INFUSE: Invisible plausibly-deniable file system for NAND flash

Self Cite

Data privacy is critical in instilling trust and empowering the societal pacts of modern technology-driven democracies. Unfortunately it is under continuous attack by overreaching or outright oppressive governments, including some of the world’s oldest democracies. Increasingly-intrusive anti-encryption laws severely limit the ability of standard encryption to protect privacy. New defense mechanisms are needed. Plausible deniability (PD) is a powerful property, enabling users to hide the existence of sensitive information in a system under direct inspection by adversaries. Popular encrypted storage systems such as TrueCrypt and other research efforts have attempted to also provide plausible deniability. Unfortunately, these efforts have often operated under less well-defined assumptions and adversarial models. Careful analyses often uncover not only high overheads but also outright security compromise. Further, our understanding of adversaries, the underlying storage technologies, as well as the available plausible deniable solutions have evolved dramatically in the past two decades. The main goal of this work is to systematize this knowledge. It aims to: (1) identify key PD properties, requirements and approaches; (2) present a direly-needed unified framework for evaluating security and performance; (3) explore the challenges arising from the critical interplay between PD and modern system layered stacks; (4) propose a new “trace-oriented” PD paradigm, able to decouple security guarantees from the underlying systems and thus ensure a higher level of flexibility and security independent of the technology stack. This work is meant also as a trusted guide for system and security practitioners around the major challenges in understanding, designing and implementing plausible deniability into new or existing systems.

Section: Mount and Unmountmentioning

confidence: 99%

“…INFUSE [15] builds a PD scheme in the flash layer. The main idea is to modulate additional information in charges and voltage levels of individual NAND cells, the minimal storage unit for NAND.…”

Section: Device-specific Mechanismsmentioning

confidence: 99%

SoK: Plausibly Deniable Storage

Chen

Liang

Cărbunar³

et al. 2022

Self Cite

“…Czeskis et al show that an operating system's regular functionality may betray the existence of the hidden volume, and demonstrate such attacks against TrueCrypt [8]. Chen et al extend the notion of plausible deniability to include invisibility, which also conceals evidence of the steganographic file system [7].…”

Section: Related Workmentioning

confidence: 99%

Residue-Free Computing

Arkema

Sherr

2021

Computer applications often leave traces or residues that enable forensic examiners to gain a detailed understanding of the actions a user performed on a computer. Such digital breadcrumbs are left by a large variety of applications, potentially (and indeed likely) unbeknownst to their users. This paper presents the concept of residue-free computing in which a user can operate any existing application installed on their computer in a mode that prevents trace data from being recorded to disk, thus frustrating the forensic process and enabling more privacy-preserving computing. In essence, residue-free computing provides an “incognito mode” for any application. We introduce our implementation of residue-free computing, ResidueFree, and motivate ResidueFree by inventorying the potentially sensitive and privacy-invasive residue left by popular applications. We demonstrate that ResidueFree allows users to operate these applications without leaving trace data, while incurring modest performance overheads.

“…Recent work has brought deniable encryption to NAND flash storage systems [94], generally challenging due to wear-leveling systems [125]. Since then, contributions have provided "user-friendly" switching between deniable and regular encrypted storage [95] and methods for plausible deniability of the very presence of a PDE system on a device [96]. However, even with cryptographic hardware, these systems still burden users with noticeable overhead.…”

Section: Run-time File Encryption (411-14)mentioning

confidence: 99%

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Zinkus

Jois

Green

2021

Mobile devices have become an indispensable component of modern life. Their high storage capacity gives these devices the capability to store vast amounts of sensitive personal data, which makes them a high-value target: these devices are routinely stolen by criminals for data theft, and are increasingly viewed by law enforcement agencies as a valuable source of forensic data. Over the past several years, providers have deployed a number of advanced cryptographic features intended to protect data on mobile devices, even in the strong setting where an attacker has physical access to a device. Many of these techniques draw from the research literature, but have been adapted to this entirely new problem setting. This involves a number of novel challenges, which are incompletely addressed in the literature. In this work, we outline those challenges, and systematize the known approaches to securing user data against extraction attacks. Our work proposes a methodology that researchers can use to analyze cryptographic data confidentiality for mobile devices. We evaluate the existing literature for securing devices against data extraction adversaries with powerful capabilities including access to devices and to the cloud services they rely on. We then analyze existing mobile device confidentiality measures to identify research areas that have not received proper attention from the community and represent opportunities for future research.