Abstract
This paper analyzes current widely used threat models, against which Deniable File Systems (DFSs) can potentially be secured. We contend that previously presented models are no longer adequate due to the integration of mobile and cloud computing in today’s devices and operating systems, as what this implies is a shift in forensic analysis paradigms and new forensic techniques to detect and analyze Deniable File Systems. We propose improved threat models against which DFS hidden volumes and hidden operating systems can potentially be secured, this includes One-Time Access, Multiple Access and Live Response Access. We also merge currently known attack vectors and propose new ones which were previously ignored in the increasingly outdated threat models. It is vital to develop new contemporary threat models for forensic analysis that cater for the current computing environment that incorporates the increasing use of mobile and cloud technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baryamureeba MV, Tushabe F (2004) The enhanced digital investigation process. In: Digital forensic research workshop
Canetti R, Dwork C, Naor M, Ostrovsky R (1997) Deniable encryption. In: Kaliski BS Jr (ed) Advances in cryptology - CRYPTO 1997, Proceedings of the 17th Annual international cryptology conference, Santa Barbara, California, USA, 17–21 August 1997. Lecture notes in computer science, vol. 1294. Springer, pp 90–104
Carrier BD, Spafford EH (2003) Getting physical with the digital investigation process. IJDE 2(2):1–20
Chang B, Wang Z, Chen B, Zhang F (2015) Mobipluto: File system friendly deniable storage for mobile devices. In: Proceedings of the 31st annual computer security applications conference (ACSAC 2015). ACM, New York, pp 381–390
Czeskis A, Hilaire DJS, Koscher K, Gribble SD, Kohno T, Schneier B (2008) Defeating encrypted and deniable file systems: Truecrypt v5.1a and the case of the tattling OS and applications. In: Provos N (ed) Proceedings of the 3rd USENIX workshop on hot topics in security, HotSec 2008, 29 July 2008. USENIX Association, San Jose
Davies A (2014) A security analysis of truecrypt: Detecting hidden volumes and operating systems a security analysis of truecrypt: Detecting hidden volumes and operating systems. Information Security Group, Royal Holloway, University of London
Gasti P, Ateniese G, Blanton M (2010) Deniable cloud storage: Sharing files via public-key deniability. In: Al-Shaer E, Frikken KB (eds) Proceedings of the 2010 ACM workshop on privacy in the electronic society, WPES 2010, Chicago, Illinois, USA, 4 October 2010. ACM, pp 31–42
Hargreaves C, Chivers H (2010) Detecting hidden encrypted volumes. Springer, Heidelberg, pp 233–244
Hay B, Bishop M, Nance K (2009) Live analysis: Progress and challenges. IEEE Secur Priv 7(2):30–37
Jozwiak I, Kedziora M, Melinska (2011) Theoretical and practical aspects of encrypted containers detection - digital forensics approach. Springer, Heidelberg, pp 75–85
Jozwiak I, Kedziora M, Melinska A (2013) Methods for detecting and analyzing hidden FAT32 volumes created with the use of cryptographic tools. In: Zamojski W, Mazurkiewicz J, Sugier J, Walkowiak T, Kacprzyk J (eds) New results in dependability and computer systems - Proceedings of the 8th international conference on dependability and complex systems DepCoS-RELCOMEX. Advances in intelligent systems and computing, 9–13 September 2013, Brunow, Poland, vol 224. Springer, pp 237–244
Lessing M, von Solms B (2008) Live forensic acquisition as alternative to traditional forensic process. In: IT-incidents management & IT-forensics - IMF 2008, conference proceedings, 23–25 September 2008, Mannheim, Germany, pp 107–124
Loginova N, Trofimenko E, Zadereyko O, Chanyshev R (2016) Program-technical aspects of encryption protection of users’ data. In: 2016 13th international conference on modern problems of radio engineering, telecommunications and computer science (TCSET), pp 443–445
N.I. of Justice (U.S.) (2004) Forensic examination of digital evidence: a guide for law enforcement. NIJ special report. U.S. Dept. of Justice, Office of Justice Programs, National Institute of Justice
Purcell DM, Lang S-D (2008) Forensic artifacts of microsoft windows vista system. Springer, Heidelberg, pp 304–319
Huveneers R. Disk Decipher. http://disk-decipher.hekkihek.nl/
Skillen A, Mannan M (2014) Mobiflage: Deniable storage encryption for mobile devices. IEEE Trans Dependable Secure Comput 11(3):224–237
VeraCrypt. VeraCrypt Documentation. http://veracrypt.codeplex.com/documentation
Waits C, Akinyele J, Nolan R, Rogers L (2008) Computer forensics: Results of live response inquiry vs. memory image analysis. Technical Report CMU/SEI-2008-TN-017. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA
Zeng Y, Crypto Disks. https://itunes.apple.com/us/app/crypto-disks-disk-encryption/id889549308?mt=8
Yu X, Chen B, Wang Z, Chang B, Zhu WT, Jing J (2014) MobiHydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices. Springer, Cham, pp 555–567
Acknowledgement
This work was undertaken with the financial support of a Thelxinoe grant in the context of the EMA2/S2 THELXINOE: Erasmus Euro-Oceanian Smart City Network project, grant reference number: 545783-EM-1-2013-1-ES-ERA MUNDUS-EMA22.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media Singapore
About this paper
Cite this paper
Kedziora, M., Chow, YW., Susilo, W. (2018). Improved Threat Models for the Security of Encrypted and Deniable File Systems. In: Kim, K., Joukov, N. (eds) Mobile and Wireless Technologies 2017. ICMWT 2017. Lecture Notes in Electrical Engineering, vol 425. Springer, Singapore. https://doi.org/10.1007/978-981-10-5281-1_24
Download citation
DOI: https://doi.org/10.1007/978-981-10-5281-1_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5280-4
Online ISBN: 978-981-10-5281-1
eBook Packages: EngineeringEngineering (R0)