05 March 2012

Chryptographic filesystems

At this point it is redundant to explain the reasons for using cryptographic techniques. Throughout history we have seen many examples which are summarized in the premise that someone wants to keep secret something that another would like to know.

At the time that computers and mass storage devices began to be "transportable" came immediately the need to find mechanisms to protect the information contained in these devices on the road. Imagine the damage that a public agency or a large company could suffer if one of their employees have his work laptop stealt at a gas station or an airport. Therefore, it was needed to find an environment that ensured the confidentiality of the information of the portable devices in a comfortable way that do not penalize their use.

On the other hand, it exists the possibility that the owner of the data suffers pressure to decrypt the data with its key. Imagine if an employee who works on military bussines or a political dissident is tortured or interrogated to find out how to enter his laptop to get a nes future fighter blueprints or opinion pieces that could lead him to a firing squad. In such cases it is very useful that mechanisms exist to provide deniability of information. These mechanisms would help deciphering "lure" files of little importance or even outright false which would mislead the interrogators, who would have no way of knowing if that is the whole information encrypted or if instead there is more. 

To address these problems the military has been developing long ciphers able to protect data in case of mass storage devices fall into enemy hands.

At civil level, one of the earliest examples is found in the file system StegFS. This file system allows not only encrypt confidential data but apply steganographic methods that gives deniability of that information. StegFS development is stopped and is not currently recommended for use in modern infrastructure (in fact only supports kernels 2.2.x branch), however their website has several papers, highly recommended reading, explaining the theoretical of such mechanisms.

Another option, the other in constant development and has come to pick up the baton from the previous system, is TrueCrypt . This tool is cross-platform (runs on Windows, Mac and Linux) and allows you to create encrypted virtual disks that can be mounted as standard units of the system, performing the encryption-decryption in real time (on-the-fly), so that operation on encrypted files is completely transparent to the user. When removing these virtual disks TrueCrypt encrypts data in a single file so there is no way for an attacker to know how many encrypted files are inside the main one. For all this the user uses a password of his invention and one of the symmetric encryption algorithms offered by the tool, such as AES-256, Serpent or Twofish, among others.

The usefulness of this tool is obvious, since we can encrypt personal data that we have in our USB memory (for example, our certificate of the FNMT, lists of passwords, network maps or personal photos) or even an entire partition, including boot, as TrueCrypt allows for authentication during startup, so that if any steals the laptop will be virtually impossible to him to extract any information from the hard drive.

TrueCrypt provides two levels of deniability. To begin with: without the decryption key, encrypted TrueCrypt volumes are indistinguishable from any other type of binary data files. Files containing encrypted TrueCrypt volumes lack any type of signature that identifies them as such. This makes it easy to hide it by changing its extension such as. Iso,. Raw,. Img or what comes to mind ... to TrueCrypt will not be affected by extension because when mounting the volume Truecrypt accepts anyone. The second level of deniability corresponds to hidden volumes that consists in an encrypted volume inside another so that the user has two passwords: one that opens the main encrypted volume, which will have decoy files, and other that opens a secondary encripted volume (the one in the main) with the really important files. The TrueCrypt developers say there is no way to tell if an encrypted volume contains another hidden. 

Besides the above, Truecrypt is really easy to use by relying on a truly intuitive windows interface. To make things better the documentation of its website is very well organized and is very educational explaining in a clear and easily way the fundamentals of the functionality offered by the tool.

With this, there is no excuse for not wearing our data safely on our portable devices, completely safe from leaks because of theft or espionage.