Encrypted Disk Unmount Using Personalized Audio Instruction

Home , Data remanence, Disk encryption, Disk encryption software, Disk encryption theory, Encryption software, VeraCrypt

Masaryk University Faculty of Informatics

Encrypted disk unmount using personalized audio instruction

Bachelor’s Thesis

Matúš Jarkovič

Brno, Fall 2019

Replace this page with a copy of the official signed thesis assignment anda copy of the Statement of an Author.

Declaration

Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source.

Matúš Jarkovič

Advisor: RNDr. Dušan Klinec

Acknowledgements

Firstly, I would like to express my deepest appreciation to my su- pervisor, RNDr. Dušan Klinec, for all of the suggestions, advice and guidance he provided me throughout the implementation and thesis creation. Secondly, I would like to thank my family that supported me during the studies. They have provided a very pleasant environment and the thesis would not be possible without them. Lastly, but most importantly I would like to express sincere gratitude to my beloved girlfriend who took care of me at all times.

iii Abstract

This thesis provides a brief overview of the most popular free open source storage encryption solutions as well as keyword spotting (KWS) systems. It mainly focuses on a basic functionality and highlights main features of these programs. Furthermore, a description of the most used types of storage encryption technologies is included. The goal of the practical part is to extend a disk encryption software VeraCrypt with a KWS system. For this task a tool named Mycroft Precise is used. The main task consists of the integration of these components including a two way communication between them, usage and testing. The purpose of the KWS is to continuously run in the background, process the input speech and notify the main application if user’s pre-defined keyword is spotted. If such event occurs, each mounted volume is immediately dismounted.

iv Keywords storage encryption technologies, disk encryption, keyword spotting, audio processing, open source, cryptography, VeraCrypt, Mycroft Precise

Contents

Introduction 1

1 Storage Encryption 3 1.1 Symmetric Cryptography ...... 4 1.2 Asymmetric Cryptography ...... 5

2 Types of Storage Encryption Technologies 7 2.1 Full/Whole Disk Encryption ...... 7 2.2 Volume/Virtual Disk Encryption ...... 8 2.3 File/Folder Encryption ...... 9

3 The Most Popular Encryption Software 11 3.1 VeraCrypt ...... 11 3.1.1 Volume Encryption ...... 12 3.1.2 System Encryption ...... 12 3.1.3 Plausible Deniability ...... 13 3.1.4 Acceleration and Optimization ...... 14 3.1.5 Encryption and Hashing ...... 15 3.2 Cryptomator ...... 15 3.2.1 Security ...... 16 3.2.2 Encryption and Hashing ...... 17 3.3 7-Zip ...... 17 3.3.1 Encryption ...... 18 3.4 BitLocker ...... 18 3.4.1 Additional Tools ...... 18 3.4.2 Security ...... 19 3.4.3 Encryption ...... 20 3.5 FileVault ...... 20 3.5.1 Security ...... 20 3.5.2 Encryption and Disk Images ...... 21 3.6 Dm-crypt, LUKS and Cryptsetup ...... 21 3.6.1 Security and Encryption ...... 22 3.6.2 Plain Dm-crypt Mode ...... 24

4 Keyword Spotting Software 27 4.1 Mycroft Precise ...... 29

vii 4.2 PocketSphinx ...... 30

5 Implementation 31 5.1 Keyword Spotting System ...... 31 5.2 Preparation ...... 31 5.3 Integration ...... 33 5.4 Dependencies ...... 34 5.5 Limitations and Future Work ...... 34 5.6 Testing and Recommendations ...... 36

Conclusion 39

Bibliography 41

A Usage Manual 45

B The source code 47

viii List of Figures

1.1 Encryption using Modes of Operation [7] 4 1.2 Symmetric Cryptography [10] 5 1.3 Asymmetric Cryptography [10] 5 2.1 Boot Sequence for FDE 8 2.2 Full Disk Encryption [13] 8 2.3 Volume Disk Encryption [13] 9 3.1 Hidden Volume [14] 13 3.2 Hidden Operating System [14] 15 3.3 LUKS partition layout [26] 22 3.4 LUKS partition header layout [27] 23 3.5 LUKS key slot layout [27] 24 4.1 HMM topology[35] 29 5.1 Main Window 32 5.2 Dismount Window 35 5.3 Reset Window 35

Introduction

The development of information technologies in past few decades has brought a lot of new options which affects everyday life to a high degree, fortunately, mostly in a positive way. One of such inventions is the ability to interact with devices using speech. It has been a highly demanded function since it’s introduction mainly because of the simplicity and comfort it brings for the users. The goal of this thesis is to implement a keyword spotting system into a generally approved disk encryption software VeraCrypt. It is a free open source application which is supported by all main platforms. The program is able to securely store the user data on a media device. Thus, preventing the potential attacker from accessing sensitive information. The theoretical part provides an overview of the most popular disk encryption solutions and KWS systems freely available. The implemented KWS system, if configured, is continuously listening and processing the audio input from the microphone. When a keyword is detected, VeraCrypt dismounts all of the mounted volumes and destroys the key materials used for the data decryption. Therefore, encrypting all of the vulnerable decrypted data. This extension also provides a simple interface for interaction with the KWS system module. The text is divided into five individual chapters. The first chapter provides a brief overview of the available encryption types. The second chaper then covers the technologies which can be used for the storage encryption. Chapter three focuses on the most popular disk encryption solutions while chapter four is a summary of the KWS systems. Finally, the last chapter describes the implementation part of the thesis.

1 Storage Encryption

Storage encryption software is a type of security program that uses cryptography for protecting data stored on media device from unauthorized access. Software-based encryption is the most commonly used due to its economic feasibility and flexibility. Nevertheless, it has some drawbacks and limitations such as degrading of system performance, higher power consumption and can be potentially less secure [1]. It hides the true meaning of the data using various encryption algorithms also known as ciphers [2]. These algorithms depend on a key which is used to modify the data. A symmetric key is a sequence of random bits which is used when encrypting plain text or decrypting cipher text. These keys are generated by the encryption program usually by a key derivation function (KDF). It is an essential component of every cryptographic system [3]. An example of a KDF can be the Password-based Key Derivation Function 2 (PBKDF2). It’s purpose is to take multiple parameters and derive one or more cryptographically strong keys from this input. User’s password in combination with salt, number of iterations and some kind of pseudorandom function (PRF), for example hash-based message authentication code (HMAC) serve as parameters [4]. All these variables are basically applied by the PBKDF2 to the password. The recommended number of iterations are given by standards. These are constantly changing with increasing speeds of central processing units (CPU) as the iterations increases the processing power needed for brute-force1 (dictionary) attacks. On the other hand, the salt provides better protection against rainbow table2 attacks. Salt is a random data that is added to the password to make the password hash unique. To ensure that the salt is really random and do not depend on the internal state of computer, hardware-based noise sources such as microphone input, camera noise or most commonly mouse movements are used. Two major categories of encryption algorithms currently exist, symmetric and asymmetric [5, 6]. Each of them has unique features that

1. https://en.wikipedia.org/wiki/Bruteforce_attack 2. https://en.wikipedia.org/wiki/Rainbow_table 3 1. Storage Encryption make them adequate for certain tasks. Despite having two completely different types, many times their combination also called hybrid encryption is practical. The most common usage is to encrypt the data via symmetric encryption and the symmetric key, used for the data encryption, with asymmetric encryption.

1.1 Symmetric Cryptography

Symmetric cryptography [6] or shared secret encryption uses the same key for encrypting and decrypting the data. It is the older technique from the two mentioned. Generally speaking, symmetric key encryption is much more efficient in time and storage requirements than asymmetric. Therefore, it is the one which is used when it comes to encryption of data stored on the media. The symmetric key encryption methods are divided into block ciphers or stream ciphers. Block ciphers, which use constant blocks length, are employed in disk encryption. Encrypting/decrypting a sector is achieved by dividing it into blocks matching the ciphers block size. Applying the cipher to each block separately would not be secure because the same plaintext always produces the same ciphertext. The mode of operation using this method is named electronic codebook (ECB). This mode is very problematic and is not recommended to use. The main problem is that it does not hide data patterns very well which can be seen in the Figure 1.1[7]. This could lead to potential data leaks.

Figure 1.1: Encryption using Modes of Operation [7]

A possible solution for this problem is using other modes of operation such as cipher-block chaining (CBC), counter (CTR) and many

4 1. Storage Encryption

others. The most popular and standardized mode of operation for disk encryption is Xor-encrypt-xor (XEX)-based tweaked-codebook with ciphertext stealing (XTS)[8]. These modes ensure that each block is mathematically related to another block. Since the first block does not have any predecessor, special generated data called initialization vector (IV) is used [9].

Figure 1.2: Symmetric Cryptography [10]

1.2 Asymmetric Cryptography

Asymmetric cryptography [6] also known as public key encryption, on the other hand, uses public and private key. It is relatively new method when compared to symmetric encryption.

Figure 1.3: Asymmetric Cryptography [10]

Public key is usually used for encryption of the information. Private key, on the contrary, is used for its decryption. These two keys are mathematically related to each other. It is usually possible to derive a public key from private key but it should be always impossible to

5 1. Storage Encryption do it vice versa. This type of cryptographic algorithms eliminates the problem with the necessity of the key exchange. One of the first kind of an asymmetric encryption algorithm was officially launched in 1977. It was developed by Ronald Rivest, Adi Shamir, Leonard Adleman and was later named RSA after their initials 2017.

6 2 Types of Storage Encryption Technologies

There are multiple ways of encrypting the data stored on media. In this section the most common technologies are described and briefly overviewed. Each type has it’s benefits and also it’s disadvantages. When it comes to the storage encryption, it has to be firstly decided how to protect the targeted data.

2.1 Full/Whole Disk Encryption

Full disk encryption [12] (FDE) protects the data in the event of physical loss or theft of the media. It encrypts the whole disk including swap files, system and hibernation files. If a disk that is encrypted using this type of encryption is placed into another computer, its state remains unchanged and only authorized person can access its content. This type of encryption is provided by applications such as VeraCrypt, BitLocker or FileVault. The data encrypted with FDE cannot be protected when the computer is unlocked during startup and left physically unattended. Unau- thorized person with physical access to the computer could open any of the files. It is mainly useful for small portable electronics which are prone to loss, such as laptops. It is also very useful in business laptops owned by companies which can be easily disposed of without the need to erase the data. FDE software works by modifying master boot record (MBR) which decides which program should be executed on device startup. Before installation of FDE software is usually points to the operating system (OS). When there is FDE installed on the device, it redirects the MBR to a special pre-boot environment (PBE) that controls the access to the device. Then the user is requested to authenticate himself by using e.g. combination of user identification and password. This is called pre-boot authentication (PBA). After a successful PBA occurs, the FDE decrypts boot sector for the OS and it starts to load. When the user wants to perform action on file such as opening, deleting or editing, the FDE software encrypts and decrypts necessary drive sectors in the background.

7 2. Types of Storage Encryption Technologies

Figure 2.1: Boot Sequence for FDE

There are some problems, mainly related with increased disk access times, which can occur using FDE. It can cause some delay when performing actions on files, but it should not be noticeable until manip- ulation with larger files. The boot time, shutdown time are increased too. It can prevent devices with dual-boot from functioning properly. All mentioned above was about software FDE, but hardware solutions exist too. It can be built into drive controller in such way that it cannot be disabled or removed. The advantage of this is that everything is performed by the drive and OS does not participate in any way which results into not having any performance impact. One of the major differences is that hardware-based FDE cannot be managed centrally which makes recovery harder. On the other hand, all of the cryptographic processing is done by drives hardware without necessity to expose sensitive data to the OS. Furthermore, it usually does not modify MBR which can save some troubles.

Figure 2.2: Full Disk Encryption [13]

2.2 Volume/Virtual Disk Encryption

Volume encryption (VE) and virtual disk encryption (VDE) [12] have a lot in common, but they do differ in some things. A file called container is used in VDE which can contain multiple files or folders. The user is permitted to view this data only after a proper authentication. If authentication is successful, the container is usually mounted as virtual disk. When using VE, entire logical volume is encrypted. Logical volume is actual storage allocated on disk which can spread across

8 2. Types of Storage Encryption Technologies multiple disks. Some of the software encryption programs that use container type encryption are for example VeraCrypt and Cryptoma- tor. On higher level these two types looks very similar. When the OS is running, user has to authenticate himself before accessing encrypted files. Software running on the OS handles every action that needs to be performed on volume or container. Necessary sectors are then decrypted by software. Key differences between VDE and VE are that volumes cannot be copied. It is possible to copy encrypted container onto another storage media. Data on the copied container can be accessed by using the same software. Another advantage of VDE is simplicity of making backup of the container as it can be copied. Moreover, it is useful in situations where volume-based media such as USB flash drive needs to have both, protected and unprotected storage.

Figure 2.3: Volume Disk Encryption [13]

2.3 File/Folder Encryption

File encryption is a process of encrypting individual files stored on medium. The access to these files is permitted only after proper authentication of the user. Folder encryption is almost the same but instead of encrypting individual files it addresses folders. On the first glance folder and container encryption can seem the same as both of them are supposed to encrypt multiple files, there is a difference between them. Container is an opaque file which means that files or folders inside of this container cannot be seed until it is decrypted. On

9 2. Types of Storage Encryption Technologies the contrary, file/folder encryption is transparent which means that anyone with access to the filesystem can see what files or folders are stored inside. It is possible to encrypt files or folders with encryption programs such as BitLocker or 7-Zip. File/folder encryption can be implemented in many ways, e.g. through the drivers, services or applications. An attempt to open such encrypted file prompts user for authentication. Once that is successful, software decrypts the chosen file. The impact on performance should be minimal. This type of encryption is mostly used on files such as word processing documents or spreadsheets. Many products offering file/folder encryption provide several options for selecting which files to encrypt. Common options are:

∙ User specifying the folders/files manually

∙ Encrypting content of administrators folders

∙ Encrypting certain types of files, e.g. with particular extension

∙ Encrypting output files of particular application

∙ Encrypting data files for particular user

10 3 The Most Popular Encryption Software

Data security is increasingly becoming a big concern not only for individual users, but for businesses too. With the hectic lives people make mistakes which can result into the loss of personal devices or thefts. It is very easy for unauthorized person to get access to all of the personal data stored on a device. It could be potentially even worse for companies where exposure of sensitive data could result in high financial losses. Fortunately, there is a way to protect ourselves from these situations. There are many programs that are able to protect the data on storage medium from unauthorized access. Here is the overview of the most popular free encryption software available today. A portion of these programs are open source which means that anyone can freely view or edit the source code. This is generally considered a very good approach as the code can be audited by third parties for security flaws. Thus, ensure users that no backdoors exist.

