Hi, I'd like to propose adding a new, advanced deniable storage system, Artifice, into Tails. Artifice is still being actively developed and is not yet widely available, but it is complete enough to begin the process of integrating it into Tails. More information about Artifice can be found here: https://www.ssrc.ucsc.edu/proj/Artifice.html. Artifice is being written by Austen Barker (cc'd) and his team at UC Santa Cruz. The NSF has sponsored their work.
I understand that VeraCrypt is already available, but there are a few reasons why I think including Artifice may be an overall benefit for Tails users: 1) Users will be able to create deniable storage volumes from within Tails. 2) Artifice can be used to create a deniable storage volume inside of a Persistent Storage volume. 3) Artifice can recover from partial overwrites to the deniable region. (I believe this feature does not exist for VeraCrypt's hidden volumes, but I may be wrong.) Inclusion into Tails also benefits Artifice itself: 1) Artifice must be bundled with an operating system or a large software package by default to maintain deniability. If it's not installed by default, the mere existence of the software can compromise deniability. 2) Tails may be able to provide additional resistance to multi-snapshot attacks.** One idea: constantly, but in a way that is transparent to the user and without significantly reducing performance or flash cell lifetime, fragment data stored in the outer filesystem (i.e. the non-deniable filesystem in which the deniable filesystem lives). This would be used whether or not Artifice is being used. My plan is to have Artifice, an accompanying GTK GUI, and any potential wrapper libraries be made available in Debian official repositories and then subsequently included in Tails. However, there will likely need to be changes made to the Tails Greeter to support Artifice within Persistent Storage, and those changes will not be upstreamable. I hope this project sounds as exciting to you all as it does to me. I'd love to hear your thoughts and ideas. Thanks, James Houghton ** A basic multi-snapshot attack may look like this: an adversary takes snapshots of the state of a device, including all data and metadata stored on the device. If, for example, there are inexplicable changes to regions of the disk that are not and were not being used by the installed filesystem, it can be inferred that a deniable storage system is being used.
_______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
