LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

steg the whole os

steg the whole os

Posted Oct 10, 2008 22:44 UTC (Fri) by surfingatwork (guest, #50868)
In reply to: ParanoidLinux: from fiction to reality by tmassey
Parent article: ParanoidLinux: from fiction to reality

First step in implementation would be to hide the real partition. In vmware for example you have vmware looking partitions so it's obvious there's more. So fix that.

Then there's spy versus spy iteration that'd go on since there's plenty of ways to see if you're in a virtual machine at least for current scenarios. But the first step is hide the partition.

Use case I'm thinking of is going through US Customs. This way they wouldn't be able to ask you to decrypt your real OS without opening your laptop and attaching to your hard drive.

Or booting off their own optical disc. Hmm.

(Log in to post comments)

steg the whole os

Posted Oct 10, 2008 23:36 UTC (Fri) by tmassey (guest, #52228) [Link]

I think you miss the point.

The point is not to make it so that nothing about the computer is visible. That will never work, for the reasons you hint at: you need to be able to power up the computer and let others see that it's "OK". That's called plausable deniabilit (http://en.wikipedia.org/wiki/Plausible_deniability). The ability to say, "See, look: it's a Windows computer with nothing but pictures of kittens!"

When you boot, you get Windows. When you look at the partition table, there is a single NTFS partition that contains Windows. No encryption, nothing hidden. Everything is what it is.

However, somewhere on that computer, cleverly named "Kitty Pictures.ZIP" buried *deep* within a directory that contains nothing but kitty pictures, is a 1GB file. That file is a TrueCrypt-encrypted file that contains a CoLinux partition. Within that is all of the stuff that you're trying to hide.

In theory, it might even be possible to have the "Kitty Pictures.ZIP" file be an *actual* ZIP file. Or maybe it would be more practical with an ISO file: something that is properly formatted to burn an ISO, but one of the files on the ISO is actually the file used by TrueCrypt: it just uses a specific offset within the file to store data.

The beauty of this is that it is a 100% safe, normal, "OK" Windows computer. In order to find the "badness", the person will have to find the file that you're using the hide the "bad" data (the "Kitty Pictures.zip/iso"), analyze that one file and find that it contains encrypted data. Then they have to break the encryption!

TrueCrypt adds even more plausable deniability: the ability to have two (or more) layers of encryption. The first layer is designed to contain "kinda sensitive" data (say your diary). The second (or deeper) layer contains your "real sensitive" data. That way, you can be "forced" to give up your encryption key for the only kinda sensitive data, not your *most* sensitive data.

The biggest problem that I can see is that the presence of things like TrueCrypt on the computer make it more obvious that you're trying to hide things. I don't know how to hide the very existence of TrueCrypt. But as for hiding the other things, there are ways.

It's not perfect, but even a more than casual glance is going to have a hard time finding anything...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds