Выбрать главу

Thomas Martin,

Laurence O'Toole

Practical Secret Protection

Abstract

In [1], the author discusses the pros and cons of a practical automatic key recovery system. We propose a similar solution to the problem of key protection.

1

Introduction

The phrase "Rubber-Hose Cryptography" is used to refer to the direct application of pressure on any individual withholding information so that they might feel the "joy at being given the opportunity to confess their secrets". Strictly speaking, this is an inaccurate term because this method only involves breaking a cipher or recovering a key. The term "Rubber-Hose Cryptanalysis" is more applicable. The purpose of this article is to explore the more literal meaning of "Rubber-Hose Cryptography".

2

Active Secret Protection

Let us consider the standard scenario and our basic method of secure communication: Alice wants to send a secret message to Bob while a third party, Eve, wishes to eavesdrop this message. To implement "Rubber-Hose Cryptography" Alice simply kills Eve and sends the message in clear. Note that this renders the method mentioned by Beynon [1] useless. Even assuming the process is completely automated, and the information is extracted from Alice or Bob, this information will never get back to Eve (assuming some rather definitive properties on the nature of the afterlife). Also, there is no need for a cryptographic key of any kind, or indeed any encryption algorithm at all, which significantly reduces the number of operations required (to 1) and consequently the implementation time. We call our system "Practical Secret Protection", or PSP for short.

This is a rather simplified view of things, as there will most likely be more than one person who will try to find out the secret. The level of protection provided by PSP can be increased to the level necessary for specific cases. It may be necessary for Alice to delete[1] all of Eve's associates, employers and likely replacements. It should be noted that the number of operations this system has to perform only grows linearly with the number of eavesdroppers (i.e. the two values are equal). Unfortunately, a major problem with this scheme is that Alice can only operate on known eavesdroppers. There is a way around this though, to be demonstrated in following Section.

3

Passive Secret Protection

The above method depends on Alice's ability to identify (and remove[2]) all threats to security. This is obviously a non-trivial task but there is a subtle way of doing this that requires no direct action by either Alice or Bob. As a precursor to sending the actual secret, Alice sends Bob a message intended to be intercepted by Eve. On attempting to obtain, or upon discovering the contents of the message, Eve will then remove him/herself from the scenario as a result of intense emotional or physical trauma. There is the option of either having good physical security around the transport medium (e.g. electric fences, providing the physical trauma), or careful selection of the message itself (providing the emotional trauma). The latter may have to be a message specific to the eavesdropper (e.g. "I know what you did last summer"), but a well-chosen generic message can achieve the same result. A good generic message may be something along the lines of "I won't bother sending you that Ultra-secret message next week, because the world is going to end Thursday afternoon". This will have sufficient credibility if it includes a signed message by a expert in the appropriate field (black-hole formation within the solar system use Stephen Hawking's secret key, Global Nuclear Warfare use George W. Bush's). To obtain the necessary secret keys we refer the reader to the previous article, [1].