Concerning paper about vulnerability in Hidden OS

[Mounir IDRASSI]

I was informed about a paper claiming to defeat plausible deniability of hidden OS feature in VeraCrypt.
The paper in question is published at http://www.riverpublishers.com/journal_read_html_article.php?j=JSN/2017/1/12

I will focus on the the one-time access scenario (section 4.3 in the paper) since other scenarios involving attacker's ability to access VeraCrypt volume at several points over time are known to break plausible deniability as documented at https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html

In section 4.3, the authors describe how they found two sectors in the outer volume area that have lower entropy than the rest of the sectors and they go on to describe the content of these sectors.
What is strange in this is that they seem to imply that these 2 sectors are not encrypted and they explicitly write that "this area is not overwritten by VeraCrypt encryption algorithm": this statement is simply false because no data is left unencrypted on the disk and all write operations within hidden OS or the decoy OS are encrypted.
Another possibility is that they didn't mean that these sectors are left unencrypted and what they are describing is the content of these sectors as seen from within the hidden OS. The language used by the authors is not clear enough and it can be confusing especially the sentence I cited above.
If this is what they meant then they have found an issue with the standard XTS encryption mode used by VeraCrypt and other disk encryption products since they have found a correlation between the entropy of plain text and encrypted text. This is a huge discovery and I am surprised they did not emphisis this point since this breaks a fondamental property of the XTS encryption mode.

So we are left with either an issue in the test environement of the authors or a more serious vulnerability affecting the XTS encryption mode. What is sure is that the data mentionned by the authors can not be read from the outer volume without the password of the hidden OS and everybody can check this using simple tools (like HxD).

Don't hesitate to share any comment. Does anyone knows how to contact the authors to seek clarifications?

[Enigma2Illusion]

Does anyone knows how to contact the authors to seek clarifications?

Hello Mounir,

The paper provides the email addresses of the three authors shown below.

Michal Kedziora, Yang-Wai (Casey) Chow and Willy Susilo.

E-mails:
michal.kedziora@pwr.edu.pl
caseyc@uow.edu.au
wsusilo@uow.edu.au

Google seaching turned-up the following information with phone numbers and their offices:

Michal Kedziora
https://translate.google.com/translate?hl=en&sl=pl&u=https://www.ii.pwr.edu.pl/~kedziora/&prev=search

Yang-Wai (Casey) Chow
https://eis.uow.edu.au/scit/contacts/index.html
ASSOCIATE PROFESSOR CASEY CHOW
Phone: +61 2 4221 5001
Email: caseyc@uow.edu.au
Location: Building 3 Room 207

Willy Susilo
https://eis.uow.edu.au/scit/contacts/index.html
https://ris.uow.edu.au/ris_public/WebObjects/RISPublic.woa/wa/Staff/selectPerson?id=10256&group=3944
PROFESSOR WILLY SUSILO
Phone: +61 2 4221 5108
Location: Building 3 Room 223

[Daniel Kolar]

Related issue on https://github.com/veracrypt/VeraCrypt/issues/1351