anything but to discuss the potential possibility of creating such a file system.
So, initially the disk is represented by a set of blocks of a fixed size, the blocks go in a row and can be numbered from 0 to N. Suppose we have a certain function F (i, K) that takes the block number i and a certain key K. such that for any 0 <= i <= N its result lies in the range [0..N] and for different i the result will be different. In other words, the function F translates the “logical” block number into the “physical” one, depending on the key K. Such a function can be constructed, for example, by rearranging the bits in i.
First, we generate the key K1 and create the file system on the “mixed” disk using F. We fill it with some data, which we will call “open”. Data is encrypted according to a specific algorithm (about it below). The key K1 we can safely inform the attackers. Let us assume that these data occupied a certain set of M [] blocks on the FS.
In the next step, we generate the key K2 so that the blocks included in M [] correspond to the known set i, say, i = N-Nm ... N, where Nm is the number of blocks in M []. In the future, we do not use these blocks. This is probably the most non-trivial step, but it can be facilitated if the algorithm for placing files by blocks in the FS is quite simple.
In the remaining place, in the blocks i = 0 ... N-Nm-1, we place the closed data, the access of attackers to which should be excluded. Data is encrypted.
About the encryption algorithm. To ensure the impossibility of modifying data on the FS without destroying it, it is necessary to use asymmetric public key encryption. In this case, the "public key" is used for reading (data decryption), and the "private" - for writing (encryption). The public key used to decrypt the "public data" can be reported to the attackers, but they should not be given the private key (this will be difficult, yes, but quite possible). Attackers will be able to read data from the open part of the FS, but will not be able to modify it.
The encryption algorithm of the closed part of the FS should be such that the entropy of the encrypted data is as large as possible. Those. so that the encrypted data block is indistinguishable from just a block clogged with random numbers. If at the same time the file system blocks the freed blocks with “garbage” when deleting the file, then the blocks with hidden data will not differ from simply free blocks when using the K1 key.
Thus, in the event of a hijacking of the disk by you, you can safely tell them K1 and the public key to read data from the "open" section. The presence of some other data on the disk you can safely deny, to prove their presence without knowing K2 and the second set of encryption keys will be impossible. Also, as it will be impossible to modify the data in the "open" section, since you will, of course, refuse to inform these very attackers of the "private" key for writing.
I don’t think that I am the first to come up with a similar idea, so if any of the readers point to an existing implementation of this, I will be very grateful.