Starting from version 6, Truecrypt boasts an interesting function- creation of a hidden operating system. With this article we walk through the process of creating the hidden OS and analyze the possible uses of such a solution.
The basic idea of the hidden OS is to have two operating systems on the PC
- the decoy (the visible one) - an OS that is visible to an outsider and actually contains no sensitive data, so it can be safely opened up to external personnel (investigators, customs officers etc)
- the outer volume - a container partition where the hidden OS resides. It can contain some decoy confidential files. The idea of the outer volume is to explain the existence of a seemingly unformatted partition, since it can be mounted from within the decoy OS to show the decoy confidential files.
- the hidden one - non-existent at first glance and created within an encrypted partition, which can hold sensitive data and should not be reported to external personnel.
The process of creating the hidden OS is quite simple but takes time
- Create an outer container of the hidden OS
- Create an inner container and image the running OS into a hidden OS
- Re-create the visible (decoy) OS
After that, it boils down to following the on-screen instructions and waiting (the encryption and copying can take some time)
The final element of the process is the destruction of the original OS partition - don't worry, it has been entirely copied to the hidden volume. After that comes the only manual part of the process - the user must install the decoy operating system from scratch, and encrypt it's partition.
Usability of the solution
Apart from proving the concept, it does work without any glitches, how effective is it?
- Using a hidden OS with plausible deniability- The entire concept as presented within the TrueCrypt software should enable the user to claim that he has divulged all passwords for all operating systems/partitions on the computer. This is disputable to say the least, since any analysis will show a second partition with seemingly random data on it, which is a nice giveaway that there is something hidden there. In most cases where a person is under investigation the investigators will press to gain access to any partitions on the computer.
- This hiding methodology is public, so even if the existence of the hidden OS is not divulged, the investigators can destroy the hidden OS by filling the outer container with dummy files just to be on the safe side.
Cracking a TrueCrypt Container
TrueCrypt Full Disk Encryption Review
Tutorial - A Poor Man's Secure USB
Creating secure CD/DVD media for transport usingTruecrypt