Shufflecake: Plausible Deniability for Multiple Hidden Filesystems on Linux

TL;DR

Shufflecake is a Linux-based plausible deniability tool that hides multiple encrypted filesystems, offering fast performance and supporting various filesystems, aimed at protecting users like journalists and activists from adversaries.

Contribution

It introduces a native Linux implementation supporting multiple hidden volumes with enhanced deniability and performance, improving upon previous tools like TrueCrypt and VeraCrypt.

Findings

Supports multiple hidden volumes per device.

Achieves only minor slowdown compared to standard encrypted systems.

Provides a practical tool for privacy-conscious users in oppressive environments.

Abstract

We present Shufflecake, a new plausible deniability design to hide the existence of encrypted data on a storage medium making it very difficult for an adversary to prove the existence of such data. Shufflecake can be considered a ``spiritual successor'' of tools such as TrueCrypt and VeraCrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple volumes per device, so to make deniability of the existence of hidden partitions really plausible. Compared to ORAM-based solutions, Shufflecake is extremely fast and simpler but does not offer native protection against multi-snapshot adversaries. However, we discuss security extensions that are made possible by its architecture, and we show evidence why these extensions might be enough to thwart more powerful adversaries. We implemented Shufflecake as an in-kernel tool for Linux, adding useful features, and we benchmarked its performance showing only a minor slowdown compared to a base encrypted system. We believe Shufflecake represents a useful tool for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.