Nakula: Coercion Resistant Data Storage against Time-Limited Adversary

Both private citizens and professionals including journalists and whistleblowers can find themselves in a situation where they need to physically carry confidential data on a mobile device, through a situation where they might have their device seized and be subject to interrogation. In that case the user may be required to hand over the data by providing the password to unlock the device, violating confidentiality. Many existing proposals to address this issue involve the user lying to the interrogator to convince them that there is no data present, or that they forgot the password, or provide them with a second password that reveal different information. Although data hiding or alternative passwords can be useful solutions, we want to avoid this and instead focus on a scheme where the user can show that they cannot possibly access the data. In this paper we propose Nakula, a mechanism that enables a user to lock down data with a single click (or voice command, gesture, etc.), enabling secure data transport. The information remains confidential against a very strong adversary who has full control over both the network and the device; and has the ability to force the user to cooperate through coercion. Nakula is designed so that the user does not have to lie or provide any misleading information at all. To achieve this, the user temporarily loses the ability to access the data and will need a trusted third party to recover it. We present a detailed design and security analysis of Nakula, and a proof-of-concept implementation that demonstrates the feasibility of using standard mobile phones to carry data. Finally we discuss several context-specific authentication methods that can be used with the scheme to enable data recovery in a variety of situations.