Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications

Authors:
Alexei Czeskis;David J. St. Hilaire;Karl Koscher;Steven D. Gribble;Tadayoshi Kohno;Bruce Schneier
Affiliations:
Dept. of Computer Science and Engineering, Univ. of Washington;Dept. of Computer Science and Engineering, Univ. of Washington;Dept. of Computer Science and Engineering, Univ. of Washington;Dept. of Computer Science and Engineering, Univ. of Washington;Dept. of Computer Science and Engineering, Univ. of Washington;BT
Venue:
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Year:
2008

Citing 4
Cited 8

A cryptographic file system for UNIX

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
StegFS: A Steganographic File System for Linux

IH '99 Proceedings of the Third International Workshop on Information Hiding
Making information flow explicit in HiStar

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Deniable File System--Application of Deniable Storage to Protection of Private Keys

CISIM '07 Proceedings of the 6th International Conference on Computer Information Systems and Industrial Management Applications

Vanish: increasing data privacy with self-destructing data

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Protecting confidential data on personal computers with storage capsules

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Towards secure and privacy sensitive surveillance

Proceedings of the Fourth ACM/IEEE International Conference on Distributed Smart Cameras
Deniable cloud storage: sharing files via public-key deniability

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
TaintEraser: protecting sensitive data leaks using application-level taint tracking

ACM SIGOPS Operating Systems Review
Deniable encryption with negligible detection probability: an interactive construction

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
FAUST: Forensic artifacts of uninstalled steganography tools

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels

OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation

Quantified Score

Hi-index	0.00

Visualization

Abstract

We examine the security requirements for creating a Deniable File System (DFS), and the efficacy with which the TrueCrypt disk-encryption software meets those requirements. We find that the Windows Vista operating system itself, Microsoft Word, and Google Desktop all compromise the deniability of a TrueCrypt DFS. While staged in the context of TrueCrypt, our research highlights several fundamental challenges to the creation and use of any DFS: even when the file system may be deniable in the pure, mathematical sense, we find that the environment surrounding that file system can undermine its deniability, as well as its contents. We hypothesize some extensions of our discoveries to regular (non-deniable) encrypted file systems. Finally, we suggest approaches for overcoming these challenges on modern operating systems like Windows. We analyzed TrueCrypt version 5.1a (latest available version during the writing of the paper); Truecrypt v6 introduces new features, including the ability to create deniable operating systems, which we have not studied.