Tutorial - Hidden Operating System with Truecrypt

Starting from version 6, Truecrypt boasts an interesting function- creation of a hidden operating system. With this article we walk through the process of creating the hidden OS and analyze the possible uses of such a solution.

The concept
The basic idea of the hidden OS is to have two operating systems on the PC

  • the decoy (the visible one) - an OS that is visible to an outsider and actually contains no sensitive data, so it can be safely opened up to external personnel (investigators, customs officers etc)
  • the outer volume - a container partition where the hidden OS resides. It can contain some decoy confidential files. The idea of the outer volume is to explain the existence of a seemingly unformatted partition, since it can be mounted from within the decoy OS to show the decoy confidential files.
  • the hidden one - non-existent at first glance and created within an encrypted partition, which can hold sensitive data and should not be reported to external personnel.

The process
The process of creating the hidden OS is quite simple but takes time
  1. Create an outer container of the hidden OS
  2. Create an inner container and image the running OS into a hidden OS
  3. Re-create the visible (decoy) OS
A prerequisite to the process is having an empty partition (must be the one immediately behind the system system) at least 5% larger then the system partition.

After that, it boils down to following the on-screen instructions and waiting (the encryption and copying can take some time)

The final element of the process is the destruction of the original OS partition - don't worry, it has been entirely copied to the hidden volume. After that comes the only manual part of the process - the user must install the decoy operating system from scratch, and encrypt it's partition.

Usability of the solution
Apart from proving the concept, it does work without any glitches, how effective is it?
  1. Using a hidden OS with plausible deniability- The entire concept as presented within the TrueCrypt software should enable the user to claim that he has divulged all passwords for all operating systems/partitions on the computer. This is disputable to say the least, since any analysis will show a second partition with seemingly random data on it, which is a nice giveaway that there is something hidden there. In most cases where a person is under investigation the investigators will press to gain access to any partitions on the computer.
    • This hiding methodology is public, so even if the existence of the hidden OS is not divulged, the investigators can destroy the hidden OS by filling the outer container with dummy files just to be on the safe side.
  2. Using a hidden OS as a dual function computer - a much more useful case of the Truecrypt hidden OS, it can be used to create a mobile computer. The hidden OS should be used for corporate functions. For field use or use in an insecure environment, the decoy OS should be used, which cannot access the encrypted volume and which should not have any corporate or confidential data on it.
Talkback and comments are most welcome

Related posts
Cracking a TrueCrypt Container
TrueCrypt Full Disk Encryption Review
Tutorial - A Poor Man's Secure USB
Creating secure CD/DVD media for transport usingTruecrypt


Make Money Online said...

Fantastic post there, very helpful. You really have a lot of knowledge when it comes to backing up, you should be working with Microsoft.

Anonymous said...

I think you have failed to appreciate one aspect of the hidden OS. When you create a hidden OS you in fact create three components: the decoy OS (partition 1), the hidden OS (hidden on partition 2) and an outer container on partition 2. You have a password for each. If someone is curious why you have random data on partition 2 then you simply reveale the key for the outer container - within which you have some pseudo sensitive data. So, no loss of plausible deniability at all.

Anonymous said...

Another thing you fail to consider is that TrueCrypt allows you to remove the boot loader screen, so that all you see is a black screen. The computer appears to be frozen while you type your password. You can also make TrueCrypt print a fake error message like missing operating system so that it seems like there is a legitimate reason for the computer not booting up regularly.

Designed by Posicionamiento Web