VNKKET comments on [LINK] Using procedural memory to thwart "rubber-hose cryptanalysis" - Less Wrong

3 Post author: shminux 19 July 2012 11:54PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (15)

Comments (15)

You are viewing a single comment's thread. Show more comments above.

Comment author: CronoDAS 20 July 2012 12:33:52AM 13 points [-]

Even if you can't divulge the password, you can still enter it... so if someone is actually in a position to coerce you, they're probably also in a position to make you enter the password for them. (It's damn hard to make an ATM that will give you your money when you want it, but also makes it impossible for someone to empty your account by waiting for you at the ATM and pointing a gun at you.)

Comment author: VNKKET 20 July 2012 02:08:35AM *  5 points [-]

And after skimming the paper, the only thing I could find in response to your point is:

Coercion detection. Since our aim is to prevent users from effectively transmitting the ability to authenticate to others, there remains an attack where an adversary coerces a user to authenticate while they are under adversary control. It is possible to reduce the effectiveness of this technique if the system could detect if the user is under duress. Some behaviors such as timed responses to stimuli may detectably change when the user is under duress. Alternately, we might imagine other modes of detection of duress, including video monitoring, voice stress detection, and skin conductance monitoring [8, 16, 1]. The idea here would be to detect by out-of-band techniques the effects of coercion. Together with in-band detection of altered performance, we may be able to reliably detect coerced users.

Comment author: Kaj_Sotala 20 July 2012 08:42:10AM *  12 points [-]

Of course, such changes could also be caused by being stressed in general. Even if you could calibrate your model to separate the effects of "being under duress" from "being generally stressed" in a particular subject, I would presume that there's too much variability in people that you could do this reliably for everyone.

Imagine how people would react to an ATM that gave them their money whenever they wanted it - except when they were in a big hurry and really needed the cash now.

Comment author: handoflixue 24 July 2012 11:10:08PM 0 points [-]

(Blind Optimism) They'd learn to meditate!

But then, how do we stop people from being coerced in to meditative states... :(

Comment author: ViEtArmis 20 July 2012 02:43:25PM 2 points [-]

Got the flu? Sorry, no email for you today.

Powered by Reddit Powered by Reddit