HiVE — Hidden Volume Encryption
as presented in Toward Robust Hidden Volumes using Write-Only Oblivious RAM

A short introduction for those who haven't read the full paper.

HiVE is a novel hidden volume encryption scheme built around the principle of a powerful cryptographic construct called Oblivious RAM. HiVE is resistant to an adversary who is able to observe the contents of a disk on multiple, separate occasions, and is provably secure against a powerful "chosen plaintext" attacker.

HiVE is implemented in a Linux kernel module, as a device-mapper target. Encrypted HiVE volumes are exposed to the user as ordinary block device nodes. A userland tool is also provided for easy management of HiVE volumes.

For a more in-depth explanation of HiVE's capabilities, please visit the official HiVE webpage, or refer to the full study available here.

Downloads

HiVE kernel module for Linux kernel version 3.13.6. (ver.2014.11.03)

HiVE userland tool to manage HiVE volumes. (ver.2014.11.03)

Please see the included README files for detailed information on setup and usage. By design, HiVE gives you many opportunities to irreversibly destroy your data, so please make sure you understand how the tool works before you start using it.

Usage

(1) To create a new HiVE instance on a block device:

           hive create <block-device>
    OR     hive create <block-device> --single-volume
   e.g.    hive create /dev/sdb1

This operation will destroy all data on the device, and set it up for two volumes.

(2) To open a HiVE instance created on a block device:

           hive open <block-device> <hive-name>
    OR     hive open <block-device> <hive-name> --single-volume
   e.g.    hive open /dev/sdb1 my-hive-dev

The open command by default maps the public volume to "/dev/mapper/hive-public" and the hidden volume to "/dev/mapper/hive-hidden". You can specify different names using the [--public-dev] and [--hidden-dev] (or [-p] and [-h], respectively) options.

These mapped devices can then be formatted with a filesystem and used just like any other block device.

(3) To close an open HiVE instance:

           hive close <hive-name>
   e.g.    hive close my-hive-dev

(4) To list open HiVE instances:

           hive list

(5) Use the [--single-volume] (or [-s]) option with create/open commands to create/open only a single, public volume. Note that if you have a hidden volume, this command will destroy the data in that volume.

(6) Mapped HiVE devices that are assigned random names prefixed with "map" are for internal use. Users should not write to those devices.

(7) See "hive --help" for a summary of available options.

Troubleshooting

(1) Please make sure you compile and run HiVE with the correct Linux kernel version (i.e., 3.13.6). HiVE is known NOT to compile/work with earlier kernel releases. We have confirmed that the current implementation works with certain newer kernel releases (however, sometimes giving compiler warnings) but this requires further testing, so proceed at your own risk. HiVE will no longer work with recent kernels due to a number of changes made to the block I/O layer. It is an easy fix, though. If you must run HiVE on a newer kernel, and are interested in learning more about this issue, please contact me.

(2) You need reasonably recent versions of libdevmapper and GCC to compile the HiVE userland tool. If you are using a distro that splits software into separate development packages (e.g., Debian, Ubuntu) remember to install the libdevmapper headers as well (e.g., often found in the package device-mapper-dev).

(3) HiVE kernel module is known not to compile in certain virtual machine environments, due to virtualization limitations.

(4) HiVE volumes created on USB flash drives connected to virtual machines may behave abnormally (e.g., HiVE may refuse to open/close volumes).

Known Issues

Please contact me if you discover other problems.

(1) While the scheme conceptually supports any number of hidden volumes on a given storage device, the current implementation only allows for two volumes, one public (i.e., encrypted but presence is known), and one hidden per HiVE device.

(2) Volume sizes are not user adjustable at the moment.

Change Log

ver.2014.11.03 (1) Random data generation in HiVE kernel module now defaults to an AES-CTR-based scheme. ARC4 support can still be enabled in the source code, but is known to be insecure. HiVE I/O performance remains unaffected. (2) Userland tool bug that could sometimes result in a segfault during volume creation fixed.

ver.2014.07.29 (1) Key derivation and password verification got a complete overhaul. (2) Numerous additional bug fixes.

ver.2014.07.23 First release.

Credits

This software is based on the following research work carried out at Northeastern University and NEU SecLab.

Toward Robust Hidden Volumes using Write-Only Oblivious RAM
Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, Kaan Onarlioglu
Proceedings of the ACM Conference on Computer and Communications Security (CCS)
Scottsdale, AZ USA, November 2014

Authors' version of the full paper is available here. If you would like to acknowledge our research or software in your works, please use the following citation information.

@inproceedings{ccs2014hive,
    author = {Erik-Oliver Blass and Travis Mayberry and Guevara Noubir and Kaan Onarlioglu},
    title = {{Toward Robust Hidden Volumes using Write-Only Oblivious RAM}},
    booktitle = {ACM Conference on Computer and Communications Security (CCS)},
    month = nov,
    year = {2014},
}

HiVE kernel module is free software licensed under GPLv2. © 2014 Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, Kaan Onarlioglu

HiVE userland tool is free software licensed under GPLv3. © 2014 Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, Kaan Onarlioglu