Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently saw this video on perfectly deniable full disk encryption from BlackHat Europe 2018 and I thought it was rather interesting. As someone who's recently started to try to get into Linux and understanding computers more in general myself, I was wondering what it would take to learn how to implement this method of disk encryption; the kind of topics one would need to familiarize themselves in order to have the sufficient toolset to do it properly.
I've searched online but I can't find any tutorials or guides on how to do this kind of encryption. This one talk and the presentation slides linked in the video's description seem to be the only source on the topic. I think that's a shame because I'd rather like to learn more in depth how it works than just the abstract.
Would knowledge of Assembly language be required? Would writing the kinds of kernel modules mentioned be a difficult task even for an intermediate user? I think I understand the concepts in terms of the abstract but I'd rather have a more detailed understanding of the exact processes done in order to achieve the end result and how it all fits together.
One thing in particular I'd like to know is how setting up the hidden OS would work. Would you encrypt it in the manner explained after installing the OS? or before? If before, how would you then install the OS into the hidden section?
I suppose what I'm asking is; what specific topics in Computer Science/Linux (Scripting/general sys-admin/FDE principles etc) would you recommend a beginner become familiar with in order to reach a stage where they would likely be able to understand the concepts involved to a sufficient point where they can implement this form of encryption properly themselves? And I guess this thread can be a point of discussion for anyone who'd like to document their attempts at trying it out themselves? Regardless, I hope some of you at least find it interesting
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
Just erase the disk with random data completely then use cryptsetup with --header on your usb key(backed up on another key too), and you can hide that header in some movie or something stenographically. Just make sure to remember how you did it.
I suppose what I'm asking is; what specific topics in Computer Science/Linux (Scripting/general sys-admin/FDE principles etc) would you recommend a beginner become familiar with in order to reach a stage where they would likely be able to understand the concepts involved to a sufficient point where they can implement this form of encryption properly themselves?
To understand the concepts, read a book about cryptography.
EDIT: After scanning the presentation slides, I think you also need to study how to write Linux kernel modules and how to access disk blocks from the kernel.
I wouldn't call scripting and system administration computer science topics, and you don't need them for understanding the concepts. System administration skills would help you implement the concepts, but more so programming skills, no matter in which general purpose language. Python is often cited as a good entry point.
EDIT: It needs to be C programming skills.
LUKS documentation is pretty in-depth and could help you get a glimpse of both concepts and implementation. A good starting point with many links is the cryptsetup README.
Last edited by berndbausch; 07-05-2020 at 08:04 PM.
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
syg00 You don't need to be phd to just run existing tools, that's not a rocket science. I didn't even finish high school, but I can read manuals and perfectly follow them. It even somehow landed me a dozen of jobs so far.
As for writing crypto code from zero entirely by yourself phd doesn't certainly help you either btw, both plebs' and docs' code can be flawed.
I'd say that takes a lot of reading, especially on security topic and how it applies to programming, as well as utilizing existing tools to properly check your code, aside from checking it manually. Several times. And then some more. The lesson is this: don't reinvent the wheel, that is especially true in crypto! Just don't. For fun - maybe, but just know it's probably never gonna be as good as existing solutions. You sure can write a kernel to run some binaries, maybe even binaries from other OSes but that'll absolutely be flawed from a security point of view. It may be a fun road, sure, but, just so you know. I'm not discouraging, just a word of warning.
Better just review the code of cryptsetup and it's docs, also LUKS in linux. That's a simple and good start there.
Also a word of warning, in today's reality in some countries you can be locked up if there's a disk with bunch of random data and you refuse to decrypt it, even if it is just a random data in reality with no hidden things there. That also(or, especially?) applies to tourists, don't take that stuff with you to the immigration gates, even if it's really just an random-data-erased disk. Will save you a lot of precious time.
Also a word of warning, in today's reality in some countries you can be locked up if there's a disk with bunch of random data and you refuse to decrypt it, even if it is just a random data in reality with no hidden things there. That also(or, especially?) applies to tourists, don't take that stuff with you to the immigration gates, even if it's really just an random-data-erased disk. Will save you a lot of precious time.
I think that's the point of "pefectly deniable" and "steganographic".
From the wikipedia page for Steganography:
Quote:
The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny.
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
@ondoho: It absolutely is but again, there's harsh reality which may sometimes, in this particular scenario, catch up with you. It's not always gonna be bulletproof. The point I want to make is don't put 100% trust in anything.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.