Skip to main content
SpringerLink
Log in

Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 719))

Abstract

This paper analyzes the security of VeraCrypt hidden operating systems. We present attacks on the plausible deniability attribute of hidden Operating Systems (OSs) created using VeraCrypt. We demonstrate that the encrypted outer volume can contain information that compromises the existence of a hidden OS, and the fact that it was running, even if only one copy of the encrypted drive is examined. To further investigate this, we show that cross drive analysis, previously used to analyze deniable file systems, can also be applied to prove the presence of a hidden OS volume and to estimate its size. In addition, we discuss other attack vectors that can be exploited in relation to cloud and network information leaks. This paper also examines the security requirements of a threat model in which the attacker has direct access to a running hidden OS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 674–689. ACM, New York (2014)

    Google Scholar 

  2. Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). doi:10.1007/BFb0052229

    Chapter  Google Scholar 

  3. Czeskis, A., Hilaire, D.J.S., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications. In: Provos, N. (ed.) 3rd USENIX Workshop on Hot Topics in Security, HotSec 2008, San Jose, CA, USA, 29 July 2008, Proceedings. USENIX Association (2008)

    Google Scholar 

  4. Davies, A.: A security analysis of TrueCrypt: detecting hidden volumes and operating systems a security analysis of TrueCrypt. Detecting hidden volumes and operating systems (2014)

    Google Scholar 

  5. Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 107–124. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_7

    Chapter  Google Scholar 

  6. Hargreaves, C., Chivers, H.: Detecting hidden encrypted volumes. In: Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 233–244. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13241-4_21

    Chapter  Google Scholar 

  7. Jozwiak, I., Kedziora, M., Melinska, A.: Theoretical and practical aspects of encrypted containers detection - digital forensics approach. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Dependable Computer Systems. AISC, vol. 97, pp. 75–85. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21393-9_6

    Chapter  Google Scholar 

  8. Jozwiak, I., Kedziora, M., Melinska, A.: Methods for detecting and analyzing hidden FAT32 volumes created with the use of cryptographic tools. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) New Results in Dependability and Computer Systems. AISC, vol. 224, pp. 237–244. Springer, Heidelberg (2013). doi:10.1007/978-3-319-00945-2_21

    Chapter  Google Scholar 

  9. Kedziora, M., Chow, Y.-W., Susilo, W.: Improved threat models for the security of encrypted and deniable file systems. In: Kim, K., Joukov, N. (eds.) The 4th iCatse International Conference on Mobile and Wireless Technology, ICMWT 2017. LNEE, vol. 425, pp. 223–230, Kuala Lumpur, Malaysia, 26–29 June 2017. Springer (2017). doi:10.1007/978-981-10-5281-1_24

  10. Loginova, N., Trofimenko, E., Zadereyko, O., Chanyshev, R.: Program-technical aspects of encryption protection of users’ data. In: 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pp. 443–445, February 2016

    Google Scholar 

  11. VeraCrypt. VeraCrypt Documentation. http://veracrypt.codeplex.com/documentation

  12. Waits, C., Akinyele, J., Nolan, R., Rogers, L.: Computer forensics: results of live response inquiry vs. memory image analysis. Technical report CMU/SEI-2008-TN-017, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2008)

    Google Scholar 

Download references

Acknowledgment

This work was undertaken with financial support of a Thelxinoe grant in the context of the EMA2/S2 THELXINOE: Erasmus Euro-Oceanian Smart City Network project, grant reference number: 545783-EM-1-2013-1-ES-ERA MUNDUS-EMA22.

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Management, Wroclaw University of Science and Technology, Wroclaw, Poland

    Michal Kedziora

  2. School of Computing and Information Technology, Institute of Cybersecurity and Cryptology, University of Wollongong, Wollongong, Australia

    Yang-Wai Chow & Willy Susilo

Authors
  1. Michal Kedziora
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang-Wai Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michal Kedziora .

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, Geelong, Victoria, Australia

    Lynn Batten

  2. University of Canterbury, Christchurch, New Zealand

    Dong Seong Kim

  3. The University of Auckland, Auckland, New Zealand

    Xuyun Zhang

  4. Deakin University, Geelong, Victoria, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Kedziora, M., Chow, YW., Susilo, W. (2017). Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems. In: Batten, L., Kim, D., Zhang, X., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2017. Communications in Computer and Information Science, vol 719. Springer, Singapore. https://doi.org/10.1007/978-981-10-5421-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-5421-1_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-5420-4

  • Online ISBN: 978-981-10-5421-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation