B.S. Computer Science (2017, UCSC)
M.S. Computer Science (2018, UCSC)
Steganographic and deniable storage systems (Artifice) and covert timing channels (Vinz Clortho).
Kernel development, security, cryptography, operating systems, and breaking things.
Email: atbarker at ucsc.edu
Office: Engineering 2 383
I am a third year Computer Science Ph.D student under Darrell Long and work in the Storage Systems Research Center at UC Santa Cruz. My research is primarily in the development of a deniable steganographic storage system (Artifice) but also branches into secure file systems and network based covert timing channels (Vinz Clortho).
Outside of research I also enjoy vintage computing, fishing, backpacking, and getting caught up in niche hobbies and DIY projects.
The challenge of deniability for sensitive data can be a life or death issue depending on location. Plausible deniability directly impacts groups such as democracy advocates relaying information in repressive regimes, journalists covering human rights stories in a war zone, and NGO workers hiding food shipment schedules from violent militias. All of whom would benefit from a plausibly deniable storage system. Previous deniable storage solutions only offer pieces of an implementable solution.
Artifice operates through the use of a virtual block device driver stored separately from the hidden data. It uses external entropy sources and erasure codes to deniably and reliably store data within the unallocated space of an existing file system. A set of data blocks to be hidden are combined with entropy blocks through error correcting codes to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudorandom blocks on the disk. A subset of these blocks may then be used to reconstruct the data. Artifice presents a truly deniable storage solution through its use of external entropy and error correcting codes, while providing better reliability than other deniable storage systems.
Artifice is implemented as a Linux Device Mapper target and is distributed as a loadable Linux kernel module. It is intended to be installed on a bootable Live disk and be used alongside a distribution such as Tails. It will support NTFS, EXT4, and FAT32 as public file systems. Artifice source code will be released under GPL upon completion.
Covert timing channels present a means of securely transferring sensitive data, such as encryption keys, between nodes in a distributed system without detection from an adversary. Typically timing channels are used by an adversary to exfiltrate data, and the majority of security research on this topic has pursued their detection and disruptive capabilities. We show that, when used in a distributed system with especially high volume of network traffic, covert timing channels can be an effective means to reestablish security when a system's network infrastructure has been compromised.
Vinz Clortho is a system independent, TCP Handshake based, Linux Netfilter kernel module designed to measure inter-node latency, covertly transmit a message through manipulating packet latency, and then rebuild that message using Reed-Solomon encoding. Vinz Clortho can communicate a secret message reliably, albeit slowly, while still maintaining the ability to remain undetected.
Experimental implementation and observations pertaining to a Add-Remove Partial Order graph Conflict Free Replicated Data Type as described by Shapiro et al. in the paper A Comprehensive Study of Convergent and Commutative Replicated Data Types. This work was for Professor Lindsey Kuper's CMPS 290s seminar.
"Artifice: A Deniable Steganographic File System." Austen Barker, Staunton Sample, Yash Gupta, Anastasia McTaggart, Ethan L. Miller, and Darrel D. E. Long. Proceedings of the 9th USENIX Workshop on Free and Open Communications on the Internet (FOCI '19), August 2019.