Improved Threat Models for the Security of Encrypted and Deniable File Systems

  • Michal KedzioraEmail author
  • Yang-Wai Chow
  • Willy Susilo
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 425)


This paper analyzes current widely used threat models, against which Deniable File Systems (DFSs) can potentially be secured. We contend that previously presented models are no longer adequate due to the integration of mobile and cloud computing in today’s devices and operating systems, as what this implies is a shift in forensic analysis paradigms and new forensic techniques to detect and analyze Deniable File Systems. We propose improved threat models against which DFS hidden volumes and hidden operating systems can potentially be secured, this includes One-Time Access, Multiple Access and Live Response Access. We also merge currently known attack vectors and propose new ones which were previously ignored in the increasingly outdated threat models. It is vital to develop new contemporary threat models for forensic analysis that cater for the current computing environment that incorporates the increasing use of mobile and cloud technology.


Cloud Computing Cloud Storage Access Model Cloud Application Threat Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was undertaken with the financial support of a Thelxinoe grant in the context of the EMA2/S2 THELXINOE: Erasmus Euro-Oceanian Smart City Network project, grant reference number: 545783-EM-1-2013-1-ES-ERA MUNDUS-EMA22.


  1. 1.
    Baryamureeba MV, Tushabe F (2004) The enhanced digital investigation process. In: Digital forensic research workshopGoogle Scholar
  2. 2.
    Canetti R, Dwork C, Naor M, Ostrovsky R (1997) Deniable encryption. In: Kaliski BS Jr (ed) Advances in cryptology - CRYPTO 1997, Proceedings of the 17th Annual international cryptology conference, Santa Barbara, California, USA, 17–21 August 1997. Lecture notes in computer science, vol. 1294. Springer, pp 90–104Google Scholar
  3. 3.
    Carrier BD, Spafford EH (2003) Getting physical with the digital investigation process. IJDE 2(2):1–20Google Scholar
  4. 4.
    Chang B, Wang Z, Chen B, Zhang F (2015) Mobipluto: File system friendly deniable storage for mobile devices. In: Proceedings of the 31st annual computer security applications conference (ACSAC 2015). ACM, New York, pp 381–390Google Scholar
  5. 5.
    Czeskis A, Hilaire DJS, Koscher K, Gribble SD, Kohno T, Schneier B (2008) Defeating encrypted and deniable file systems: Truecrypt v5.1a and the case of the tattling OS and applications. In: Provos N (ed) Proceedings of the 3rd USENIX workshop on hot topics in security, HotSec 2008, 29 July 2008. USENIX Association, San JoseGoogle Scholar
  6. 6.
    Davies A (2014) A security analysis of truecrypt: Detecting hidden volumes and operating systems a security analysis of truecrypt: Detecting hidden volumes and operating systems. Information Security Group, Royal Holloway, University of LondonGoogle Scholar
  7. 7.
    Gasti P, Ateniese G, Blanton M (2010) Deniable cloud storage: Sharing files via public-key deniability. In: Al-Shaer E, Frikken KB (eds) Proceedings of the 2010 ACM workshop on privacy in the electronic society, WPES 2010, Chicago, Illinois, USA, 4 October 2010. ACM, pp 31–42Google Scholar
  8. 8.
    Hargreaves C, Chivers H (2010) Detecting hidden encrypted volumes. Springer, Heidelberg, pp 233–244Google Scholar
  9. 9.
    Hay B, Bishop M, Nance K (2009) Live analysis: Progress and challenges. IEEE Secur Priv 7(2):30–37CrossRefGoogle Scholar
  10. 10.
    Jozwiak I, Kedziora M, Melinska (2011) Theoretical and practical aspects of encrypted containers detection - digital forensics approach. Springer, Heidelberg, pp 75–85Google Scholar
  11. 11.
    Jozwiak I, Kedziora M, Melinska A (2013) Methods for detecting and analyzing hidden FAT32 volumes created with the use of cryptographic tools. In: Zamojski W, Mazurkiewicz J, Sugier J, Walkowiak T, Kacprzyk J (eds) New results in dependability and computer systems - Proceedings of the 8th international conference on dependability and complex systems DepCoS-RELCOMEX. Advances in intelligent systems and computing, 9–13 September 2013, Brunow, Poland, vol 224. Springer, pp 237–244Google Scholar
  12. 12.
    Lessing M, von Solms B (2008) Live forensic acquisition as alternative to traditional forensic process. In: IT-incidents management & IT-forensics - IMF 2008, conference proceedings, 23–25 September 2008, Mannheim, Germany, pp 107–124Google Scholar
  13. 13.
    Loginova N, Trofimenko E, Zadereyko O, Chanyshev R (2016) Program-technical aspects of encryption protection of users’ data. In: 2016 13th international conference on modern problems of radio engineering, telecommunications and computer science (TCSET), pp 443–445Google Scholar
  14. 14.
    N.I. of Justice (U.S.) (2004) Forensic examination of digital evidence: a guide for law enforcement. NIJ special report. U.S. Dept. of Justice, Office of Justice Programs, National Institute of JusticeGoogle Scholar
  15. 15.
    Purcell DM, Lang S-D (2008) Forensic artifacts of microsoft windows vista system. Springer, Heidelberg, pp 304–319Google Scholar
  16. 16.
    Huveneers R. Disk Decipher.
  17. 17.
    Skillen A, Mannan M (2014) Mobiflage: Deniable storage encryption for mobile devices. IEEE Trans Dependable Secure Comput 11(3):224–237CrossRefGoogle Scholar
  18. 18.
    VeraCrypt. VeraCrypt Documentation.
  19. 19.
    Waits C, Akinyele J, Nolan R, Rogers L (2008) Computer forensics: Results of live response inquiry vs. memory image analysis. Technical Report CMU/SEI-2008-TN-017. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PAGoogle Scholar
  20. 20.
  21. 21.
    Yu X, Chen B, Wang Z, Chang B, Zhu WT, Jing J (2014) MobiHydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices. Springer, Cham, pp 555–567Google Scholar

Copyright information

© Springer Science+Business Media Singapore 2018

Authors and Affiliations

  1. 1.Faculty of Computer Science and ManagementWroclaw University of Science and TechnologyWroclawPoland
  2. 2.School of Computing and Information TechnologyUniversity of WollongongWollongongAustralia

Personalised recommendations