PD-DM: An efficient locality-preserving block device mapper with plausible deniability

Abstract Encryption protects sensitive data from unauthorized access, yet is not sufficient when users are forced to surrender keys under duress. In contrast, plausible deniability enables users to not only encrypt data but also deny its existence when challenged. Most existing plausible deniability work (e.g. the successful and unfortunately now-defunct TrueCrypt) tackles “single snapshot” adversaries, and cannot handle the more realistic scenario of adversaries gaining access to a device at multiple time points. Such “multi-snapshot” adversaries can simply observe modifications between snapshots and detect the existence of hidden data. Existing ideas handling “multi-snapshot” scenarios feature prohibitive overheads when deployed on practically-sized disks. This is mostly due to a lack of data locality inherent in certain standard access-randomization mechanisms, one of the building blocks used to ensure plausible deniability. In this work, we show that such randomization is not necessary for strong plausible deniability. Instead, it can be replaced by a canonical form that permits most of writes to be done sequentially. This has two key advantages: 1) it reduces the impact of seek due to random accesses; 2) it reduces the overall number of physical blocks that need to be written for each logical write. As a result, PD-DM increases I/O throughput by orders of magnitude (10–100× in typical setups) over existing work while maintaining strong plausible deniability against multi-snapshot adversaries. Notably, PD-DM is the first plausible-deniable system getting within reach of the performance of standard encrypted volumes (dm-crypt) for random I/O.

[1]  Peter Desnoyers,et al.  Analytic Models of SSD Write Performance , 2014, TOS.

[2]  Radu Sion,et al.  DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries , 2017, Proc. Priv. Enhancing Technol..

[3]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[4]  Fred Douglis,et al.  Log-structured file systems , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.

[5]  Guevara Noubir,et al.  Toward Robust Hidden Volumes Using Write-Only Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[6]  Timothy Peters,et al.  DEFY: A Deniable, Encrypted File System for Log-Structured Storage , 2015, NDSS.

[7]  Kian-Lee Tan,et al.  Hiding data accesses in steganographic file system , 2004, Proceedings. 20th International Conference on Data Engineering.

[8]  Mohammad Mannan,et al.  On Implementing Deniable Storage Encryption for Mobile Devices , 2013, NDSS.

[9]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[10]  Kian-Lee Tan,et al.  StegFS: a steganographic file system , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[11]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.

[12]  Gaston H. Gonnet,et al.  On the LambertW function , 1996, Adv. Comput. Math..

[13]  Adi Shamir,et al.  The Steganographic File System , 1998, Information Hiding.

[14]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[15]  Debin Gao,et al.  A multi-user steganographic file system on untrusted shared storage , 2010, ACSAC '10.

[16]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[17]  Marina Blanton,et al.  Deniable cloud storage: sharing files via public-key deniability , 2010, WPES '10.