Friday, December 8, 2023

Shufflecake – Hidden Linux Filesystems to Store Sensitive Data

Protecting personal data is a growing concern, with local storage as the last line of defense. Even here, precautions are needed against adversaries like thieves, and at this point, disk encryption offers solutions for this threat.

But disk encryption alone can’t protect against powerful adversaries who can coerce users into revealing encryption keys. 

Plausible deniability (PD) is a security measure to hide crucial data’s existence, allowing users to deny its presence to violent adversaries.

Elia Anzuoni and Tommaso Gagliardoni from their following respective university and organizations recently unveiled “Shufflecake,” a stealthy data concealment technique, inheriting the legacy of TrueCrypt and VeraCrypt:-

  • EPFL, Switzerland
  • Kudelski Security, Switzerlan

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Shufflecake Hidden Linux Filesystems

Plausible deniability (PD) approaches vary by the storage layer they target, with filesystem-level and FTL-level options. 

Each has pros and cons, but adversaries can compromise layer-specific solutions with access to lower layers.

A robust plausible deniability (PD) approach operates at the block layer, using a block device interface with bRead and bWrite methods. 

This framework formats one device with multiple encrypted volumes, including decoy volumes. Even after surrendering passwords for decoy volumes, PD ensures the hidden volumes remain undetectable to adversaries.

Early PD research mainly focused on single-snapshot adversaries, assuming devices would only be checked once. However, modern storage, especially SSDs, can leave traces of data changes, challenging single-snapshot security. This scenario is addressed in multi-snapshot security models.

Addressing multi-snapshot attacks in PD systems, especially with TrueCrypt and derivatives, poses challenges. Some solutions, like oblivious random access machines (ORAMs), offer multi-snapshot security but at significant performance costs. 

WoORAMs, which obfuscate write requests, provide an efficient alternative for post-arrest physical layer adversaries, sparking a new research direction for multi-snapshot-resistant PD solutions.

The landscape of available PD solutions has usability and security gaps, with limited adoption. VeraCrypt is the most widespread but has limitations. 

WoORAM-based alternatives have potential but suffer significant performance drawbacks. Additionally, read requests’ impact on the physical device state is uncertain. 

Many PD solutions, including TrueCrypt, may unintentionally leak hidden data through OS behaviors. A versatile PD solution balancing security and usability is lacking, particularly for Linux.

Shufflecake’s disk layout
Shufflecake’s disk layout (Source – Arxiv)

The device’s storage is divided into a header and data sections. The header includes a fixed-size DMB and equal-sized volume headers, preventing easy volume count deduction by header size.

Shufflecake offers operational advantages over TrueCrypt and is open-source to build trust and encourage community contributions for future enhancements.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


Latest articles

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles