Defeating Deniable File Systems: A TrueCrypt Case Study
We find that the Windows Vista operating system itself, Microsoft Word, and Google Desktop all compromise the deniability of a TrueCrypt DFS. While staged in the context of TrueCrypt, our research highlights several fundamental challenges to the creation and use of any DFS: even when the file system may be deniable in the pure, mathematical sense, we find that the environment surrounding that file system can undermine its deniability, as well as its contents.
All the stuff Schneier et al talk about seems obvious once you think about it: menus of most-recently-used files, autosaves, auto-indexing of files — all kinds of things that can point to the existence of hidden stuff. Some easy to fix, some not (and basically all pretty straightforward consequences of the old star-property stuff about sending information across security boundaries).
But what I really liked was the hook at the end of their paper: if you run software capable of creating a deniable file system, adversaries are going to assume that you’ve done so, and probably won’t rest until you give them the information they want. Whether you have it or not.
