Stego file system (Was: Inaccurate study)

[Ross Anderson]

Peter Sommer:

> Interestingly enough, the "old" DTI TTP proposals specifically 
> excluded many of the devices / technologies that are used for 
> file and disk encryption.    The alternative legal route here is 
> to allow / extend the ability of the court to issue orders for
> decryption keys to be released (under certain conditions) or to
> allow adverse comment to be made if someone refuses to do so.

The week after next, I will be giving a paper at Portland about the
Steganographic File System. This has the property that it will give
you the contents of any file (or directory) whose name and password
you know, but without a correct combination of name and password 
you can't obtain any evidence at all that the file is even there.

If implemented for Windows, this would be the most unpleasant thing
imaginable from the point of view of a police forensic lab. Crooks
could hide their drug deals, kiddieporn and so on on their laptops
together with some `innocuous' secrets such as lists of sales
prospects for their cover business. Given a decryption warrant, 
they hand over the password for the directories containing these
cover secrets.

Of course, the stego file system will be completely unaffected by
the DTI's proposed legislation - whether the previous government's
version or the new, spun, version.

The paper's at http://www.cl.cam.ac.uk/users/rja14/#Tempest

Ross

PS: No, before you ask, I don't intend to write a version for Windows!