The point of a hidden OS is plausible deniability. When used correctly, there shouldn't be any evidence that another OS exists. For instance: what if there wasn't a hidden OS, and you do keep random data in your unused HD space? They'd be jailing you for refusing to give something that doesn't exist.
> I'm sure there's an even better way to accomplish something similar that I'm not thinking of
One example is what TrueCrypt calls plausible deniability. Your drive has an encrypted volume which initially appears to be completely random data (like all well-encrypted data). You have two decryption keys: an "innocent one" and the "real one." If asked or compelled to decrypt your drive, you decrypt it with the innocent one, and it becomes something innocent (like a bare operating system with no personal info). Obviously, the "real key" reveals your real operating system which you actually use, and thus contains personal information.
The kicker is, without the real key, not only can they not see your personal information, but it's physically impossible to even prove that there's another key which decrypts different data on the drive.
If you go full disk encryption with TrueCrypt, make sure you look into their Hidden OS feature as well. A judge may be able to order you to give up the decryption key to the OS when accessing the drive prompts for one (last I checked the precedent is still somewhat shaky), because while they can't know what's being encrypted they can infer something readable is. They can't prove the existence of a Hidden OS, though, so your 'real' encrypted area is just noise and can't be legally proved anything else so a second key can't be demanded.
IIRC the configuration that allows hidden volumes is distinguishable from the basic configuration, so they could tell if there's the potential for a hidden drive to exist. If so, they could assume the hidden container exists and throw you in jail if you don't produce a password that unlocks one.
If the format schemes are indistinguishable that's good news.
I get the technology and with a random disk it could make sense: there is no way to prove that there will be a hidden volume. But if you use this with a device that was built to support this, the plausible deniability becomes less believable.
The technology for this does exist, but it's pretty annoying to use in practice. You need to use the "decoy" OS regularly -- preferably most of the time. After all, it's implausible that you haven't used your web browser in six months, etc, and your adversary would notice this.
The problem there is that the "hidden" OS is (by definition) undetectable from within the "decoy" OS. Therefore, you risk accidentally overwriting it. Some encryption software has workarounds for this, but that typically leaves you exposed while it's in use.
Whole-disk encryption is great for protecting credit card numbers, embarrassing information, and trade secrets from someone who should happen to steal your laptop. If you actually have anything so secret that you're worried about being coerced into decrypting it, I don't know how to help you.
Malware? Include with the operating system, to use the unused part (which might be all of it) of the encrypted partition for random data. Anyone who has no encrypted files, will not know the password to decrypt it, because there isn't any.
Is that not the point of VeraCrypt(formerly TrueCrypt)?
Normal everyday OS in Main encrypted volume, then your secret hidden OS in the hidden volume.
Should someone make you divulge your password, you give them the one to get access to the normal boring mundane volume, and they have no proof that the other volume exists.
When applied to having a hidden truecrypt OS, I don't think this would work with UK's laws. You give the password to the dummy OS, not the true OS, but there still being a large chunk of seemingly encrypted data on the hard drive would lead them requiring you to unencrypt that as well.
Interesting, but only useful in a specific situation (decryption coercion). And probably not that effective in such situations.
Obligatory XKCD: https://xkcd.com/538/ Obviously it ignores habeas corpus but of course, so have most governments, even the more 'evolved' ones.
For most situations, denial of encryption is not necessary. I can see the point for data drives. But in a laptop/PC scenario, there must be a way to actually boot the thing. If there's a way to boot it, it can be detected by trying to boot it ;) There must be something machine-readable that asks for the password. You can store that part on a separate USB but even the possession of that is an indication that you use encryption.
And to mention the obvious: Who carries around drives with random data on them? Storage devices that are unformatted are normally filled with zeroes. Sure, it could have been wiped with random data, but it is still a very suspicious situation.
It's a nice project for this niche usecase but for encrypting my boot drives I'm perfectly happy with LUKS as it is. In most cases denying the existence of encryption is not needed.
It's absolutely possible. No idea about a proof of concept, but I don't even think it matters, honestly.
It's cute that the OS might play some tricks to hide them from you, but at the end of the day, that's all it is doing, is hiding. Security by obscurity.
You're just betting you hid them really really well and that no one will be able to find them. With zero preparation in the event someone does.
If you have root, you have access to the files, period. Someone determined enough could search, read and write to the disk directly, bypassing the filesystem.
unveil is defense in depth, but it shouldn't be treated as a final line of defense which too many obsd fans seem to want to do.
Rather than an encrypted archive, would an encrypted, hidden partition not work better? Anything sensitive goes on there, have it unmounted and invisible, leave the rest of the system as is let 'em login and search what they see.
"the hidden volumes will still stick out like a sore thumb and clearly be encrypted data"
I thought that was the entire point of the hidden volume... that from outside you can't tell there is a hidden volume? And that from inside the fail-safe, you still can't tell there's a hidden volume? I may simply be mistaken.
---
Uh, I think you're missing the point of how the plausible deinability works. The point is that under duress you can acknowledge that it's a TrueCrypt volume, and open it up without at all exposing the hidden volume inside. It's like having a treasure chest with a false bottom where you store your good. The fact that it can't differentiate the location of hidden volumes is... paramount.
A "hidden volume" does not mean a truecrypt volume disguised to look like a normal windows file which is what this program looks for...
I am less convinced. If the GMan nabs you, sees you are using a tool which heavily advertises a hidden partition, and coincidentally your drive has a large unused block of random data - they are unlikely to be fooled.
The point of this kind of encryption is that a removed hardrive can be sold or repurposed without data risk.
Anyone can boot the laptop and get to the decrypted hard drive, what does it matter if they sniff the key first? They always had access to the end result of they can boot the laptop.
The point of a hidden OS is plausible deniability. When used correctly, there shouldn't be any evidence that another OS exists. For instance: what if there wasn't a hidden OS, and you do keep random data in your unused HD space? They'd be jailing you for refusing to give something that doesn't exist.
reply