Saturday, January 25, 2025
HomeCyber Security NewsShufflecake - Hidden Linux Filesystems to Store Sensitive Data

Shufflecake – Hidden Linux Filesystems to Store Sensitive Data

Published on

SIEM as a Service

Follow Us on Google News

Protecting personal data is a growing concern, with local storage as the last line of defense. Even here, precautions are needed against adversaries like thieves, and at this point, disk encryption offers solutions for this threat.

But disk encryption alone can’t protect against powerful adversaries who can coerce users into revealing encryption keys. 

Plausible deniability (PD) is a security measure to hide crucial data’s existence, allowing users to deny its presence to violent adversaries.

Elia Anzuoni and Tommaso Gagliardoni from their following respective university and organizations recently unveiled “Shufflecake,” a stealthy data concealment technique, inheriting the legacy of TrueCrypt and VeraCrypt:-

  • EPFL, Switzerland
  • Kudelski Security, Switzerlan
Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Shufflecake Hidden Linux Filesystems

Plausible deniability (PD) approaches vary by the storage layer they target, with filesystem-level and FTL-level options. 

Each has pros and cons, but adversaries can compromise layer-specific solutions with access to lower layers.

A robust plausible deniability (PD) approach operates at the block layer, using a block device interface with bRead and bWrite methods. 

This framework formats one device with multiple encrypted volumes, including decoy volumes. Even after surrendering passwords for decoy volumes, PD ensures the hidden volumes remain undetectable to adversaries.

Early PD research mainly focused on single-snapshot adversaries, assuming devices would only be checked once. However, modern storage, especially SSDs, can leave traces of data changes, challenging single-snapshot security. This scenario is addressed in multi-snapshot security models.

Addressing multi-snapshot attacks in PD systems, especially with TrueCrypt and derivatives, poses challenges. Some solutions, like oblivious random access machines (ORAMs), offer multi-snapshot security but at significant performance costs. 

WoORAMs, which obfuscate write requests, provide an efficient alternative for post-arrest physical layer adversaries, sparking a new research direction for multi-snapshot-resistant PD solutions.

The landscape of available PD solutions has usability and security gaps, with limited adoption. VeraCrypt is the most widespread but has limitations. 

WoORAM-based alternatives have potential but suffer significant performance drawbacks. Additionally, read requests’ impact on the physical device state is uncertain. 

Many PD solutions, including TrueCrypt, may unintentionally leak hidden data through OS behaviors. A versatile PD solution balancing security and usability is lacking, particularly for Linux.

Shufflecake’s disk layout
Shufflecake’s disk layout (Source – Arxiv)

The device’s storage is divided into a header and data sections. The header includes a fixed-size DMB and equal-sized volume headers, preventing easy volume count deduction by header size.

Shufflecake offers operational advantages over TrueCrypt and is open-source to build trust and encourage community contributions for future enhancements.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...