Dubious Thoughts On Crypto Usability

Updated 10 June 2015 to fill in gaps and clarify the ‘design’.

Crazy assertion: We should prefer security systems that people (‘users’, developers, and testers) can readily create accurate mental models for, even if they are strictly less powerful than what the state of the art allows.

Please be aware that what follows was written after a long, stressful workday, and under the influence of a considerable amount of bourbon. It is a Gedankenexperiment more so than a serious proposal for a design we should use. Send your flames to chris@ this domain.

Via Securi-Tay, we have this description of how iOS storage encryption works (local copy) attributed to iOS forensics expert Jonathan Zdziarski.

Count the caveats in Zdziarksi’s description. It is very hard to know if the encryption is working; it is very hard to form a mental model of when it is effective and when it is not. And it is hard for people outside Apple (and possibly even inside Apple) to test.

I hypothesize that a radically simpler model would be easier to implement, verify, and test; easier for users to understand and build an accurate-enough mental model for; but somewhat less convenient to use. I further hypothesize that the inconvenience can be limited to relatively rare scenarios (system power-on) whose frequency the user can control. To explore these hypotheses, I’ll sketch a straw-man storage encryption system. It is purposefully informal and incomplete; its purpose is to illustrate a thought experiment more so than to prove a point or be a system you would necessarily want to use in real life.

The hypothetical system has the following components:

When the machine is powered on and fully booted — the user has provided KEK2 and the system has mounted the encrypted storage volume — there is simply no defense against forensic attack at all. This design only defends against forensic attack when the machine is powered down (or when it is powered up but before the user has provided KEK2).

This design would allow several benefits. Chiefly, the fact that we can (in theory) tell users a straightforward story:

But this design would incur several drawbacks:

OK, time for bed.