Kudelski Security, which specializes in the safety audit, published tools shufflecake , which allows you to create hidden file systems smeared according to existing free space in existing sections and not distinguishable from random residual data. The sections are created in such a way that without knowing the access key to their existence, it is problematic to prove them even during forensic analysis. Dull Code ( shufflecake-userland ) and the linux nucleus ( dm-sflc ) is written in the language of si and is distributed under the GPLV3 license, which makes it impossible to include the published one The nucleus module in the main composition of the Linux nucleus due to incompatibility with the GPLV2 license, under which the core is supplied.
The project is positioned as a more perfect than TrueCrypt and Veracrypt, a solution to hide the data protection that has a native support of the Linux platform and allows you to place up to 15 hidden sections on the device invested in each other to confuse their existence. If the use of ShuffleCake itself does not represent a secret, which can be judged, for example, by the presence of appropriate utilities in the system, then the total number of created hidden sections cannot be determined. The created hidden sections at the discretion of the user can be formed to accommodate any FS, for example, Ext4, XFS or BTRFS. Each section is processed as a separate virtual block device with its own unlock key.
To confuse traces, it is proposed to use the behavior model “ plausible denial ” (Plausible DeniaBility), the essence of which is that the data is hidden as additional layers in encrypted encrypted sections with less valuable data, forming a peculiar hidden hierarchy of sections. In case of pressure, the owner of the device can open the key to the encrypted section, but other sections (up to 15 invested levels) may be hidden in this section, and determine their presence and prove existence is problematic.
Hidden is ensured