3.1 VeraCrypt

VeraCrypt1 is a free open source encryption software. VeraCrypt is multi-licensed under Apache License 2.0 and TrueCrypt License 3.0[14]. It is one of the most known and widely used software mostly because of its universality and cross-platform support. It is available on Win- dows, Mac OS X, Linux and even FreeBSD. The company that stands behind the development is named IDRIX. VeraCrypt is based on True- Crypt 7.1a which was discontinued in 2014[15]. The VeraCrypt was officially released in 2016. It certainly belongs to the more complex and robust encryption applications.

Main features of VeraCrypt: ∙ Creation of virtual encrypted disk and mounting it as a real disk ∙ Encryption of entire partition or storage device such as USB flash drive or disk

1. https://github.com/veracrypt/VeraCrypt

11 3. The Most Popular Encryption Software

∙ Encryption of partition or drive where Windows is installed using pre-boot authentication

∙ Parallelization and pipelining allowdata to be read and written as fast as if the drive was not encrypted

∙ Encryption can be hardware-accelerated on modern processors

∙ Provides plausible deniability such as Hidden volume (steganog- raphy) and hidden operating system

3.1.1 Volume Encryption There are two types of volumes in VeraCrypt. The first one, called file-hosted volume (container), is a normal file that can reside onany type of storage medium. It is a completely independent file that can be freely moved or copied. The second one, called partition or device-hosted volume, is an ordinary hard disk partition encrypted by VeraCrypt. It is also possible to encrypt devices such as USB flash drives, solid state drives or external disks.

3.1.2 System Encryption VeraCrypt is able to use on-the-fly encryption also known as transparent encryption to encrypt a system partition or entire system drive where Windows2 is installed. The main is that every encryption/decryption of files is done in the background automatically as needed after the user’s initial setup. System encryption provides the highest level of security because all files that are created on the system partition are permanently encrypted. Windows is always creating and keeping plenty of temporary files, logs, sensitive files containing private personal information. By using system encryption these files are always protected. System En- cryption involves PBA which is handled by VeraCrypt bootloader.

2. VeraCrypts System Encryption supports only Windows

12 3. The Most Popular Encryption Software

3.1.3 Plausible Deniability

In cases where an user is forced to reveal the password by an adversary, two types of plausible deniability are provided. A VeraCrypt partition or device appears to be a cluster of random data until decrypted. A possible plausible explanation could be that the partition was completely wiped by overwriting it with random data. However, any data leaks have to be prevented for this to work. Second problem is that using system encryption, unecrypted VeraCrypt bootloader is used which can be easily identified. This can be solved by using a hidden operating system feature. A hidden volume is created within another VeraCrypt volume’s free space. It is impossible to recognize even if the outer volume is mounted because the free space of a volume consists of random data and at the same time VeraCrypts unencrypted volume seemingly consists of random data. It is essential to use entirely different passwords for the two volumes. The hidden volume works the same way as normal one. When mounting the volume, it is determined by the password used whether the visible or hidden volume will be mounted.

Figure 3.1: Hidden Volume [14]

13 3. The Most Popular Encryption Software

A hidden operating system works almost the same way. During setup of this feature, so called decoy operating system is created. The main reason is that as soon as user starts using system encryption, VeraCrypt bootloader, which cannot be hidden, is created for the PBA. Due to this it is impossible to prove that there is no operating system encrypted stored on the disk. Whether the decoy system or hidden system boots depends entirely on the password input during PBA. It is important to use the decoy system as often as possible. The fact is that anyone who could get access to the decoy system, could also check the usage of it. If the system’s on-time would be too low, existence of another system could be questioned. During the usage of hidden operating system, it appears to be installed on the same partition as the decoy system despite being situated on the partition behind. Each action performed is transparently redirected to the hidden volume in which the hidden operating system resides. Neither system nor applications know that data is being written to the different place. It is not possible to accidentally overwrite the data in the outer encrypted volume, while using the decoy system, as it resides in the partition behind the decoy system. However, it is possible to overwrite the part where hidden operating system is located while using the outer volume. For this case, VeraCrypt provides a protection for the hidden volumes (hidden operating system) which, when toggled, prevents any write operations to the hidden volume area. As soon as such action is performed, VeraCrypt reports the “invalid parameter” error to the system, preventing write operation to both hidden and outer volume until dismounted.

3.1.4 Acceleration and Optimization Parallelization is a way of dividing data processing into multiple simultaneously running instances. VeraCrypt is able to speed up data encryption/decryption times by dividing each packet into smaller chunks. The number of chunks depends on the threads of the CPU. The speed increase is linear to the number of threads.

Pipelining allows stored data to be accessed as fast as if it was not encrypted. It is the asynchronous processing that ensures not hav-

14 3. The Most Popular Encryption Software

Figure 3.2: Hidden Operating System [14]

ing to wait for the file, located in the VeraCrypt’s encrypted volume, to be decrypted. The decryption of the data happens paralelly. It is supported only in Windows VeraCrypt application.

Hardware Acceleration is used only if it is supported by the devices CPU. VeraCypt automatically uses hardware-accelerated Advanced Encryption Standard (AES) if the CPU supports AES-NI instruction.

3.1.5 Encryption and Hashing Selection of encryption algorithms are available in VeraCrypt such as AES, Camellia, Kuznyechik, Serpent, Twofish and their combinations. All of them are used with key size of 256 bits and block size of 128. XTS mode of operation is used for encrypting which makes the data less malleable. During the password selection, user is able to choose from hash algorithms like RIPEMD-160, SHA-256, SHA-512, Whirlpool, Streebog.

3.2 Cryptomator

Cryptomator3 belongs into free open source software category too. It is a dual-licensed project under GNU Affero General Public License (AGPL) version 3.0 as well as commercial license derived from GNU Lesser General Public License (LGPL). It is available on Windows,

3. https://github.com/cryptomator/cryptomator

15 3. The Most Popular Encryption Software

Mac, Linux and mobile operation systems like Android and iOS. Cryp- tomator offers muti-platform transparent client-side encryption of the files stored in the cloud. It is developed by German company named Skymatic and officially published in 2016.

Main features of Cryptomator: ∙ Works with any cloud storage service synchronized with local directory ∙ It is open source, meaning it can be freely audited by third parties for exploits ∙ Ts is a client-side so there is no registration needed to use this program ∙ Provides fully transparent encryption which means that there is no difference in working with encrypted or unencrypted files from the user side

3.2.1 Security The base of the Cryptomator’s encryption is a container called vault. Every piece of encrypted data is stored in this container which can be mounted and then act as a virtual disk. Files located in any vault are encrypted and decrypted on-the-fly. For the sake of synchroniza- tion with the cloud, Cryptomator has to keep some meta information unencrypted such as:

∙ Access, modification and creation timestamps of files and folders ∙ The number of files and folders stored in a vault ∙ Size of stored files

This implies that Cryptomator is not correctly equipped to deal with pure local encryption. There are more appropriate programs for this task on the market which does not leave this meta information unencrypted. If a program using file stored in a vault creates a copy of such file, Cryptomator does not detect this file, therefore, it cannot delete it.

16 3. The Most Popular Encryption Software

3.2.2 Encryption and Hashing

Cryptomator uses AES with 256 bit key together with CTR mode of operation for encryption of files content and headers. Furthermore, it implements message authentication code (MAC), concretely HMAC- SHA-256, which can detect if the data was tampered with. The two keys used by AES and MAC are generated by cryptographically secure random number generator (CSPRNG), in this situation SHA1PRNG is used seeded with 440 bits generated by the SecureRan- dom Java class. These keys are then encrypted using RFC 33944 key wrapping algorithm together with key-encryption key (KEK) derived from the user’s password using salt and key derivation function scrypt5. Key wrapping algorithms are using symmetric encryption in order to to encapsulate (encrypt) the masterkeys which are used for the encryption or decryption. In the storage encryption technologies they are commonly used because they provide one unique feature. If the program utilizes the key wrapping function and user decides to change the password, only the masterkeys have to be re-wrapped. On the other hand, if the program does not implement this feature, all of the encrypted data has to be re-encrypted which can be very ineffective.

3.3 7-Zip

7-Zip6 is another that belongs to the free open source family of software. Most of the code belongs under GNU LPGL and some parts are under BSD 3-clause license. It was created by Igor Pavlov and firstly launched in 1999. However, it does not classify as encryption software but rather a file archiver with option to encrypt some of its supported formats. It is available only on Windows. Nevertheless, a port of a command line version of 7-Zip, named p7zip, is available on Linux [16].

4. https://tools.ietf.org/html/rfc3394 5. https://tools.ietf.org/html/rfc7914 6. https://sourceforge.net/projects/sevenzip/files/7-Zip/

17 3. The Most Popular Encryption Software

3.3.1 Encryption 7-Zip is compressing files into containers called archives which can be simultaneously encrypted. Encryption is only supported for 7z and ZIP formats [16]. It is able to create encrypted archives using the ZipCrypto or the AES-256 algorithms (with CTR mode of operation) for .zip archives or AES-256 (with CBC mode of operation) for .7z archives. The 7-zip is also able to use the AES-NI instruction, increasing speed and improving the resistance to side-channel7 attacks, if integrated in the CPU. The key is created using derivation function based on SHA-256 hash algorithm in combination with user defined password. To increase the protection against brute-force attacks, 7-Zip uses large number of iterations of this function [17]. The number of iterations can differ depending on the version. For example, inthe version 18.05, there are 524 288 iterations[18]. Unfortunately, the KDF implemented in the 7-Zip does not use any type of salt. Meaning that the same password is always transformed into the same key which makes it prone to rainbow table attacks.

3.4 BitLocker

BitLocker is a full disk encryption software that is included in some of the Microsoft Windows versions (Enterprise, Ultimate, Pro). It may be called a free software as it is a part of an operating system, however, it is not available for download, nor it is open source. It was created by Microsoft and initially released in 2007 [19]. Due to the code not being open source (not auditable by ordinary people), many people consider this software not secure as, to this day, it is not clear if any backdoor to the encrypted drive exist.

3.4.1 Additional Tools BitLocker provides some additional useful tools for the management. BitLocker Drive Encryption Tools include the command line tools such as manage-bde, repair-bde and cmdlets for Windows PowerShell. Manage-bde is a command line tool that allows user to use less default

7. https://en.wikipedia.org/wiki/Sidechannel_attack

18 3. The Most Popular Encryption Software

settings of BitLocker and provides more customization. It can be used for creating scripts too. Another useful tool, called Repair-bde, is intended for use when the operating system does not start and it is not possible to start BitLocker Recovery Console. It can be used to access the data stored on BitLocker encrypted drive when there is a severe damage of harddisk. Moreover, it can reconstruct critical parts of drive and salvage recoverable data as long as the correct authentication is provided. BitLocker To Go is a part of BitLocker that serves as encryption for removable media drives such as USB drive, external hard disk, SD cards and many more storages formatted by using NTFS, FAT16, FAT32 or exFAT file systems [20].

3.4.2 Security

BitLocker prevents unauthorized access by encrypting the entire volume where Windows operating system is stored and verifying the boot process integrity. The trusted platform module (TPM) is a dedi- cated microcontroller usually itegrated in the newer devices which works together with BitLocker to help achieve the security goal. This module is a tamper resistant security chip, which means that it can prevent tampering with the data. A special feature of the TPM is that it contains cryptographic keys which cannot be extracted. Moreover, there is an option to lock the normal startup process until the user provides correct personal identification number (PIN) or an USB drive that contains a startup key. It is possible to use the BitLocker despite the device not having a TPM (BitLocker supports version 1.2 and higher). However, it is necessary to provide the startup key via USB drive and it does not provide the pre-startup system integrity verification.

BitLocker authentication methods:

∙ TPM only, TPM validation

∙ TMP + PIN, user has to input correct PIN; if incorrect PIN is entered multiple times, the TPM will enter lockout

19 3. The Most Popular Encryption Software

∙ TPM + Network key, a key has to be successfully provided by Windows Deployment Service (WDS) server

∙ TMP + startup key, USB flash drive has to be present

∙ Startup key only, USB flash drive with startup key has tobe inserted

Additionally, the Encrypting File System (EFS) may be used together with BitLocker to provide protection once the operating system is running. This feature was introduced in version 3.0 of new technology file system (NTFS) [19].

3.4.3 Encryption BitLocker’s default encryption algorithm is AES-128. It is possible to reconfigure it to AES-256 for the extra protection. There are two mode of operations available. CBC is the original mode of operation which has been used since the first release. The XTS mode was introduced much later in Windows 10 [19]. There is a lack of information on how exactly does BitLocker generate encryption and recovery keys probably due to it’s closed source nature.

3.5 FileVault

FileVault is a closed source disk encryption software created by Apple. It provides very similar features to the Windows BitLocker but for the Max OS X. Firstly launched for Mac OS X version 10.3 in 2003 it provided encryption of a user’s home folder only [21]. New version, called FileVault 2 (FileVault), was introduced with the beginning of OS X 10.7 in 2011. It was completely redesigned to offer full disk encryption together with newer and stronger encryption standards. It provides on-the-fly volumes encryption which can be applied to either internal or removable storage devices.

3.5.1 Security FileVault is defaultly turned off on every Mac OS X. If the user choose to turn it on, Mac always requires to log in with the user defined

20 3. The Most Popular Encryption Software password. If the password is forgotten, OS X provides a few ways of recovery such as saving the recovery key to iCloud (Apple’s cloud service), using three security questions or creating a local recovery key (recommended to be stored on for example an USB drive) [22].

3.5.2 Encryption and Disk Images FileVault uses AES with 128 bit blocks and 256 bit encryption keys to perform the encryption. The mode of operation used is XTS. It is possible to create encrypted disk images using Disk Utility. Such images act as secure containers which can be mounted and then treated as a local volumes. These images can be stored on removable media, sent via mail message or stored on a remote server [23].

3.6 Dm-crypt, LUKS and Cryptsetup

Dm-crypt8 is a part of Linux kernel’s device mapper (hence the abbre- viation “dm”) since version 2.6. The device mapper is an infrastructure which can be used to create virtual layers of block devices. The dm- crypt provides transparent encryption of these block devices using the crypto application programming interface (API) built in kernel. It acts as a device mapper target which can be stacked on top of other transformations created by the device mapper. This implies that it can be used for encryption whole disks, partitions, volumes and files (including removable storage devices). The dm-crypt excels in securing a root filesystems. Such encrypted filesystem can contain sensitive information including usernames of accounts, installed programs and common known data leakages. More- over, it makes tampering with the system very difficult as everything except bootloader and potentially kernel is encrypted. Cryptsetup is a command line tool which is usually used for in- terfacing with dm-crypt. It was initially intended for creation, access and management of such encrypted devices. It has since expanded and now supports many different encryption types that are based on Linux kernel device-mapper and the crypto API. One of the main expansions was introducing the support for Linux Unified Key Setup

8. https://github.com/mbroz/cryptsetup

21 3. The Most Popular Encryption Software

(LUKS) extension which acts as additional layer that stores essential metadata on the disk and abstracts partition and key management to simplify usage for the user [24].

3.6.1 Security and Encryption Every encrypted device is protected by a key which can be based on either a passphrase or a keyfile. Default maximum size of passphrase is 512 characters and 8192 kilobytes for a keyfile. Two level key hierarchy is implemented. This means that a master key (used for encryption and decryption of the data situated on the volume) is stored in the volume header which is additionally encrypted by another user key. In this header information about salt, iteration counts, used cipher, mode of operation, key length, hash function and others are present (can be seen in the Figure 3.4). The problem of data remanence is solved by applying an anti-forensic splitter (AF-splitter) on the master key to inflate and split before storing it on the disk. Remanence is a physical residue of digital data that remains even after attempt to erase it. One of the reasons that makes this possible are the physical properties of a storage media. It can be compared to leaving some kind of “burn” marks[25].

Figure 3.3: LUKS partition layout [26]

Both keys are derived by PBKDF2 using salt and iteration count together with a hash function. When a passphrase is provided, a key is derived by reading salt and iteration count from the volume header. Then the split master key is read from the key material located in the active key slot. That is followed by decrypting the master using the previously derived key and merging these split parts together. When this is successful PBKDF2 with second iteration count is used for the computation of the master key digest. If this digest is equal to the one stored in the partition header, recovery is considered to be successful [26]. There are many options when choosing the encryption algorithm or hash function which depends on the kernel support. More options are

22 3. The Most Popular Encryption Software

Figure 3.4: LUKS partition header layout [27]

usually available by loading additional kernel crypto modules. There are hash algorithms such as SHA-1, SHA-256, SHA-512, RIPEMD- 160 or Whirlpool at disposal and regarding encryption algorithms there are options like AES, Serpent and Twofish. User can choose between two modes of operation, CBC and XTS. The default options that Cryptsetup uses are generally recommended and considered secure enough. Moreover, it was proven in the past that some of the previous default options have security issues and practical attacks exist. For the LUKS mode default cipher is AES key, XTS mode of operation, SHA-256 as hashing function with 2000 iterations. A 512 bit key is used for the XTS ciphers, however, the XTS splits the key in half. This results into using the AES-256 algorithm. On the other hand,

23 3. The Most Popular Encryption Software

Figure 3.5: LUKS key slot layout [27] for the plain dm-crypt mode default values used are AES with 256 bit key, CBC mode of operation with encrypted salt-sector initialization vector (ESSIV) and RIPEMD-160. ESSIV is a method for generating the IVs in block encryption. This method brings some additional security in comparison to the traditional IVs based on time stamp or sector number. It combines the sector number with the hash of the key. Hence making the IV unpredictable.

3.6.2 Plain Dm-crypt Mode An interesting option provided by cryptsetup is that it is possible to use plain dm-crypt without LUKS. In this mode, there is no master-key stored on the device. The encryption options used during the creation of encrypted volume are used directly to create the mapping between a disk and a device. User is prompted for a password which should be very strong (have a high entropy). The mapping of the volume is always temporary, thus it is necessary for the user to remember the cipher, hash and every other information that is needed to establish the mapping. This is the main downside of this mode because the user has to provide all of there parameters every time the access to the encrypted data is required. This kind of encryption provides plausible deniability as there is seemingly only random data stored on the partition. Thus can co- incidentally appear as an unencrypted partition and be accidentally written to (overwriting original encrypted data). Also the password

24 3. The Most Popular Encryption Software

change is not possible without re-encryption of the whole partition (encryption with LUKS allows this as it uses two level key hierarchy)[24].

4 Keyword Spotting Software

Keyword spotting systems allow detecting spoken pre-defined keywords in a continuous stream of audio. It is currently a highly demanded function in many kind of devices due to the ease of the use it provides for the interaction. Applications of keyword spotting include detecting commands, password verification or audio indexing. Itis also a common way to initiate conversation with voice assistants (for example "Ok Google", "Alexa", or "Hey Cortana") [28]. The base technology of a KWS system is very similar to the speech recognition but there are some significant differences in the ways of development such as model training and model topology [29]. The goals of KWS system are maximizing detection accuracy and low false alarm (FA) rate, while minimizing footprint, latency and complexity at the same time. All of these factors play critical role in user experience satisfaction. Generally speaking, a robust KWS system is a good system because it is able to perform in a wide range of situations and can overcome the main problems of the spoken language processing like background audio interference, distortion and many others. Due to it’s always-on nature, KWS systems should be constructed with regards to the low power consumption. A classic method of KWS systems are large vocabulary continuous speech recognition (LVCSR) based systems. These systems decode the input speech and then generate lattices which are searched to detect the pre-defined keyword presence. Detailed description can be findin [30]. It is a solution that provides large amount of flexibility for the user’s requirements [31]. However, such systems suffer from major drawbacks. Firstly, the vocabulary coverage of these systems is limited. Thus, the words which are not included in the dictionary of the system cannot be recognized in the lattices and are often denoted as Out- Of-Vocabulary(OOV) words. Possible enhancements are provided by using hybrid approaches that convert the speech into lattices of phones or sub-words that can deal with OOVs. Despite this, the overall keyword detection accuracy is lower [32]. Another problem is that this architecture is very complex. This implies that it is not suitable for real-time applications. LVCSR systems are usually designed to search a large databases of audio content. Building this type of the KWS

