The SECRET Device
Journalists, rebels, and innocent civilians throughout the world live under the oppressive rule of dictators and tyrants who desire to silence truth and punish those who refuse to conform. Our device, the SECRET, is a zero-knowledge platform for hiding a single message across multiple flash drives in a manner that requires all devices to be brought back together to reconstruct and decrypt the message. By combining stenography with encryption powered by our powerful, non-deterministic random number generator, the message can be safely hidden in a manner that provides plausible deniability for the carriers of the drives.
What it does
Two flash drives are plugged into the SECRET, one of which is loaded with a secret message. The SECRET then uses a random number generator powered by atmospheric noise to generate a symmetric encryption key and initialization vector to encrypt the message. This ciphertext is then embedded into an innocent image using cutting-edge stenography technology, with the symmetric key required for decryption embedded in a separate image. One of these images overwrites the original secret message on the first flash drive, while the second image is written to the second. The drives can then be given to two separate couriers to carry through government checkpoints, secure in the knowledge that if the drives are checked nothing suspicious will be found. Once the couriers have separately made it to their destination, the drives can be plugged into another SECRET device, which will immediately extract the encrypted message and decryption key from the images, combining them to recreate the original secret message. No part of this process requires the presence of suspicious files on a device that may be checked or traffic across the internet that may cause authorities to become concerned.
How we built it
The SECRET consists primarily of a Raspberry Pi and Arduino Uno. The Raspberry Pi contains our python scripts that encrypt and embed the secrets into images, while the Arduino provides a hardware interface for the user of the SECRET to interact with. The SECRET is capable of completely headless operation, requiring no monitor or keyboard, only the three onboard buttons and single status LED. The Arduino also interfaces with the microphone we use for atmospheric noise collection in the process of random number generation. Half of our team focused on assembling the hardware and developing the interface to connect the low-level code to the physical devices, while the other half focused on implementing the encryption and steganography systems.
Challenges we ran into
75% of our team had never used python before this project, and 100% had never used an Arduino. As this project is heavily based on python programs and Arduino hardware, this lead to lots of learning opportunities as we moved through the project. We struggled with some hardware development, primarily with voltage spikes causing buttons to falsely trigger events when they hadn't been pushed. Mounting the flash drives to the Pi so that they could be written to also caused problems due to unusual issues with Linux processes and permissions. Finally, we had some issues with finding a secure way to implement cryptographic functions into our code. However, despite these challenges each taking many hours of collaboration to surmount, we created a feature-complete proof-of-concept device.
Accomplishments that we're proud of
We're primarily proud of creating a working device that accomplishes our primary goal of providing a secure way for journalists to safely and securely smuggle information through physical checkpoints, though we're also proud of how much we all learned in the process of overcoming the challenges presented by this project.
What we learned
We learned a lot about hardware, python programming, crypto, and debugging hard-to-trace issues that stem from simultaneous hardware and software problems.
What's next for SECRET
We want to find a way to encrypt and embed larger files, and we're interested in splitting the information across even more devices for heightened operation security and individual plausible deniability.