2024-12-21 Memcrypt: A Proof-of-Concept to Mitigate Coercion-Based Attacks

Overview

Memcrypt is a proof-of-concept tool designed to mitigate the risk of coercion-based (rubber hose) attacks.

Memcrypt took inspiration from this paper USENIX Security 2012 Paper.

Key Features and Concept

Memcrypt’s underlying authentication mechanism revolves around the user typing a series of random sentences while the system tracks certain characteristics:

• Time between keystrokes

• Frequency of backspaces

• Misspellings

• Other time intervals

Pros and Cons

Pros: - If implemented correctly, the authentication is difficult to replicate.

Cons: - Storing user statistics securely is still in question. If these timings are stored in an encrypted file, attackers could potentially coerce the victim for the encryption key, which leads to the same issue of replication. - Hashing wont work either as the characteristics need to be compared as plaintext.

How It Works

### Typing and Fingerprinting

The process begins by running the `memcrypt.py` script. When executed, the user is asked to type a series of random sentences, and their typing statistics are recorded.

j@certcli ~/memcrypt  python3 memcrypt.py

The user types a predefined sentence, and after finishing, they press ESC to signal the end of typing.

> to how much envy and fraud and hypocrisy the state a tyrannous king is subject unto, and those who are commonly called "nobly" born are somehow void or incapable of natural affection <ESC>

This generates a file called `key_data.txt`, which contains the raw, unformatted timing data of the user’s typing patterns.

### Authentication Process

To authenticate, the user must run `authenticate.py`, which prompts the user to type the same series of sentences again.

Note

For consistency purposes, I am considering allowing users to “set” a sentence which will be their authentication key. This gives 2 benefits: 1. As time goes on, the user will become more consistent, making authentication faster. 2. Still uses the same idea as having a password, but in this case, knowing the key is completely useless.

Here’s what it would look like:

j@certcli ~/memcrypt  python3 decrypt.py

This will write the statistics within a file called `auth.txt`. (Both of these files should have the exact same formatting of data).

Validation

Once the user has typed and saved their key data, you can check the authenticity by running `validation.py`.

j@certcli ~/memcrypt  python3 validation.py

You’ll see something like this:

Matched timings (within 150ms):

Key: t
- Timing1: 18.0ms, Timing2: 17.0ms

Key: 31h
- Timing1: 3.0ms, Timing2: 3.0ms

Key: m
- Timing1: 6.0ms, Timing2: 6.0ms

Key: c
- Timing1: 11.0ms, Timing2: 11.0ms

Key: n
- Timing1: 2.0ms, Timing2: 2.0ms

Key: y
- Timing1: 15.0ms, Timing2: 15.0ms

Key: d
- Timing1: 4.0ms, Timing2: 4.0ms

Key: r
- Timing1: 2.0ms, Timing2: 2.0ms

Key: i
- Timing1: 7.0ms, Timing2: 7.0ms