Your Device in Unauthorized Hands
Coercion / Plausible Deniability
Private Identities
Security Intervals
Resume Screen
Digital Signatures
Remaining Concerns

Overview   top
CerebraLock was written with security and privacy in mind. Much like wearing seat belts, insurance and other precautions you take, this means mostly inconvenience - until you need the protection. Some features are more useful than others, but each one contributes to the overall goal.

Let me know if there are any features which you feel are just too damn much of an inconvenience.

The CerebraLock method addresses many of the vulnerabilities of conventional passwords schemes. See CerebraLock. Additional precautions are described below.

The most secure way to protect data is encryption. Unless the encryption algorithms themselves are compromised (and this, unfortunately, has become a concern), there is just no easy way for present technology to recover plaintext from ciphertext without encryption keys.

This shifts the problem to protecting the encryption keys. CerebraLock keeps the keys (encrypted themselves) in lock documents. The locks are kept separate from the data documents. Documents you exchange with others in the form of vaults are secure in transit - intercepted documents are useless without the keys, and the keys are kept on your device.

Observers   top
Observation is not helpful since you don't give away item categories while going through an access procedure. In addition, every access requires a different 'password'. If an access procedure fails twice, it resets to longer access sequences until an access procedure is successfully completed.

When you switch to other apps, the screen is blacked out. This also takes care of the snapshot the OS takes of the screen when you exit the app. Note: some system screens cannot be blacked out! For example, when you view a document and call up the sharing options, the screen cannot be blackened.

Your Device in Unauthorized Hands   top
CerebraLock tries as hard as it can to not leave any traces or give any indication as to what you were doing and what data is stored in documents.

•  temporary files, folders, caches and browser cookies are deleted when logging out. (But see Remaining Concerns below.)
•  file creation and modification dates are set to 0.
•  metadata and data are encrypted, stored in separate files and can be encrypted with different keys.
•  documents are split and stored in separate parts. The parts do not refer back to their master document.
•  document parts for all identities are stored together in one folder. There is safety in numbers :-)
•  file names are meaningless character sequences.
•  plaintext encryption keys are kept in memory only and are scrambled until needed.

Coercion / Plausible Deniability   top
The coercion functionality acts as a switch at the time of password entry. It applies to log in (switch between two document lists for an identity) and to vaults (switch between two compartments to display). You can appear to comply with a request to allow access to your data.

Access to locked data requires your presence and participation. You cannot 'give up your password', even if you wanted to.

Data   top
In addition to encrypting data you can hide it in image containers so it looks like an innocuous picture. Data can be stored in vaults with two separate compartments. Text can be converted to images to impede automated scanning and processing.

Private Identities   top
You can create private identities which are hidden until you log in as the master identity. (And only if you log in normally rather than under duress.)

E-mail   top
E-mailed vaults are additionally encrypted for transmission.

Security Intervals   top
You can specify time periods after which the app will log out or switch to a resume screen. You can also specify a time period after which you have to authenticate in order to make changes to the identity or security interval settings. See Security Intervals.

Resume Screen   top
After a given time interval (or when exiting the Main Screen) the app switches to the resume screen. It hides the screen and starts a countdown to automatically log out. It displays the following controls:

Resume: return to what you were doing.
Log out: log out. Any pending changes will be discarded and the app logs out as quickly as possible.
Log out countdown: displays the time left before automatic log out. Tap on the countdown to reset the timer.

Digital Signatures   top
You can digitally sign your vaults so the recipient will know that the vault is coming from you. When viewing the vault, a verification image is presented:

Vault was normally signed.

Vault was signed under duress.

Signature could not be verified because of an error (in this case: the signer's lock is missing).

The color of the image indicates whether the verification was successful or not. On top of the image, the date and time of the signature is displayed. The next line indicates the result of the verification. The name of the signer is displayed along with their identity image as the background pattern and their signature image. The long text string is a check number. It should match the number in the metadata (info) of the vault. On the bottom, the date and time of the verification is displayed.

Miscellaneous   top
To make brute force attacks difficult, you can specify a computational delay which makes trying many passwords hugely expensive in terms of time.

If you interrupt or cancel an access sequence 3 times or fail to solve it 2 times in a row, then the lock will switch to fallback mode. This means the next access will present a longer access sequence (security level >= 1 : 100,000). The fallback mode also has a longer (10 second) computational delay associated with it. Once you open the lock successfully, it will switch again to the specified security level (which may or may not be shorter). This mechanism makes trial-and-error access even less useful.

Access sequences time out after a given time limit. If you look at your own entry screens you should need significantly less time than someone consulting a list or using other approaches to gain access.

An access sequence is an all or nothing proposition: you either solved it and it works, or it won't. There are no partial results; you cannot gradually work out a solution.

When you take a screenshot during an access sequence, the sequence is aborted. Similarly, switching to another app (or acccessing the Noticication Center or Control Center), will abort any access sequence.

Remaining Concerns   top
While CerebraLock gives its best to protect your data, there are issues that it does not or cannot address. You should be aware of the following:

Metadata - the bane of our existence. Metadata is information about data. CerebraLock keeps your documents and communication secure, but, for example, it cannot hide the fact that you communicated with someone. When you send an e-mail, the Mail app will keep a record of the sent mail and, more importantly, when and to whom you sent the mail. The same goes for the Messages app. The Maps app caches maps - this means maps of areas you looked up are on your device and can possibly (probably) be retrieved. The device may store web addresses and accessed servers.

Mind the pasteboard! CerebraLock does not erase the system-wide pasteboard so as to not interfere with other apps and with your ability to copy and paste data. Be aware that the pasteboard contents are stored on the device and that they can be read by any app. You need to manually copy something to erase sensitive contents or go to the pasteboard screen and erase it. See Pasteboard.

Your documents are encrypted until you view them. At that point they are stored in their raw form so they can be viewed or played. Even though these temporary files are erased after viewing, the nature of solid state storage may make it possible to retrieve a lot of the raw data by dumping all of the storage and sifting through it. Blocks of storage are cycled through to wear them down equally - old blocks are not necessarily reused (erased or overwritten) right away and may still contain the data they were filled with.

The iOS viewer may cache documents (especially images) to improve performance.

And, of course, your location can be tracked by the cell towers your device constantly communicates with.

All of this caching and storing is used to improve performance and the user experience in a mobile environment where your internet connection may become unavailable at any time, and where your up-to-date location may be necessary in real time and so on.

Did I mention that security is hard? CerebraLock makes you more secure, but it cannot make you completely secure.

Previous: CerebraLock  Next: Terminology and Concepts
Copyright ©2014
bitSplit™ Enterprises.
All rights reserved.

Saturday, March 8, 2014