Hidden OS on (new/empty) SSD and plausible deniability?

[vcuser]

Hi.

I have tried to understand this issue, reading some threads here.

Is it so that if you want 100% security and plausible deniability that you are not safe creating a hidden OS on a brand new, never used SSD, no matter what methods you use and precautions you take, during setup, installation and running it?
And why isn't it safe?

Seeing SSD's are practically the standard choice for system drive use. But if you wish to safely use VC, you are stuck with mechanical drives?

I hope for a quick but thorough reply.
Thank you.

[vcuser]

Is there really no one around that can answer this quite big and important question?
I'm sure a lot of people would benefit from this information as well.

In short: Is it at all possible to create a Hidden Operating System on an SSD and be as safe on a setup like that, compared to doing it on a mechanical disk?
What would the precautionary steps be (e.g. disable hibernation and paging/swap file and disable the 100 MB partition Windows likes to make)?

In my opinion the FAQ isn't crystal clear on this matter and it seems to only focus on hidden volumes and containers, regarding wear-leveling.

I've read here by Alex that "any expert in this configuration can guess the presence of a hidden system". But how, and why would that be exclusive to an SSD?
(And there's still a difference between guessing it and proving it.)

I absolutely need to know this and to have it explained well. Security risk or not, with Hidden OS on an SSD - and exactly why, if so?

I can donate USD 10 to the project if my question gets the answer I need.

[vcuser]

I'm amazed that either no one here knows about this, or that no one simply answers this question.
Not even the devs care to reply.

Maybe one more incentive, before I give up and feel like I'm standing here with my pants down and an insecure solution...?
I could consider donating monthly to VC if someone would tend to my query.

(Because I don't see much reason to donate if the door doesn't swing both ways.)

[Alex]

Hidden volume is good technology but it is not simple to use like plain encryption. Plausible deniability - the main complex part.
1. Outer volume has to contain real data to prove.
2. Several hidden volumes in single outer volume can help also.
3. Probably SSD is not good choice because it contains counters for sectors written. => It is possible to guess region used. Note: It is possible to improve protection but there is no interest to DCS project from community.

[vcuser]

So Hidden Volume and Hidden Operating System are the same thing?
As I've always understood it, it is much more secure than having only a regular encrypted OS, which, if you get into trouble, will have to reveal the password for, whereas with a hidden they would have to prove it exists 100% first. A suspicion or guess is not enough.

1. Isn't that the standard thing you do when you create a system like this? It wouldn't work if it wasn't real data.
2. That can't work as I've understood it, with a hidden OS, since there must not exist a partition before the outer one, at least. And to make several seems like a fuss, if it's possible. Maybe outside the outer volume you can make partitions, but how would that help? Regardless, for a hidden OS, you will only create the outer volume and within that there will be the hidden system and you can't make anything else there as it would break the configuration.
3. What do counters have to do with where or how data is written? And I thought SSD utilizes wear leveling so you can't "guess" or predict, even, where data is written, since it's written in random places. I am no expert at all on SSD's, but this seems just strange to me. Please elaborate.

I'm sorry but your answers are confusing me even more and I'm not "convinced" why SSD would be a bad choice. And that mechanical disks don't have any of the same problems, just looking at the difference, which is wear leveling(?) Also, SSD's are the future and mechanical disks are the past. So if the developers aren't interested in patching whatever insecurities, it seems to me it's not reliable in general.
What is DCS?

Unless I'm presented with information that is truly certain, I can only guess that an SSD must be as secure as a mechanical disk, because no crucial arguments have been presented anywhere, that says "this is why and this is the problem". Too much guessing going around. If no one here knows this for sure, then no adversary knows it either.
I'm not too impressed that none of the devs have bothered replying to my questions. Makes me wonder what they think is important.

[Alex]

Hidden volume and Hidden OS use the same idea - encrypted data inside encrypted data impossible to distinguish. The idea is good but requires extra steps to use and good knowledge what data will be protected and who will try to attack the data.

"A suspicion or guess is not enough" - it depends of place and who asks. In some countries it is necessary to prove that no hidden encrypted data. (IMHO eg. UK)

Eg. to prove "real" data - timestamps of files accessed and mark of region written.

About SSD - SSD contains internal counters in firmware for banks of flash memory to control state and how much times these banks were written. If attacker can read these counters the attacker can guess (and probably prove) presence of hidden volume.

DCS - EFI Boot loader for VeraCrypt. It is more complex and more flexible.
https://sourceforge.net/projects/dc5/files/beta/
It was discussed here
https://sourceforge.net/p/veracrypt/discussion/technical/thread/aaeeb26b

[vcuser]

So you're saying it's more safe to not use Hidden OS, but only encrypt the OS you're using, because it's more of a fuss and "you can't know what an attacker may do"?
That's in contrast to anything I've read since TrueCrypt was developed.
The suggestion was always "of course use Hidden OS". Because Windows activity logging.

Well, I'm not in the UK, the U.S., Colombia or Saudi Arabia. In my country you are innocent until proven guilty. They can of course pressure you regardless as if they were acting to know certain things. But in the end they would have to prove it, unless you slipped up.

About the counter thingy with SSD's. I'm assuming they must have access to the drive at several occasions and not only once? I thought the wear leveling mechanism was supposed to write data in random places all over the drive, and not in some contained areas. And how would you know that's a Hidden OS and not something else? All you can see is that data were written.
Wouldn't this be much more of an issue with mechanical drives? I'm a bit puzzled if SSD developers make their drives keep track of anything that goes on in them, just to ensure the health of the drive?

I read a bit of that DCS project, but it gave me a headache. This is for very advanced people. Not the general public. (Everyone should be concerned about privacy.)
I think VeraCrypt should offer full security out of the box. That's also how it's presented.
I've never had any sort of feeling like "sure, use Hidden OS, but it's not risk free".

Anyway. The big thing I am confused about is the information you've given me, but which is not presented in the documentation.
All it discusses is wear leveling. But I think you can counter that with FDE and a Hidden OS, since the data will be encrypted. So then if "fragments" from a Hidden OS was to be found, it should be encrypted and impossible to read anyway, right? Or can they see it's something "foreign" and conclude it's from something hidden and encrypted?
That scenario seems rational to me, but I just can't get my head around the things you bring up here, and why that would absolutely be a problem. I'm sorry.

If I'm doomed to dump the SSD idea, I'd like some iron clad proof that it would be stupid to use an SSD for Hidden OS, regardless of any precautions I'd try to make.