8

In the TV series The Office, Dwight says he uses a diary to keep secrets from his computer. I'm wondering if the opposite is possible: can my computer create a file that it can read but I can't?

I would guess the starting point would be encryption, rather than permission. But if a file is encrypted, in order to decrypt it again, you need the key stored somewhere, right? If it's stored in plaintext, obviously the user can access it.

So my question (a weird one, I know) is: how might you do this if you wanted to write software that can access data and prevent the user from doing so?

JeffThompson
  • 183
  • 5
  • 2
    Consider that someone who has local administrative permissions (whatever that's called on the particular operating system in question) can just install a debugger and use it to inspect any memory content, as well as any code that is in memory or can be loaded into memory. Sure, the data can be encrypted on disk, and can be made sufficiently difficult to decrypt by an adversary (including the user), but at some point the data needs to be decrypted in order to be particularly useful and at *that* point, it is vulnerable to any number of possible attacks. All you need is time and motivation. – user Jun 28 '16 at 21:41
  • 2
    [Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore](https://technet.microsoft.com/library/cc722487.aspx#EIAA) (in this case the user is the "bad guy") – Jasmijn Jun 29 '16 at 09:39
  • Totally right. I guess I wasn't thinking of this in the strictest security sense, more of a practical way to keep data from an average user. A hidden file is too easy, a purpose-built ROM chip too much effort. But the discussion is really fascinating. – JeffThompson Jun 29 '16 at 14:32

4 Answers4

12

There is two ways this can be "more-or-less" achieved (as the other answers pointed out, there is no 100% safe way, as there is no 100% security in general):

  • Software obfuscation: it relies on the fact that the execution flow of a program is voluntary and artificially made so cumbersome that it becomes very complex to grasp its logic and understand what is concretely done among (hundreds of) thousands of no-op and misleading operations.

    You can find such systems used by DRM enforcement software: the program itself will be able to read the DRM-protected files, but you will not, neither will do any non-DRM compliant software. This is done with the intent to allow you to open a file in a restricted manner (for instance only during a limited period) with no ability to copy it or do any unauthorized actions (printing it for instance).

  • Specialized hardware storage: some chips allow to store some information with no possibility to read it back, the chip itself will have internally a full access to this information and will therefore be able to provide some services around this information.

    This is typically used to store private keys in HSM-like devices: a cryptographic key is stored in a chip, and programs running on the computer can ask the chip for instance to use the key to encrypt some data, but there is no way to read the key itself from the chip. This is used to ensure that even if some malicious person would be able to access the whole computer's content, he will not have access to the protected keys.

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107
  • 5
    """program itself will be able to read the DRM-protected files, but you will not""" DRM is a game of cat and mouse ... it should be assumed that DRM protected files can be read given enough time. +1 for HSM-like devices ... data is still there but it would take a lot of skill to get at it (worst case ... a laser and an electron microscope). – CaffeineAddiction Jun 28 '16 at 21:07
  • Attempts at DRM are laughable at worst, and pathetic and temporary at best, so I would almost put that second. – cat Jun 29 '16 at 01:13
  • @cat Note that all the technology is there for Intel, Microsoft and some media companies to create unbreakable-from-software DRM. – user253751 Jun 29 '16 at 01:54
  • @immibis well then we break their knees-- er, I mean, their business models :) – cat Jun 29 '16 at 02:13
  • @cat some games use a new DRM system, denuvo or smth, not cracked to date. (denuvo is not new and was cracked, but new versions are safe) – ave Jun 29 '16 at 03:37
  • 2
    Not sure if this fit's into the "Specialized hardware storage" category, but some software licensing applications store the keys in the hard drive as a file system record (not exactly a file). These records are only available to programs that are able the raw file system and not things like WIndows Explorer. – SameOldNick Jun 29 '16 at 07:13
  • @ub3rst4r: This seems similar to the old anti-copy protection of some games CDs (I think the same also existed for floppies!), where some data was stored outside of standard data areas and therefore not copied by usual CD-burning software. The protection here remains software, because it relies only on some software limitations: the hard-disk itself does not prevent accessing those area, it is only that it requires specific software to get access to it. A more hardware protection would be like Xbox hard-disks which require a specific ATA password before any access. – WhiteWinterWolf Jun 29 '16 at 08:48
  • Many PCs have either a TPM fitted (https://en.wikipedia.org/wiki/Trusted_Platform_Module) or a motherboard header into which one can be fitted. Linux drivers are available which can use this to store private keys. – pjc50 Jun 29 '16 at 10:36
  • Obfuscation seems the best choice for my particular use. It's interesting (though maybe not surprising) that we have lots of halfway decent ways of securing data, but they're designed for humans who can store keys in their heads or offline. Much harder when it's a computer trying to keep data from the user. – JeffThompson Jun 29 '16 at 14:36
8

Your question is essentially the requirement of pretty much every Digital Rights (or Restrictions) Management (DRM) scheme out there. See Are there DRM techniques to effectively prevent pirating? for more information why the answer to your question is ultimately "no". DRM can make it difficult to access information the folks who implemented the scheme don't want you to see, but if it is truly your computer and you have physical access, it cannot be made impossible.

Mike McManus
  • 1,415
  • 10
  • 17
1

There is no absolute way of doing that as the encryption key would be needed for the computer application that uses the file, so someone sufficiently knowledgeable with time to waste on it could theoretically reverse engineer the application and figure out the encryption key or get the file contents.

That said, it is not an easy task and would probably stop most people from having access to it. The key could even be defined by the application, making it harder to guess or to find.

It would be much more complex to do if you wanted to make it that the person who implements it can not have access. In such a case, the solution you're proposing is not realistic nor the right approach. I've seen similar requests over the years and there is no computerized solution to solve social or psychological issues. Even the best implementation leads to worse issues down the road (computer damage, self-harm, etc).

Julie Pelletier
  • 1,919
  • 10
  • 18
1

The ability to create software that can hide information from a user without deleting it and without external access to encryption keys is ... well ... subjective.

First, yes its possible to hide files/folders from normal users, however, this is very dependent on the technical skill of the user. If a very advanced user is looking ... they are going to find it ... there is no where to hide.

Second, in terms of encryption ... you can totally encrypt a file but without external access the encryption key would have to be stored on the local machine ... thus its just a matter of finding it.

CaffeineAddiction
  • 7,567
  • 2
  • 21
  • 41