I’d like to continue our discussion of VeraCrypt ‘deniable’ encryption for Whonix users in this new dedicated thread, instead of my other one.
To summarize, the threat model under which I argue VeraCrypt’s deniable encryption can effectively protect the user is the one whereby most western governments now have key disclosure laws that can legally force anyone in those jurisdictions to share their private data, if it’s technically provable that the data is indeed meaningful (i.e. non-random) encrypted data.
Under this threat model, people in these jurisdictions no longer have the technical ability for basic privacy of the data contained on their device’s OS hard drives, such as when they enter such countries at airports, unless they use a securely amnesic OS like Tails and the data is stored not on the Tails disk (because they only offer non-deniable encryption of the persistent storage at this time), but instead on a separate and deniably encrypted volume created in a manner described below.
The current Tails solution is not convenient for persistent (normal) computing, so I consider Whonix as a great central project to address this (with its persistent VM design of large virtual disk files which can themselves be placed inside a VeraCrypt volume).
I will define this threat model to include the following provisos:
-
The legal doctrine of ‘innocent until proven guilty’ is honored (meaning that no ‘thought policing’ takes place).
-
The enemy never applies or threatens direct physical harm as a consequence of any aspect of the user’s usage of VeraCrypt (no torture).
-
The data is never physically accessed by the enemy while the device is turned on and the data unlocked.
-
The data is not betrayed by forensic evidence of its existence such as plausible logs or other user data in a non-amnesic host OS (all of which can be forcibly decrypted under the same threat model).
-
Physically intrusive forms of targeted surveillance like physical computer implants or cameras/microphones/sensors nearby do not take place.
-
(This list may expand with other examples as necessary.)
In the above threat model, an effective VeraCrypt volume would have two following characteristics (or layers):
-
The volume is in the form of a partitionless whole disk, or a whole disk partition. When a whole disk or whole partition contains headerless, signatureless VeraCrypt data, as I currently understand, it is a. technically indistinguishable from meaningless random data, and b. plausibly explainable as meaningless random data such as being a partition that was formerly a dual-boot OS and was wiped using a method that wrote random data to the whole partition, or a whole disk that similarly was wiped using such a method, which is very commonly available with tools under every common OS. This first layer allows the user to effectively avoid being compelled by key disclosure laws in the first place.
-
Make it a ‘hidden volume’ (instead of standard volume). This VeraCrypt option instructs you to first create a decoy ‘outer volume’ with a unique password which only unlocks the outer volume, followed by a ‘hidden volume’ inside it which also has a unique password that can only unlock the hidden volume. “Free space on any VeraCrypt volume is always filled with random data when the volume is created and no part of the (dismounted) hidden volume can be distinguished from random data”, making the hidden volume technically deniable even if the outer volume was unlocked. As such, you can provide the outer volume’s key if you are forced to, and still keep your data private. This second layer allows the user to satisfy key disclosure laws even if evidence proves their disk or partition isn’t random.
Under this scenario:
-
The enemy can’t proceed further than the second layer of VeraCrypt protection, and it is very unlikely for them to break through the first layer in the first place.
-
The enemy is free to operate as they currently do, but they just won’t find anything meaningful on your hard drive.
-
You cannot be forced to show something that the enemy has no proof of existing. Without proof it is taken that it does not exist.
-
Solutions to therefore avoid the creation of plausible evidence of your data existing are paramount.
We still have a lot to learn and document. Here are some links for people to study (including myself):
https://www.veracrypt.fr/en/Plausible%20Deniability.html
https://www.veracrypt.fr/en/Hidden%20Volume.html
https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html
https://www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html
https://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html