[submission] Basis (pl Bases)

[imuli]

Obviously this is a work in progress, and I am particularly not sure about the name Basis because the plural invites confusion with Base. This also may be more privacy-oriented than decentralization oriented, so maybe it's out of scope?

The Design Problem

You need to protect information from a physical search where the user may be under pressure to unlock / give up passwords - e.g. at a border checkpoint or in an abusive relationship.

The Design Solution

Provide multiple independent encrypted storage areas that, without the encryption key, appear to be free space or cached data that the user reasonably wouldn't have the means to decrypt. The user can then selectively reveal passwords that expose less sensitive information, without the intruder being able to tell whether there are more passwords.

Examples

• Bases in the Xous Operating System's Plausibly Deniable Database.
• TrueCrypt's Deniable File System.

Why Choose ... ?

Best Practice: How to Implement ...

Potential Problems with ...

• The software must be useful independently of its privacy features to avoid suspicion under some threat models. And ideally the more common and widespread the better, even if most people don't use multiple bases.
• Under extreme scenarios, the intruder does not know when to stop applying pressure.
• The surrounding environment may contain references that imply the existence of a particular basis, even if implementation is perfect.

The Take Away

References & Where to Learn More

• https://betrusted.io/xous-book/ch09-00-pddb-overview.html
• https://www.schneier.com/academic/archives/2008/01/defeating_encrypted.html

[imuli]

Thinking this over, "layers" may be a better name. Especially with the behavior that bunnie describes here (see contacts app thought-experiment) in the plausible-deniability database, where key-values in unlocked layers replace key-values in locked layers.

[bumbleblue]

Thanks for this submission, super on point!

I was wondering if bases are similar or related to pods? E.g. https://solidproject.org/ ? I've been meaning to write them up for a while now. Are there any good implementations out there?

[imuli]

I don't think so. By my understanding pods are hosted data stores with a standardized method of access and access control lists controlled by the user. I think a basis or layer is orthogonal to whether something is hosted and (maybe) has specific requirements for access control that pods don't have.

So, people can have multiple storage areas holding the same type of data, which the user can activate individually, we call each of these a basis or layer if:

1. when these storage areas are inactive, they cannot be detected, or shown not to be present, by inspection of the user's device.
2. when these storage areas are active, the application(s?) query the "top" layer first (falling back to other layers in order) and likewise write to it.

The deniability of 1 is central to the idea of a basis in the Plausibly Deniable DataBase, but I could see "layer" working with just 2. PDDB is also a good example implementation.

Overlay file systems would be an example of pure layers (just 2).