![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Truecrypt deniability on flash devices
Nov. 19th, 2009 08:11 amI've been thinking about security in my spare brain cycles lately, and I haven't been able to Google up anything specifically about this thing I thought of a few days ago:
Truecrypt has a "plausible deniability" mechanism where you can create TWO encrypted volumes in one. If you use one password, you get one volume, another gives you a hidden volume. It's carefully engineered so that there's no way to prove that the hidden volume exists, so that you can give the first password to a leg-breaker and say "that's my password."
However, I wonder if this isn't quite as good as it sounds. The normal and hidden volumes start at opposite ends of the volume, so directory sector overwrites (which happen a lot more than normal sector overwrites) happen at opposite ends.
Modern flash devices such as USB thumb drives utilize "wear levelling" which according to WP means that most of the memory cells in the device are only good for 1000 writes or so, but there are some cells engineered to take 100,000 writes before failing, and the controller in the device uses those heavy duty cells to take over duty for normal cells that are getting more use, thereby extending the life of the device.
Now, what if it's possible for someone with knowledge of the controller to talk with the controller chip in the thumb drive and extract information about either the sectors that are getting managed as "high overwrite count" sectors, or even write counts for each sector (I assume each sector must maintain a count, or the wear levelling algorithm wouldn't know which sectors to remap)?
If such information was available, and I bet it is if you know how to talk to the controller chip, then you could easily compare the sector write frequency for each sector in the device and demonstrate that there is probably a hidden volume on this device, since there is write activity on the far end of the device in keeping with the directory structure being held there.
Truecrypt has a "plausible deniability" mechanism where you can create TWO encrypted volumes in one. If you use one password, you get one volume, another gives you a hidden volume. It's carefully engineered so that there's no way to prove that the hidden volume exists, so that you can give the first password to a leg-breaker and say "that's my password."
However, I wonder if this isn't quite as good as it sounds. The normal and hidden volumes start at opposite ends of the volume, so directory sector overwrites (which happen a lot more than normal sector overwrites) happen at opposite ends.
Modern flash devices such as USB thumb drives utilize "wear levelling" which according to WP means that most of the memory cells in the device are only good for 1000 writes or so, but there are some cells engineered to take 100,000 writes before failing, and the controller in the device uses those heavy duty cells to take over duty for normal cells that are getting more use, thereby extending the life of the device.
Now, what if it's possible for someone with knowledge of the controller to talk with the controller chip in the thumb drive and extract information about either the sectors that are getting managed as "high overwrite count" sectors, or even write counts for each sector (I assume each sector must maintain a count, or the wear levelling algorithm wouldn't know which sectors to remap)?
If such information was available, and I bet it is if you know how to talk to the controller chip, then you could easily compare the sector write frequency for each sector in the device and demonstrate that there is probably a hidden volume on this device, since there is write activity on the far end of the device in keeping with the directory structure being held there.
