Nakula: Coercion Resistant Data Storage against Time−Limited Adversary

Abstract

Both private citizens and professionals, e.g., journalists, whistle blowers, etc., can find themselves in a situation where they need to physically carry confidential data on a phone or mobile device, through a situation where they might have their device seized and be subject to interrogation. In that case the user is forced to find a balance between protecting the data, and protecting themselves. Many existing proposals to address this issue involves the user lying to the interrogator to convince them that there is no data present, or that they forgot the password. Although data hiding or alternative passwords can be useful solutions, we want to avoid this scenario and instead focus on a scheme where the user can show that they cannot possibly access the data.

In this paper we propose Nakula, a mechanism that enables a user to lock down data with a single click (or voice command, gesture, etc.), thus enabling secure data transport. The information remains confidential against a very strong adversary who has full control over both the network and the device; and has the ability to force the user to cooperate through coercion. Nakula is designed so that the user does not have to lie or provide any misleading information at all. To achieve this, the user temporarily loses the ability to access the data and will need a trusted third party to recover it. We present a detailed design and security analysis of Nakula, and a proof-of-concept implementation that demonstrates the feasibility of using standard mobile phones to carry data. Finally we discuss several context-specific authentication methods that can be used with the scheme to enable data recovery in a variety of situations.