An official website of the United States government
Aim: With the widespread adoption of disk encryption technologies, it has become common for adversaries to employ coercive tactics to force users to surrender encryption keys. For some users, this creates a need for hidden volumes that provide plausible deniability, the ability to deny the existence of sensitive information. Previous deniable storage solutions only offer pieces of an implementable solution that do not take into account more advanced adversaries, such as intelligence agencies, and operational concerns. Specifically, they do not address an adversary that is familiar with the design characteristics of any deniable system. Methods: We evaluated existing threat models and deniable storage system designs to produce a new, stronger threat model and identified design characteristics necessary in a plausibly deniable storage system. To better explore the implications of this stronger adversary, we developed Artifice, the first tunable, operationally secure, self repairing, and fully deniable storage system. Results: With Artifice, hidden data blocks are split with an information dispersal algorithm such as Shamir Secret Sharing to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudorandom blocks on the disk. The blocks are then stored in unallocated space of an existing file system. The erasure correcting capabilities of an information dispersal algorithm allow Artifice to self repair damage caused by writes to the public file system. Unlike preceding systems, Artifice addresses problems regarding flash storage devices and multiple snapshot attacks through simple block allocation schemes and operational security measures. To hide the user’s ability to run a deniable system and prevent information leakage, a user accesses Artifice through a separate OS stored on an external Linux live disk. Conclusion: In this paper, we present a stronger adversary model and show that our proposed design addresses the primary weaknesses of existing approaches to deniable storage under this stronger assumed adversary.
more »
« less
A Multiple Snapshot Attack on Deniable Storage Systems
Abstract—While disk encryption is suitable for use in most situations where confidentiality of disks is required, stronger guarantees are required in situations where adversaries may employ coercive tactics to gain access to cryptographic keys. Deniable volumes are one such solution in which the security goal is to prevent an adversary from discovering that there is an encrypted volume. Multiple snapshot attacks, where an adversary is able to gain access to two or more images of a disk, have often been proposed in the deniable storage system literature; however, there have been no concrete attacks proposed or carried out. We present the first multiple snapshot attack, and we find that it is applicable to most, if not all, implemented deniable storage systems. Our attack leverages the pattern of consecutive block changes an adversary would have access to with two snapshots, and demonstrate that with high probability it detects moderately sized and large hidden volumes, while maintaining a low false positive rate.
more »
« less
- Award ID(s):
- 1814347
- PAR ID:
- 10353116
- Date Published:
- Journal Name:
- MASCOTS 2021
- Page Range / eLocation ID:
- 1 to 8
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
A plausibly deniable storage (PDS) system not only conceals the plaintext of sensitive data, but also hides their very existence. It can essentially mitigate a novel coercive attack, in which the adversary captures both a victim and his/her device, and coerces the victim to disclose the sensitive data. A rich number of PDS systems have been designed in the literature. However, all of them are specifically designed for a certain type of storage hardware. In this work, we have designed HiPDS , the first storage Hardware-independent Plausibly Deniable Storage system. HiPDS can defend against a multi-snapshot adversary which can have access to both the external storage and the internal memory at multiple checkpoints over time. By leveraging our adapted chameleon hash, we encode the sensitive data into the non-sensitive cover data in a fine-grained manner, so that both the existence and the access of the sensitive data on the external storage device can be plausibly denied. In addition, to prevent the sensitive data from being compromised in the memory, the encoding/decoding process is run in a secure memory region isolated by the trusted execution environment. A salient feature of HiPDS is that it can ensure deniability on any types of storage media, which is essentially important for users who may change the external storage devices over time. Security analysis and experimental evaluation confirm that HiPDS can ensure deniability against the multi-snapshot adversary at the cost of an acceptable overhead.more » « less
-
null (Ed.)With the widespread adoption of disk encryption technologies, it has become common for adversaries to employ coercive tactics to force users to surrender encryption keys and similar credentials. For some users, this creates a need for hidden volumes that provide plausible deniability or the ability to deny the existence of sensitive information. Plausible deniability directly impacts groups such as democracy advocates relaying information in repressive regimes, journalists covering human rights stories in a war zone, or NGO workers hiding food shipment schedules from violent militias. All of these users would benefit from a plausibly deniable data storage system. Previous deniable storage solutions only offer pieces of an implementable solution. We introduce Artifice, the first tunable, operationally secure, self-repairing, and fully deniable storage system. With Artifice, hidden data blocks are split with Shamir Secret Sharing to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudo-random blocks on the disk. The blocks are then stored in unallocated space and possess a self-repairing capability and rely on combinatorial security. Unlike preceding systems, Artifice addresses problems regarding flash storage devices and multiple snapshot attacks through comparatively simple block allocation schemes and operational security. To hide the user’s ability to run a deniable system and prevent information leakage, Artifice stores its driver software separately from the hidden data.more » « less
-
Lin, Jingqiang; Tang, Qiang (Ed.)Nowadays, mobile devices have been used broadly to store and process sensitive data. To ensure confidentiality of the sensitive data, Full Disk Encryption (FDE) is often integrated in mainstream mobile operating systems like Android and iOS. FDE however cannot defend against coercive attacks in which the adversary can force the device owner to disclose the decryption key. To combat the coercive attacks, Plausibly Deniable Encryption (PDE) is leveraged to plausibly deny the very existence of sensitive data. However, most of the existing PDE systems for mobile devices are deployed at the block layer and suffer from deniability compromises. Having observed that none of existing works in the literature have experimentally demonstrated the aforementioned compromises, our work bridges this gap by experimentally confirming the deniability compromises of the block-layer mobile PDE systems. We have built a mobile device testbed, which consists of a host computing device and a flash storage device. Additionally, we have deployed both the hidden volume-based PDE and the steganographic file system-based PDE at the block layer of our testbed and performed disk forensics to assess potential compromises on the raw NAND flash. Our experimental results confirm it is indeed possible for the adversary to compromise the block-layer PDE systems when the adversary can have access to the raw NAND flash in real world. We also discuss practical issues when performing such attacks in practice.more » « less
-
Modern mobile devices are increasingly used to store and process sensitive data. In order to prevent the sensitive data from being leaked, one of the best ways of protecting them and their owner is to hide the data with plausible deniability. Plausibly Deniable Encryption (PDE) has been designed for such purpose. The existing PDE systems for mobile devices however, have suffered from significant drawbacks as they either ignore the deniability compromises present in the special underlying storage media of mobile devices or are vulnerable to various new attacks such as side-channel attacks. In this work, we propose a new PDE system design for mobile devices which takes advantage of the hardware features equipped in the mainstream mobile devices. Our preliminary design has two major component: First, we strictly isolate the hidden and the public data in the flash layer, so that a multi-snapshot adversary is not able to identify the existence of the hidden sensitive data when having access to the low layer storage medium of the device. Second, we incorporate software and operating system level deniability into ARM TrustZone. With this TrustZone-enhanced isolation, our PDE system is immune to side-channel attacks at the operating system layer.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/MASCOTS53633.2021.9614296
