Abstract
This paper analyzes the security of VeraCrypt hidden operating systems. We present attacks on the plausible deniability attribute of hidden Operating Systems (OSs) created using VeraCrypt. We demonstrate that the encrypted outer volume can contain information that compromises the existence of a hidden OS, and the fact that it was running, even if only one copy of the encrypted drive is examined. To further investigate this, we show that cross drive analysis, previously used to analyze deniable file systems, can also be applied to prove the presence of a hidden OS volume and to estimate its size. In addition, we discuss other attack vectors that can be exploited in relation to cloud and network information leaks. This paper also examines the security requirements of a threat model in which the attacker has direct access to a running hidden OS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 674–689. ACM, New York (2014)
Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). doi:10.1007/BFb0052229
Czeskis, A., Hilaire, D.J.S., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications. In: Provos, N. (ed.) 3rd USENIX Workshop on Hot Topics in Security, HotSec 2008, San Jose, CA, USA, 29 July 2008, Proceedings. USENIX Association (2008)
Davies, A.: A security analysis of TrueCrypt: detecting hidden volumes and operating systems a security analysis of TrueCrypt. Detecting hidden volumes and operating systems (2014)
Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 107–124. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_7
Hargreaves, C., Chivers, H.: Detecting hidden encrypted volumes. In: Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 233–244. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13241-4_21
Jozwiak, I., Kedziora, M., Melinska, A.: Theoretical and practical aspects of encrypted containers detection - digital forensics approach. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Dependable Computer Systems. AISC, vol. 97, pp. 75–85. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21393-9_6
Jozwiak, I., Kedziora, M., Melinska, A.: Methods for detecting and analyzing hidden FAT32 volumes created with the use of cryptographic tools. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) New Results in Dependability and Computer Systems. AISC, vol. 224, pp. 237–244. Springer, Heidelberg (2013). doi:10.1007/978-3-319-00945-2_21
Kedziora, M., Chow, Y.-W., Susilo, W.: Improved threat models for the security of encrypted and deniable file systems. In: Kim, K., Joukov, N. (eds.) The 4th iCatse International Conference on Mobile and Wireless Technology, ICMWT 2017. LNEE, vol. 425, pp. 223–230, Kuala Lumpur, Malaysia, 26–29 June 2017. Springer (2017). doi:10.1007/978-981-10-5281-1_24
Loginova, N., Trofimenko, E., Zadereyko, O., Chanyshev, R.: Program-technical aspects of encryption protection of users’ data. In: 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pp. 443–445, February 2016
VeraCrypt. VeraCrypt Documentation. http://veracrypt.codeplex.com/documentation
Waits, C., Akinyele, J., Nolan, R., Rogers, L.: Computer forensics: results of live response inquiry vs. memory image analysis. Technical report CMU/SEI-2008-TN-017, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2008)
Acknowledgment
This work was undertaken with financial support of a Thelxinoe grant in the context of the EMA2/S2 THELXINOE: Erasmus Euro-Oceanian Smart City Network project, grant reference number: 545783-EM-1-2013-1-ES-ERA MUNDUS-EMA22.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kedziora, M., Chow, YW., Susilo, W. (2017). Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems. In: Batten, L., Kim, D., Zhang, X., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2017. Communications in Computer and Information Science, vol 719. Springer, Singapore. https://doi.org/10.1007/978-981-10-5421-1_1
Download citation
DOI: https://doi.org/10.1007/978-981-10-5421-1_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5420-4
Online ISBN: 978-981-10-5421-1
eBook Packages: Computer ScienceComputer Science (R0)