Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems

Download PDF
Open Webpage

Michal Kedziora, Yang-Wai Chow, Willy Susilo

Published: 01 Jan 2017, Last Modified: 03 Dec 2024ATIS 2017EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: This paper analyzes the security of VeraCrypt hidden operating systems. We present attacks on the plausible deniability attribute of hidden Operating Systems (OSs) created using VeraCrypt. We demonstrate that the encrypted outer volume can contain information that compromises the existence of a hidden OS, and the fact that it was running, even if only one copy of the encrypted drive is examined. To further investigate this, we show that cross drive analysis, previously used to analyze deniable file systems, can also be applied to prove the presence of a hidden OS volume and to estimate its size. In addition, we discuss other attack vectors that can be exploited in relation to cloud and network information leaks. This paper also examines the security requirements of a threat model in which the attacker has direct access to a running hidden OS.

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview