Perfectly Deniable Steganographic Disk Encryption

Presented at Black Hat Europe 2018, Dec. 6, 2018, 11:15 a.m. (50 minutes).

Deniable encryption and steganography nominally safeguard sensitive information against forced password disclosure by concealing its very existence. However, while the presence of sensitive information may be 'plausibly' denied, the possession of steganographic software (e.g. suspiciously configured VeraCrypt) is readily detected and regarded as a 'smoking gun' that invalidates such deniability. This weakness, which undermines protection against rubber-hose cryptoanalysis and aggressive password disclosure statutes, affects all known steganographic software and is especially problematic for deniable encryption suites such as VeraCrypt, which typically remain installed and visible on a user's hard drive.

This talk will cover efforts to overcome this critical limitation through a novel form of steganography that is self concealing. In this new paradigm, steganographic tools hide themselves in a self-recursive manner that renders them forensically invisible. Moreover, upon cryptographic activation by an authorized user, these hidden tools can bootstrap themselves into existence without generating any incriminating forensic evidence. Provided that requisite cryptographic conditions are met, such steganography can be considered "perfectly deniable."

The talk will cover the successful design and implementation of a self-concealing, perfectly deniable encryption/steganography suite that is similar in functionality to VeraCrypt's hidden volume/OS feature. However, unlike VeraCrypt, the decoy system employs Linux's customary disk encryption (cryptsetup/dm-crypt) and requires no additional binaries, peculiar partition schemes (or inexplicable unallocated disk space), restrictions on cover-system write operations, or modification to TRIM settings. In fact, the decoy system appears bit-for-bit as a normal Linux system that was configured with only default parameters (e.g. repeatedly clicking 'next' during Ubuntu installation). Conversely, a simple cryptographic operation by an authorized user will bootstrap a hidden, fully functional OS into existence in a process that generates no forensic evidence and requires no outside binaries. The talk will demonstrate such a working system, which testing has found to be fast, stable, and functional.


Presenters:

  • Dominic Schaub - Head, Research and Development, Discrete Integration Corp.
    Dominic Schaub received his BSc and PhD in Computer and Electrical Engineering from the University of Manitoba in 2004 and 2011, respectively. In 2011 he joined Defence Research and Development Canada (an agency within the Canadian Department of National Defence), where he developed statistical algorithms for the detection of adversarial information and identification of unknown objects. In 2017 he co-founded Discrete Integration Corp., an Ottawa-based technology company where he presently serves as the head of research and development. Dominic has authored numerous journal articles and conference publications. His expertise includes computational and applied electromagnetics, Bayesian statistics, Markov chain Monte Carlo methods, programming (including assembly, kernel, and C++), theoretical computer science (including post-quantum cryptography, steganography, and zero knowledge systems), defence-related research, and various IT subjects.

Links:

Similar Presentations: