Rethinking the adversary and operational characteristics of deniable storage

Aim: With the widespread adoption of disk encryption technologies, it has become common for adversaries to employ coercive tactics to force users to surrender encryption keys. For some users, this creates a need for hidden volumes that provide plausible deniability, the ability to deny the existence of sensitive information. Previous deniable storage solutions only offer pieces of an implementable solution that do not take into account more advanced adversaries, such as intelligence agencies, and operational concerns. Specifically, they do not address an adversary that is familiar with the design characteristics of any deniable system. Methods: We evaluated existing threat models and deniable storage system designs to produce a new, stronger threat model and identified design characteristics necessary in a plausibly deniable storage system. To better explore the implications of this stronger adversary, we developedArtifice, the first tunable, operationally secure, self repairing, and fully deniable storage system. Results: With Artifice, hidden data blocks are split with an information dispersal algorithm such as Shamir Secret Sharing to produce a set of obfuscated carrier blocks that are indistinguishable from other pseudorandom blocks on the disk. The blocks are then stored in unallocated space of an existing file system. The erasure correcting capabilities of an information dispersal algorithm allow Artifice to self repair damage caused by writes to the public file system. Unlike preceding systems, Artifice addresses problems regarding flash storage devices andmultiple snapshot attacks through simple block allocation schemes andoperational securitymeasures. To hide the user’s ability to run a deniable system and prevent information leakage, a user accesses Artifice through a separate OS stored on an external Linux ©The Author(s) 2020. Open Access This article is licensed under a Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, shar­ ing, adaptation, distribution and reproduction in any medium or format, for any purpose, even commercially, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. https://oaepublish.com/index.php/jsss Page 2 of 24 Barker et al. J Surveill Secur Saf 2021;2:42­65 I http://dx.doi.org/10.20517/jsss.2020.22

[1]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[2]  Radu Sion,et al.  DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries , 2017, Proc. Priv. Enhancing Technol..

[3]  Guevara Noubir,et al.  Toward Robust Hidden Volumes Using Write-Only Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[4]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[5]  F. Moore,et al.  Polynomial Codes Over Certain Finite Fields , 2017 .

[6]  Bo Chen,et al.  MobiPluto: File System Friendly Deniable Storage for Mobile Devices , 2015, ACSAC 2015.

[7]  Radu Sion,et al.  PD-DM: An efficient locality-preserving block device mapper with plausible deniability , 2019, Proc. Priv. Enhancing Technol..

[8]  Adi Shamir,et al.  The Steganographic File System , 1998, Information Hiding.

[9]  Jim Gray,et al.  Empirical Measurements of Disk Failure Rates and Error Rates , 2007, ArXiv.

[10]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[11]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[12]  Carmela Troncoso,et al.  Traffic Analysis Attacks on a Continuously-Observable Steganographic File System , 2007, Information Hiding.

[13]  Timothy Peters,et al.  DEFY: A Deniable, Encrypted File System for Log-Structured Storage , 2015, NDSS.

[14]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[15]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[16]  Radu Sion,et al.  INFUSE: Invisible plausibly-deniable file system for NAND flash , 2020, Proc. Priv. Enhancing Technol..

[17]  Jehoshua Bruck,et al.  Stash in a Flash , 2018, FAST.

[18]  Ethan L. Miller,et al.  Screaming fast Galois field arithmetic using intel SIMD instructions , 2013, FAST.

[19]  Mohammad Mannan,et al.  On Implementing Deniable Storage Encryption for Mobile Devices , 2013, NDSS.

[20]  Timothy Roscoe,et al.  Mnemosyne: Peer-to-Peer Steganographic Storage , 2002, IPTPS.

[21]  Matias Bjørling,et al.  From Open-Channel SSDs to Zoned Namespaces , 2019 .

[22]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[23]  Joo Young Hwang,et al.  F2FS: A New File System for Flash Storage , 2015, FAST.

[24]  Kian-Lee Tan,et al.  StegFS: a steganographic file system , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[25]  Dan Tsafrir,et al.  Preserving Hidden Data with an Ever-Changing Disk , 2017, HotOS.

[26]  Bruce Schneier,et al.  Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications , 2008, HotSec.

[27]  Vashek Matyas,et al.  The TrueCrypt On-Disk Format--An Independent View , 2014, IEEE Security & Privacy.

[28]  Darrell D. E. Long,et al.  Artifice: A Deniable Steganographic File System , 2019, FOCI @ USENIX Security Symposium.

[29]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.