What’s your rubberhose cryptanalysis (torture) defense plan?

There's a special type of security nerd who spends their time fantasizing about extreme security models.

How would I defend myself against the CIA?

What would I do if I was an activist with top secret information that I needed to get to the public?

How would I keep information safe from... torture?

Most of our security models break down by this point. Unless you have an absurdly high pain tolerance or special forces training, most of us would probably spill the beans as soon as we saw our captors bring out the gardening shears.

But for some unfortunate people, protecting information from torture is a serious issue. There's even a name for this means of extracting information: rubberhose cryptanalysis. It's derived from a brutal means of deriving secret information, whipping a captive with a rubber hose.

So how can you defend against rubberhose cryptanalysis?

Deniable encryption

One possibility is through deniable encryption, which was pioneered by Wikileaks’ Julian Assange, among others. The principle behind it is fairly simple. You have a device with a bunch of ciphertext on it, but two separate passwords. When you type in one of the passwords, it decrypts your super secret information. When you type in the other, decoy information is decrypted instead.

With this setup, if you find yourself facing rubberhose cryptanalysis, all you have to do is type in the decoy password. Instead of having to reveal your super secret information, you just show your interrogator the embarrassing vampire fanfic that you wrote in the eighth grade. This gives you plausible deniability. When you use tools like Veracrypt’s plausible deniability feature, there’s no way for your captors to prove you even have super secret information, but it’s far from a foolproof scheme.

Shamir’s secret sharing

Another option is Shamir's secret sharing, which essentially involves you splitting the decryption key between multiple people. This means that the only way you can access the secret data is when all of the keyholders come together. This can help to protect the information, but it may also backfire on you.

Let's roleplay the scenario:

You're trapped in an abandoned building and a Die Hard villain stands before you, pliers gripped tightly as he prepares to rip out your fingernails.
"Tell us the encryption key!" he shouts.
You hand the Die Hard villain a crumpled piece of paper with 4ca4318e51c2014f60082c978a38375c9c095841dc449032325b4ebaa6f3ecc0 written on it. He takes it away and bashes it into a computer. He tries it again and again, before smashing the laptop shut.
"Why won't it work?" he yells.
"Well..." You smile smugly to yourself as you marvel at your own cybersecurity mastery, "...that's really only a portion of the key. You see, I used Shamir's secret sharing and split the key between myself and three of my co-conspirators."
"Oh..." says the Die Hard villain. "Well played, good sir. I guess I won't be able to access the top secret files. I guess I just have to let you go then."

If you've spent any time in the real world, you probably realize that the last line from the Die Hard villain isn't all that realistic. For one, he probably won't believe that you used Shamir's secret sharing, and will start ripping out fingernails just to be sure. Even if he does come to believe that you did in fact use Shamir's secret sharing, he will probably be enraged rather than impressed, and might bring out the car battery and the jumper cables to alleviate his anger.

Finally, let's say that the Die Hard villain is a fairly well-resourced individual. He might leave you in the dark abandoned building for a few days while he goes to take care of business:

Suddenly, you're jolted awake as the lights turn back on. You see the Die Hard villain forcing three handcuffed people forward with the barrel of a gun. You recognize them immediately—your co-conspirators. It only takes a few more fingernails, and all three of them give in and hand over their portions of the key.

Congratulations. Instead of taking one for the team and suffering the torture by yourself, your cybersecurity mastery has also resulted in you getting your friends tortured too. What's more, it didn't even stop the Die Hard villain from getting access to the super secret information.

The point of this story isn't just to indulge ourselves. It's to highlight just how difficult it is to defend against a well-resourced adversary who is willing to resort to rubberhose cryptanalysis. Something like Shamir's secret sharing can work, especially if the adversary cannot gather up all of the other keyholders. But it can also just result in a lot more suffering.

If you are at the point where you are seriously considering a threat model that involves rubberhose cryptanalysis, you should really be asking yourself whether what you are doing is seriously worth it.

There are certainly situations where it is worthwhile, and many of our world's greatest heroes have had to face such threats from oppressive regimes. It’s just not something that you should pursue lightly. Cybersecurity alone can't do much to keep you unscathed if you end up in a situation like this. To be honest, the outlook for resisting rubberhose cryptanalysis is fairly grim.

The good news is that for most security professionals, this isn't really a part of the career path, and you will not have to face a Die Hard villain in your journey to become CISSP/CCSP certified.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.