It may not be possible after all to conceal the existence of a sensitive file on a machine.
BT security expert Bruce Schneier and a group of researchers have hacked an ultra-paranoid feature in the TrueCrypt open-source disk encryption tool that lets users hide secret files from detection by attackers or others.
This “deniability” feature is a sort of extreme file-protection function that first encrypts the file and then hides it within an encrypted area on the disk drive like an invisibility cloak. But Schneier, chief security technology officer with British Telecom and researchers from the University of Washington found that Microsoft Vista, Word, and Google Desktop each can blow the cover of files using this so-called “deniable file system” (DFS) feature.
The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt’s encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec ’08 summit next week in San Jose, Calif.
Unlike encryption, where files and directories are scrambled into unreadable but visible forms, DFS masks the existence of files altogether so that there’s no evidence of the files at all.
TrueCrypt’s developers, meanwhile, say the just-released new version of the software, 6.0, remedies the leakage problem with DFS. “To our best knowledge, TrueCrypt 6 solves all the issues,” says David, one of TrueCrypt’s developers. The new features include the ability to create and run a hidden encrypted operating system, for example.
Schneier, however, isn’t convinced that TrueCrypt 6 can’t be hacked. The version had not yet been released when he and the UW researchers did their work, but Schneier thinks the outcome would likely be basically the same. “The new version will definitely close some of the leakages, but it's unlikely that it closed all of them,” he says.
Schneier, who has studiedthe viability of the so-called “deniable” file system model in the past, says DFS is actually easier to hack than encryption, and that there may be no way to make files truly undetectable on a drive. “Deniability is a much harder security feature to enable than secrecy,” he says. (See Schneier On Schneier and Schneier: In Touch With Security's Sensitive Side.)
The researchers were able to crack DFS without decrypting it. “Breaking the security of a DFS does not require decrypting the data; it only requires proving that (or in some cases simply providing strong evidence that) the encrypted data exists,” according to the report, which was co-authored by Schneier and University of Washington researchers Alexei Czeskis, David St. Hilaire, Karl Koscher, Steven Gribble, and Tadayoshi Kohno.
-----------------------------Personally, I think this is great. Experts in the field are working and helping make a free open-source encryption product more secure. This doesn't just help the experts...this helps the average joe, in America and anywhere in the world.
I use TrueCrypt 6.0a on my personal laptop and love it.
Do I expect it to protect me from the NSA or people like Bruce Schneier? No, of course not. It would be silly to even think like that.
But I know that it will give that kid that grabbed my laptop @ the coffeeshop a run for his money. lol
Perhaps just enough to keep my data safe.
No comments:
Post a Comment