27 4. Keyword Spotting Software system can be very difficult and expensive as it requires hundreds of hours of transcription and reliable pronunciation dictionary [33]. Because of these disadvantages, this method is usually used for offline audio indexing and searching [34]. Another classic technique for the KWS systems is the keyword- filler approach using Hidden Markov Model1 (HMM) which is still competitive today despite being created over two decades ago. One HMM is created for each keyword. Moreover, filler (garbage) HMMs are created to represent all non-keywords such as background noises, silence or other words as depicted in the Figure 4.1. The idea behind this is to let the filler HMM absorb every OOV word. During runtime, Viterbi2 algorithm is used for determining the best path in the decoding graph. If this path passes through the keyword model, the keyword is spotted in the utterance[35]. Computational expense can be very high depending on the HMM topology. A KWS system based on HMM has usually very low false rejection rates. On the other side, filler model cannot represent every non-keyword. Thus, the FA rates are usually very high [31, 34]. In recent years neural networks (NN) became very popular in speech processing and began to substitute other methods with their superior performance. The HMM was replaced by a deep neural network (DNN) model which is much more accurate and less resource intensive but it fails to efficiently model the local temporal and spectral correlation in the speech. To eliminate these problems, multiple other types of NN are used. Amongst them is convolutional neural network (CNN) which eliminates these problems by treating the input time and spectral domain features as an image. Another popular architecture, recurrent neural network (RNN), shows superior performance in speech recognition because on top of the temporal relation between the input signal, long-term dependencies can be captured [36]. Here is an overview of some of the most popular open source KWS spotting systems which are available for download to anyone who is interested in trying one.

1. https://en.wikipedia.org/wiki/Hidden_Markov_model 2. https://en.wikipedia.org/wiki/Viterbi_algorithm

28 4. Keyword Spotting Software

Figure 4.1: HMM topology[35]

4.1 Mycroft Precise

Mycroft Precise3 is a lightweight wake word listener tool licensed under Apache License 2.0. It is based on RNN and the model is trained on sound samples. Moreover, it is written entirely in python language. The main disadvantage is that it has never been tested on Windows and Mac OS machines. Nevertheless, Raspberry Pi, Linux and Android systems are supported. The company that stands behind this KWS system is called Mycroft AI. Their intend is to provide a free open source assistant for everyone. Firstly,Mycroft assistant was created, which serves as a replacement for voice assistants such as Siri or Alexa. Later, wake word listener Mycroft

3. https://github.com/MycroftAI/mycroft-precise

29 4. Keyword Spotting Software

Precise, which purpose is to continuously listen for the keyword in the speech, was created to wake up this assistant in 2018. Before this, they were using a very popular alternative PocketSphinx. Mycroft Precise is a very simple and intuitive tool to use. It consists of multiple python scripts which can be run from the command line. A virtual environment can be created where multiple commands for interaction with the model and it’s creation are available. Including commands for collecting sound samples, training the model, starting the model and many others.

4.2 PocketSphinx

PocketSphinx4 is another very popular KWS system developed on Carnegie Mellon University licensed under BSD-style license. It is a large vocabulary, speaker-independent continuous speech recognition engine. It written completely in C programming language. In addition, it is a multi-platform library supporting Windows, Linux, Mac OS and Android. PocketSphinx uses HMM method for keyword spotting which brings some limitations. Despite this, it is still considered to be decent overall. PocketSphinx depends on another library, called SphinxBase, that has to be installed before using PocketSphinx. This library provides common functionality across all CMUSphinx projects (PocketSphinx is only a part of a very complex project including voice assistant, text- to-speech tool and others).

4. https://github.com/cmusphinx/pocketsphinx

30 5 Implementation

The task was to implement a KWS system into disk encryption software VeraCrypt. If configured, this KWS system would then continuously listen and search the input speech for the user pre-defined keyword. If such keyword is spotted in the audio stream processed by the KWS system, all of the mounted volumes are instantly dismounted.

5.1 Keyword Spotting System

The first thing to do was to choose or create the right KWS system.I went for the first option and decided to some research on the existing free open source KWS systems. I believe that these systems are on a very high level and I could have never created anything qualitatively close to these. In addition, I do not see a point in creating another KWS system when there are working, efficient, accurate and easy to use projects which are being continuously developed and managed by a team of people. I was mainly deciding between the Mycroft Precise and Pocket- Sphinx as at that time I could not find any other free open source KWS systems with customizable keyword. After comparison of the two the final decision was to go with the Mycroft Precise. The main reasons are that it is based on RNN, thus it offers higher accuracy, produces lower CPU and memory load and overall it is a very simple system which can be interacted via python scripts.

5.2 Preparation

The second step was to prepare the python scripts and VeraCrypt application for the integration. Firstly, a graphical user interface (GUI) had to be appropriately modified. The Veracrypt application is written using a free open source cross-platform wxWidgets C++ library. This library provides simple, yet efficient solution for designing applications for Windows, Mac, Linux and other platforms. Initially launched over 20 years ago, it has a very large and active community and sup-

31 5. Implementation ports multiple languages including Python, Perl, Ruby, C++ and a few others [37]. For the editing the GUI I used a wxFormBuilder which is a GUI designer tool for wxWidgets. It makes designing new windows fairly simple and is able to generate the code. First of all, an item named “Voice Dismount” was added into the Tools option which is situated in main window toolbar. After that I created a new window which opens as soon as the “Voice Dismount” option is selected. This window contains everything that is needed for the interaction with the KWS system. User can find buttons for recording samples, training the model, starting listener, converting the model and resetting everything (including the model and deleting all collected sound samples).

Figure 5.1: Main Window

On the other side, scripts had to be modified too. The largest mod- ifications were needed for the sound samples collecting and listener scripts. They were edited so they could receive the commands and send messages from/to the VeraCrypt application and stripped of

32 5. Implementation

unnecessary components. Basically, the main idea was to create a communication protocol between the C++ and python part.

5.3 Integration

The most important part for integration was a C++ Boost library. This library is a key component and made the work easier overall. Boost is a set of C++ libraries which are highly regarded among develop- ers. It was initially released in 1999 and since became considered as a standard [38]. Entire backend in VeraCrypt part depends on the Boost Process library. It is used for spawning child processes and the communication with them. All input, output streams, which serve as the communication link between VeraCrypt and Mycroft Precise, are created as opstreams and ipstreams, respectively. There are seven buttons and one checkbox in the Voice Dismount window which are all mapped to different functions. The layout of this window canbe seen in the Figure 5.2. Child processes are created when using the KWS system extension. These processes have redirected standard input and output for the communication purposes. Basics strings are used for the communication and the streams are always flushed after writing to them. The first process is created as soon as the main application starts and it’s existence depends on the main window. This process spawns the listener and then waits until a command is received. This is done either by pressing the Start Safe mode or Start listening button (strings are sent via the streams). When the listener is running and the keyword is spotted a notification is sent to the main program where a handler is waiting in a different thread. This handler then sends a command to dismount all mounted volumes. Another process depends on the Voice Dismount window. This process is created together when the window is opened and termi- nated when closed. This process function as a recorder. When the Record Wake Word or Record Non-Wake Word buttons are pressed, the recording is started and the label of the button is changed. The following press of the button stops the recording and saves it to appropriate directory.

33 5. Implementation

The Train Model button executes a python script which trains the model and the Convert button converts a keras model to tensorflow for reduction of the runtime dependencies. If such model is available, it is automatically used by the listener. By clicking on the Purge all files button, another confirmation windows is opened. This button is used for deleting all recordings and resetting the model (kind of a factory reset). If the Show visual interpretation checkbox is checked and the listener started, a visual representation of the models confidence is shown in the terminal.

5.4 Dependencies

It is, firstly, necessary to install some dependencies for the correct functioning of the program. Boost library is required for the compilation. For the KWS there are multiple python pip modules needed:

∙ fitipy ∙ keras ∙ tensorflow ∙ pyaudio ∙ pyache ∙ sonopy ∙ wavio

Lastly, a working microphone have to be present through which the audio is input.

5.5 Limitations and Future Work

Due to the Mycroft Precise being officially supported only on Linux distributions (not taking mobile devices into account), the software will not work on other systems. Additionally, there are some lines of code in the implementation that are not compatible with other systems.

34 5. Implementation

Figure 5.2: Dismount Window

Figure 5.3: Reset Window

35 5. Implementation

Another limitation affects the recording samples. For them tobe accepted by the program, they have to be in the correct format. These recordings has to be WAV files in little-endian, 16 bit, mono, 16000hz PCM format. This implementation should only be considered as a working example. It is only meant to show that it is possible to efficiently use a KWS system in the VeraCrypt. It is in a very early stage of implementation and is not recommended to be used commercially. More functionality, optimization and a thorough documentation is needed for this to become relevant as it is missing some crucial functions. JSON1 type strings could be implemented for the communication protocol. Also, in my opinion, a very important function for enabling the listener start as soon as the program starts is missing.

5.6 Testing and Recommendations

The testing of this system is a very diligent task. The application works as expected and after manual testing no major flaws or bugs has been detected. On the other hand, the KWS system testing is very complex due to the large number of factors that has to be accounted for. Many variables can impact the accuracy of the keyword detection such as the length of the chosen keyword, speaker distance from the microphone, the background noise, microphone settings, different speakers and a lot more. Thus, it is a very hard task to produce concrete numbers. Firstly, it is recommended to record at least 8 samples of the keyword. The accuracy of the spotting system starts to decrease a lot if less recordings are provided. This keyword should be a longer word which is not used frequently or at all to prevent unwanted activation. It is highly inadvisable to use one syllable words such as “hello”, “cat” or “sea” as this could result into many FAs. The best option is to choose a foreign or made up word which has at least two syllables, preferably three or more. For the non-keyword recordings it is recommended to use random everyday noises (also similar words to the keyword can be used). Then when the model is trained on these initial recordings, the best things to do is let it run in a safe mode together with the film or music running in the background.

1. https://www.json.org/json-en.html 36 5. Implementation

The testing was done using 10 keyword and 10 non-keyword samples. The initial non-keyword recordings were mostly random sounds such as quietness, creaking and similar words to the keyword. After the first training the model was run in the safe mode together with a film (in foreign language so the keyword is not said) in theback- ground. After an hour of listening, the model was re-trained with the collected FA recordings. Then the model was started in a normal mode. A film was constantly running during the listening. This phase lasted another hour and provided some decent results. The model did not produce any false activation throughout this stage. The keyword detection highly depended on the distance from the microphone. If close (approximately around 50 centimeters) the keyword detection was 100% and decreased with the higher distance. If the speakers providing background noise were closer to the microphone the true activation decreased to approximately to 60%.

Conclusion

The aim of this thesis was to present the possible software solutions for the storage encryption. Main features and functionality were described in multiple sections. The work was focused entirely on free open source software. Moreover, main types of storage encryption technologies were analyzed. In the next part a brief overview of the open source KWS systems was included together with the most popular KWS system architectures. The main goal of the implementation part was to integrate a KWS system into a popular encryption software VeraCrypt. This system then listens for the pre-defined keyword and if detected all mounted volumes are unmounted. A KWS tool Mycroft Precise, based on a RNN, was successfully integrated and the resulting solution tested. The VeraCrypt GUI was correspondingly edited to enable the interaction with this system. This expansion includes setup stage where the model can be configured, calibrated and trained by using recording samples. The testing showed that, if properly configured, the accuracy is very decent and false activation occurrences are minimal. Furthermore, the setup is very simple and intuitive. This work should be only considered as a working prototype. Fu- ture work is needed for it to become relevant. One of the possible improvements could be implementation of the automatic start of the listener on the main application start which would be a great and very useful feature. The usage of the KWS system can be potentially easily expanded by implementing multiple models with different keywords each providing special functionality. Furthermore, more configurable parameters could be added for the model calibration such as sensitivity setting or number of chunks needed for the activation.

Bibliography

1. ALOMARI, M. A.; SAMSUDIN, K.; RAMLI, A. R. A Study on En- cryption Algorithms and Modes for Disk Encryption. In: 2009 In- ternational Conference on Signal Processing Systems. 2009, pp. 793– 797. Available from DOI: 10.1109/ICSPS.2009.118. 2. What is Encryption Software? - Definition from Techopedia [online]. 2016 [visited on 2019-10-26]. Available from: https : / / www . techopedia.com/definition/29702/encryption-software. 3. KRAWCZYK, Hugo. Cryptographic Extraction and Key Derivation: The HKDF Scheme [Cryptology ePrint Archive, Report 2010/264]. 2010. https://eprint.iacr.org/2010/264. 4. PBKDF2 [online] [visited on 2019-12-05]. Available from: https: //en.wikipedia.org/wiki/PBKDF2. 5. AGRAWAL, Monika; MISHRA, Pradeep. A comparative survey on symmetric key encryption techniques. International Journal on Computer Science and Engineering. 2012, vol. 4, no. 5, pp. 877. 6. Encryption [online] [visited on 2019-10-27]. Available from: https: //searchsecurity.techtarget.com/definition/encryption. 7. Block cipher mode of operation. 2019. Available also from: https:// en.wikipedia.org/wiki/Block_cipher_mode_of_operation. 8. Disk encryption theory. 2019. Available also from: https://en. wikipedia.org/wiki/Disk_encryption_theory. 9. Disk encryption [online]. 2019 [visited on 2019-10-26]. Available from: https://wiki.archlinux.org/index.php/Disk_encryption. 10. COX, Kerry; GERG, Christopher. Managing security with Snort and IDS tools. Beijing Cambridge: O’Reilly, 2004. ISBN 978-0596006617. 11. NISHA, Shireen; FARIK, Mohammed. RSA Public Key Cryptog- raphy Algorithm – A Review. International Journal of Scientific & Technology Research. 2017, vol. 6, pp. 187–191. 12. SCARFONE, Karen; SOUPPAYA, Murugiah; SEXTON, Matt. NIST Special Publication 800-111: Guide to Storage Encryption Technolo- gies for End User Devices. 2007. Technical report.

