Against what manner of attacks do you need
to defend? For how long? How well equipped is your adversary?
How well motivated?
Against curious glances at your computer
files by casual intruders, Pryvit used at its simplest level may
be quite enough protection. Fully 98 percent of the population
may fall into this low threat category -- some who are curious,
but are not competent to proceed, and a far greater number who
care very little (if at all) about the content of your files or
messages.
The persistent few are the ones that create
the real problems. Have you ever tried to defend the content of
a bird feeder against a squirrel? The squirrel is the model of
motivation, persistence, ingenuity, and downright cussedness.
One suspects when a squirrel cracks a new design of bird feeder,
it passes along the knowledge to its grandchildren [ed. note:
a paranoid view with just a touch of justification]. In practical
terms, how can Pryvit be used to gain greater protection against
a determined adversary?
Use Pryvit within a security system:
Security is a process in which successive
defenses are deployed to thwart the attacker. Use Pryvit as one
component among compression, encryption, attack detection, disbursement
of components to other media or anonymous locations, etc., etc.
Cascading:
Cascading fragmentation is a method of providing
greater privacy. When making a set of files secure, you may select
a level of security. If you select the regular private option,
the resulting privacy protected archive files are the result of
shredding your vulnerable data files once, disguising the fragments,
and gluing them together in random ways in composite files. If
you select the high security option, the process is repeated anywhere
from two to seven times. Your shredded fragments are gathered
up and shredded again, and again. One new reconstitution file
is produced for each cascade. If even one of these reconstitution
files is kept back from people trying to get at your data, they
have little hope of making sense of your privacy protected archive
files.
Note that even two cascades make it extremely
unlikely that an attacker can cause plain text to emerge through
a brute force attack. A brute force attack is one in which the
adversary programs a computer to try all the possibilities. With
two or more iterations of shredding, there are simply too many
possibilities. Even if the attacker were to achieve complete success
at cracking the first iteration, there would be no plain text
in sight. The result would give zero indication that the attack
has proceeded toward a solution.
Table games:
Simple use of Pryvit requires that you have
at least eight random tables on your computer. If you have more
tables on your computer, pattern detection gets harder.
If your organization maintains private
tables, available only to you or to members of your file sharing
group, then the attacker is denied data that is essential to breaking
into your files or messages. (Obviously, private tables should
be shared by a secure method of transmission -- not by e-mail
or the Internet.) Give those private tables numbers matching public
table numbers, and you have cast further confusion on an attacker;
you have done away with the limitation that there be no more than
65,536 tables.
You could even use one-time tables,
which could be effective for any purpose other than unplanned
communication. That's because the other person has to have the
same one-time tables, and getting them to that person poses a
security risk. For personal use, particularly if you maintain
your one-time table on another medium, this affords a very high
level of security.
A software provider might consider embedding
in the code patterns of movement within a table that are
unique to that application.
Reconstitution file games:
Disney's Donald Duck character was confronted
with the problem of finding a safe place to keep the combination
of his new safe. Flash of inspiration: Donald put the only copy
of the combination in the safe. Bad idea!
Well, how about privatizing reconstitution
files? Technically, this is known as recursion. Recursion with
Pryvit is NOT such a bad idea. Why? Because the resulting reconstitution
file is much smaller that the earlier stage file or files. The
smaller something is, the easier it is to hide, to apply traditional
encryption techniques, etc.
