D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Hardware Encrypted SD

 

1. Make sure it doesn't look like encrypted data.
1a. Consider steganographic methods of encoding data in a possibly custom variant of a FullHD video codec. 1b. Basically, you're looking for decisions between multiple valid choices that an encoder has to make, and then perturbing those decisions in a way that allows you to get your data back out, but otherwise means you just have a typical Youtube style video. 2. Hardware/software is a red-herring (at raw hardware level you have an encoded sequence of bits, between that and what you see on your computer are layers of algorithmic combinatorics that work the same whether done in hardware or software -- the only thing in hardware encryption is a physics-derived source of random data, like what they do with the Premium Bonds draw -- and that can be supplied from outside your storage mechanism anyway).

For serious encryption, also, you want your OS functionality to be almost trivial. Off the shelf is a no-go for this stuff, and possibly you need a few years serious research to figure out the details... that aside such things are possible in principle.

John

On 29/11/2013 19:32, Daniel Robinson wrote:

The aim is to only leek data by having a gun held to my head. What is the best method of nailing all data to a disk and only leeking under duress On Nov 29, 2013 7:09 PM, "bad apple" <mr.meowski@xxxxxxxx <mailto:mr.meowski@xxxxxxxx>> wrote:
>
> On 29/11/13 17:55, Daniel Robinson wrote:
> > I wish to encrypt the entire OS and create a phantom OS on a partition and
> > hide everything else on a lower partition.
> > I read somewhere that this can be done.
>
> No can do chief - that functionality is Windows only, which isn't going
> to get you far on a Pi. I've read about people attempting to create the
> hidden partition as a Linux system by using WUBI and other tools but as
> far as I know, it just isn't possible to install Linux in the hidden
> outer volume even on standard x86/64 architecture, let alone on ARM.
>
> Also, your plausible deniability depends on you using the decoy lower OS
> frequently so any analysis of timestamps, etc, won't reveal anything
> untowards - as you want your system to be running 24/7 as a secure
> mailserver, rebooting it every other day and browsing around random
> websites, editing a couple of documents and generally making the decoy
> partition look like it's actually being regularly used isn't an option.
>
> On top of all that, the jury is very much out on whether Truecrypt
> hidden partitions can avoid skilled forensic analysis - law enforcement
> particularly are very aware of Truecrypt and it's tricks. Cold boot and
> in-memory attacks are known to be able to recover Truecrypt volume keys.
>
> So you're going to have to rethink this. LUKS is the way to go if you're
> using Linux.
>
> Cheers
>
>
>
> reading: https://www.schneier.com/paper-truecrypt-dfs.pdf
>
> --
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq





--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq