More Like this

1. Artifice: Data in Disguise

   Barker, Austen ; Gupta, Yash ; Au, Sabrina ; Chou, Eugene ; Miller, Ethan ; Long, Darrell ( October 2020 , Proceedings of the Conference on Massive Storage Systems and Technologies (MSST ‘20))

   null (Ed.)

   With the widespread adoption of disk encryption technologies, it has become common for adversaries to employ coercive tactics to force users to surrender encryption keys and similar credentials. For some users, this creates a need for hidden volumes that provide plausible deniability or the ability to deny the existence of sensitive information. Plausible deniability directly impacts groups such as democracy advocates relaying information in repressive regimes, journalists covering human rights stories in a war zone, or NGO workers hiding food shipment schedules from violent militias. All of these users would benefit from a plausibly deniable data storage system. Previous deniable storage solutions only offer pieces of an implementable solution. We introduce Artifice, the first tunable, operationally secure, self-repairing, and fully deniable storage system. With Artifice, hidden data blocks are split with Shamir Secret Sharing to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudo-random blocks on the disk. The blocks are then stored in unallocated space and possess a self-repairing capability and rely on combinatorial security. Unlike preceding systems, Artifice addresses problems regarding flash storage devices and multiple snapshot attacks through comparatively simple block allocation schemes and operational security. To hide the user’s ability to run a deniable system and prevent information leakage, Artifice stores its driver software separately from the hidden data. 

   more » « less
2. Artifice: A Deniable Steganographic File System

   Baker, Austen ; Sample, Staunton ; Gupta, Yash ; McTaggart, Anastasia ; Miller, Ethan ; Long, Darrell ( August 2019 , Proceedings of Ninth Usenix Workshop on Free and Open Communications on the Internet, (FOCI 2019))

   The challenge of deniability for sensitive data can be a life or death issue depending on location. Plausible deniability directly impacts groups such as democracy advocates relaying information in repressive regimes, journalists covering human rights stories in a war zone, and NGO workers hiding food shipment schedules from violent militias. All of whom would benefit from a plausibly deniable storage system. Previous de- niable storage solutions only offer pieces of an implementable solution. Artifice is the first tunable, operationally secure, self repairing, and fully deniable steganographic file system. Artifice operates through the use of a virtual block device driver stored separately from the hidden data. It uses external entropy sources and error-correcting codes to deniably and reliably store data within the unallocated space of an existing file system. A set of data blocks to be hidden are combined with entropy blocks through error-correcting codes to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudorandom blocks on the disk. A subset of these blocks may then be used to reconstruct the data. Artifice presents a truly deniable storage solution through its use of external entropy and error-correcting codes while providing better reliability than other deniable storage systems. 

   more » « less
3. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices

   https://doi.org/10.1109/DSN.2018.00054  

   Chang, Bing ; Zhang, Fengwei ; Chen, Bo ; Li, Yingjiu ; Zhu, Wen-Tao ; Tian, Yangguang ; Wang, Zhan ; Ching, Albert ( June 2018 , 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN))

   We introduce MobiCeal, the first practical Plausibly Deniable Encryption (PDE) system for mobile devices that can defend against strong coercive multi-snapshot adversaries, who may examine the storage medium of a user’s mobile device at different points of time and force the user to decrypt data. MobiCeal relies on “dummy write” to obfuscate the differences between multiple snapshots of storage medium due to data encryption. By combining a tweaked thin provisioning with block- level encryption, MobiCeal supports a broad deployment of any block-based file systems on mobile devices. More importantly, MobiCeal is secure against side channel attacks which pose a serious threat to existing PDE schemes. A new fast switching mechanism is also introduced in MobiCeal to help users switch from the public mode to the hidden mode within 10 seconds. It is shown that the performance of MobiCeal is significantly better than prior PDE systems against multi-snapshot adversaries. 

   more » « less
4. A Multiple Snapshot Attack on Deniable Storage Systems

   https://doi.org/10.1109/MASCOTS53633.2021.9614296  

   Fredrickson, Kyle ; Barker, Austen ; Long, Darrell D. ( November 2021 , MASCOTS 2021)

   Abstract—While disk encryption is suitable for use in most situations where confidentiality of disks is required, stronger guarantees are required in situations where adversaries may employ coercive tactics to gain access to cryptographic keys. Deniable volumes are one such solution in which the security goal is to prevent an adversary from discovering that there is an encrypted volume. Multiple snapshot attacks, where an adversary is able to gain access to two or more images of a disk, have often been proposed in the deniable storage system literature; however, there have been no concrete attacks proposed or carried out. We present the first multiple snapshot attack, and we find that it is applicable to most, if not all, implemented deniable storage systems. Our attack leverages the pattern of consecutive block changes an adversary would have access to with two snapshots, and demonstrate that with high probability it detects moderately sized and large hidden volumes, while maintaining a low false positive rate. 

   more » « less
5. The Block-Based Mobile PDE Systems are Not Secure - Experimental Attacks

   Chen, Niusen ; Chen, Bo ; Shi, Weisong ( October 2022 , 2022 EAI International Conference on Applied Cryptography in Computer and Communications (EAI AC3 2022))

   Lin, Jingqiang ; Tang, Qiang (Ed.)

   Nowadays, mobile devices have been used broadly to store and process sensitive data. To ensure confidentiality of the sensitive data, Full Disk Encryption (FDE) is often integrated in mainstream mobile operating systems like Android and iOS. FDE however cannot defend against coercive attacks in which the adversary can force the device owner to disclose the decryption key. To combat the coercive attacks, Plausibly Deniable Encryption (PDE) is leveraged to plausibly deny the very existence of sensitive data. However, most of the existing PDE systems for mobile devices are deployed at the block layer and suffer from deniability compromises. Having observed that none of existing works in the literature have experimentally demonstrated the aforementioned compromises, our work bridges this gap by experimentally confirming the deniability compromises of the block-layer mobile PDE systems. We have built a mobile device testbed, which consists of a host computing device and a flash storage device. Additionally, we have deployed both the hidden volume-based PDE and the steganographic file system-based PDE at the block layer of our testbed and performed disk forensics to assess potential compromises on the raw NAND flash. Our experimental results confirm it is indeed possible for the adversary to compromise the block-layer PDE systems when the adversary can have access to the raw NAND flash in real world. We also discuss practical issues when performing such attacks in practice. 

   more » « less