Protecting personal data is a growing concern, with local storage as the last line of defense. Even here, precautions are needed against adversaries like thieves, and at this point, disk encryption offers solutions for this threat.
But disk encryption alone can’t protect against powerful adversaries who can coerce users into revealing encryption keys.
Plausible deniability (PD) is a security measure to hide crucial data’s existence, allowing users to deny its presence to violent adversaries.
Elia Anzuoni and Tommaso Gagliardoni from their following respective university and organizations recently unveiled “Shufflecake,” a stealthy data concealment technique, inheriting the legacy of TrueCrypt and VeraCrypt:-
- EPFL, Switzerland
- Kudelski Security, Switzerlan
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Shufflecake Hidden Linux Filesystems
Plausible deniability (PD) approaches vary by the storage layer they target, with filesystem-level and FTL-level options.
Each has pros and cons, but adversaries can compromise layer-specific solutions with access to lower layers.
A robust plausible deniability (PD) approach operates at the block layer, using a block device interface with bRead and bWrite methods.
This framework formats one device with multiple encrypted volumes, including decoy volumes. Even after surrendering passwords for decoy volumes, PD ensures the hidden volumes remain undetectable to adversaries.
Early PD research mainly focused on single-snapshot adversaries, assuming devices would only be checked once. However, modern storage, especially SSDs, can leave traces of data changes, challenging single-snapshot security. This scenario is addressed in multi-snapshot security models.
Addressing multi-snapshot attacks in PD systems, especially with TrueCrypt and derivatives, poses challenges. Some solutions, like oblivious random access machines (ORAMs), offer multi-snapshot security but at significant performance costs.
WoORAMs, which obfuscate write requests, provide an efficient alternative for post-arrest physical layer adversaries, sparking a new research direction for multi-snapshot-resistant PD solutions.
The landscape of available PD solutions has usability and security gaps, with limited adoption. VeraCrypt is the most widespread but has limitations.
WoORAM-based alternatives have potential but suffer significant performance drawbacks. Additionally, read requests’ impact on the physical device state is uncertain.
Many PD solutions, including TrueCrypt, may unintentionally leak hidden data through OS behaviors. A versatile PD solution balancing security and usability is lacking, particularly for Linux.
The device’s storage is divided into a header and data sections. The header includes a fixed-size DMB and equal-sized volume headers, preventing easy volume count deduction by header size.
Shufflecake offers operational advantages over TrueCrypt and is open-source to build trust and encourage community contributions for future enhancements.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.