41 BIBLIOGRAPHY

13. What is Volume Encryption [online] [visited on 2019-10-28]. Avail- able from: https://www.jetico.com/file-downloads/web_ help/bcve4/. 14. Veracrypt Documentation. 2019. Available also from: https://www. veracrypt.fr/en/Documentation.html. 15. TrueCrypt. Available also from: http://truecrypt.sourceforge. net/. 16. 7-Zip. 2019. Available also from: https://www.7-zip.org/. 17. 7-Zip Documentation. 2019. Available also from: https://documentation. help/7-Zip/. 18. HUŠEK, Jozef. The use of cryptography in 7-zip. 2019. Available also from: https://dspace.cvut.cz/bitstream/handle/10467/ 83024 / F8 - BP - 2019 - Husek - Josef - thesis . pdf. Bachelor’s Thesis. 19. BitLocker [online]. 2019 [visited on 2019-11-11]. Available from: https://en.wikipedia.org/wiki/BitLocker. 20. BitLocker Documentation. 2019. Available also from: https : / / docs.microsoft.com/en-us/windows/security/information- protection/bitlocker/bitlocker-overview. 21. FileVault Wikipedia [online]. 2019 [visited on 2019-11-13]. Avail- able from: https://en.wikipedia.org/wiki/FileVault. 22. FileVault Encryption [online]. 2018 [visited on 2019-11-13]. Avail- able from: https://support.apple.com/en-us/HT204837. 23. macOS Security [online]. 2018 [visited on 2019-11-13]. Available from: https://www.apple.com/business/docs/resources/ macOS_Security_Overview.pdf. 24. dm-crypt [online]. 2019 [visited on 2019-11-14]. Available from: https://wiki.archlinux.org/index.php/Dm-crypt. 25. Data remanence [online]. 2019 [visited on 2019-12-07]. Available from: https://en.wikipedia.org/wiki/Data_remanence. 26. BOSSI, Simone; VISCONTI, Andrea. What users should know about Full Disk Encryption based on LUKS. In: 2015. Available from DOI: 10.1007/978-3-319-26823-1_16.

42 BIBLIOGRAPHY

27. CLEMENS, Fruhwirth. LUKS1 On-Disk Format Specification Version 1.2.3. 2018, pp. 15. Available also from: https://gitlab. com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk- format.pdf. 28. MICHAELY, Assaf; PARADA, Carolina; ZHANG, Frank; SIMKO, Gabor; ALEKSIC, Petar. Keyword Spotting for Google Assistant Using Contextual Speech Recognition. In: ASRU 2017. 2017. 29. WEINTRAUB, Mitchel. Improved keyword-spotting using SRI’s DECIPHER#8482; large-vocabuarly speech-recognition system. 1993. Available from DOI: 10.3115/1075671.1075696. 30. Keyword Search in Kaldi [online] [visited on 2019-12-08]. Avail- able from: https://kaldi-asr.org/doc/kws.html. 31. SHAN, Changhao; ZHANG, Junbo; WANG, Yujun; XIE, Lei. Attention-based End-to-End Models for Small-Footprint Key- word Spotting. CoRR. 2018, vol. abs/1803.10916. Available from arXiv: 1803.10916. 32. SHEN, Kaixiang; CAI, Meng; ZHANG, Wei-Qiang; TIAN, Yao; LIU, Jia. Investigation of DNN-Based Keyword Spotting in Low Resource Environments. International Journal of Future Computer and Communication. 2016, vol. 5, pp. 125–129. Available from DOI: 10.18178/ijfcc.2016.5.2.458. 33. MOTLICEK, P.; VALENTE, F.; SZOKE, I. Improving acoustic based keyword spotting using LVCSR lattices. In: 2012 IEEE In- ternational Conference on Acoustics, Speech and Signal Processing (ICASSP). 2012, pp. 4413–4416. ISSN 1520-6149. Available from DOI: 10.1109/ICASSP.2012.6288898. 34. CHEN, Q.; ZHANG, W.; XU, X.; XING, X. Improved keyword spotting based on keyword/garbage models. In: 2016 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA). 2016, pp. 1–4. ISSN null. Available from DOI: 10.1109/APSIPA.2016.7820743. 35. KESHET, Joseph; GRANGIER, David; BENGIO, Samy. Discrimi- native Keyword Spotting. Speech Communication. 2009, pp. 317– 329.

43 BIBLIOGRAPHY

36. ZHANG, Yundong; SUDA, Naveen; LAI, Liangzhen; CHANDRA, Vikas. Hello Edge: Keyword Spotting on Microcontrollers. 2017. 37. wxWidgets [online] [visited on 2019-11-28]. Available from: https: //www.wxwidgets.org/. 38. Boost [online] [visited on 2019-11-30]. Available from: https: //www.boost.org/.

44 A Usage Manual

This manual describes a recommended configuration procedure and usage of the Voice Dismount extension in the VeraCrypt application.

1. The first step is to record a few recordings of the wake word. There should be at least 8 recordings of the word, the best way is to make recordings with different voice loudness, pitch or direc- tions facing the microphone. The recording is done by pressing the Record Wake Word button. After this button is pressed it starts recording. It is a good practice to wait one second after pressing and before saying the word or phrase. The button label changes to Press to stop during the recording time. After pressing the same button again it terminates the recording and saves it to the folder.

2. The second part is to record several recordings of random sounds. It works exactly same as the recording of the wake word but instead of the Record Wake Word button, the Record Non-Wake Word button is used. During this part random sounds such as quietness, white noise, non-wake words, everyday noises should be recorded. It is obligatory not to say the chosen keyword during this.

3. After recording the keywords and non-keywords, the model should be initially trained. This is done via the Train Model button. The time spent training the model depends on the number of recordings. Normally, it should take several seconds to complete but when there are too many recordings it can even climb up to several minutes.

4. Now, when the model is trained, it can be started by clicking on the Start listening button (the listener stays on even after closing the configuration window). However, there would be too many false activation. They can be easily reduced by starting the model in the safe mode which is possible via the Start safe mode button. During this mode it is crucial not to say the chosen keyword. The model is listening and on the activation the

45 A. Usage Manual

recording is automatically saved to the non-wake word folder. It is recommended to let the model listen as long as possible for it to capture the false activation sounds. After this the model has to be retrained. It can be done any number of times until the required accuracy is achieved.

5. When the training phase is finished, Convert button should be pressed for converting the model to the TensorFlow for reducing the runtime dependencies. This converts the model but at the same time keeps the old one if additional training is needed. The system automatically uses the converted model if found.

6. The last button Purge all files is for completely deleting all recordings and resetting the model. This should be used with great care because it is irreversible. It basically returns everything to default.

7. There is an additional functionality which allows user to show visual interpretation in a terminal. When the box is checked and listener is started it shows graphical interpretation of the models confidence. The lines consist of characters “X” and “-”. Number of X in the line represents confidence of the model that the keyword has been said.

46 B The source code

As a digital appendix a source code of the implementation is provided. The ZIP file contains the edited VeraCrypt application source code with integrated Mycroft Precise tool. The source code can be also found online in a github repository https://github.com/jarkovic/ veracrypt-voice. Separate VeraCrypt and Mycroft Precise source codes can be found in the repositories https://github.com/veracrypt/ VeraCrypt and https://github.com/MycroftAI/mycroft-precise, respectively.