research-article

MobiPluto: File System Friendly Deniable Storage for Mobile Devices

Authors:

Fengwei ZhangAuthors Info & Claims

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Pages 381 - 390

https://doi.org/10.1145/2818000.2818046

Published: 07 December 2015 Publication History

Abstract

Mobile devices are prevalently used for processing personal private data and sometimes collecting evidence of social injustice or political oppression. The device owners may always feel reluctant to expose this type of data to undesired observers or inspectors. This usually can be achieved by encryption. However, the traditional encryption may not work when an adversary is able to coerce device owners into revealing their encrypted content. Plausibly Deniable Encryption (PDE) is thus designed to protect sensitive data against this type of powerful adversaries.

In this paper, we present MobiPluto, a file system friendly PDE scheme for denying the existence of sensitive data stored on mobile devices. MobiPluto achieves deniability feature as nothing but a "side-effect" of combining thin provisioning, a well-established tool in Linux kernel, with encryption. This feature makes MobiPluto more plausible for users to have such software on their mobile devices. A salient difference between MobiPluto and the existing PDE schemes is that MobiPluto is "file system friendly", i.e., any block-based file systems can be deployed on top of it. Thus, it is possible to deploy MobiPluto on most mobile devices. We provide a proof-of-concept implementation for MobiPluto in an Android phone to assess its feasibility and performance.

References

[1]

LVM Administrator's Guide. https://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/, 2007.

[2]

"partitioning" your Nexus S using LVM. http://forum.xda-developers.com/nexus-s/general/howto-partitioning-nexus-s-using-lvm-t1656794, May 2012.

[3]

TrueCrypt User's Guide. https://www.grc.com/misc/truecrypt/TrueCrypt%20User%20Guide.pdf, 2012.

[4]

BitLocker Overview. https://technet.microsoft.com/en-us/library/hh831713.aspx, 2013.

[5]

Consider LVM on Android. http://forum.cyanogenmod.org/topic/4226-has-anyone-considered-lvm-on-android/, 2013.

[6]

FreeOTFE - Free disk encryption software for PCs and PDAs. version 5.21. Project website: http://sourceforge.net/projects/freeotfe.mirror/, 2014.

[7]

Android encryption. https://source.android.com/devices/tech/security/encryption/, 2015.

[8]

AOSP: Android open source project. http://source.android.com/, 2015.

[9]

Appendix E. LVM Volume Group Metadata. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Logical_Volume_Manager_Administration/lvm_metadata.html, 2015.

[10]

Ext4 Disk Layout. https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout, 2015.

[11]

FAT file system. https://technet.microsoft.com/en-us/library/cc938438.aspx, 2015.

[12]

OS X Yosemite: Encrypt the contents of your Mac with FileVault. https://support.apple.com/kb/PH18637?locale=en_US&viewlocale=en_US, 2015.

[13]

Pluto-King of the Underworld. http://www.crystalinks.com/plutorome.html, 2015.

[14]

Samsung eMMC memory. http://www.samsung.com/global/business/semiconductor/product/flash-emmc/overview, 2015.

[15]

Adam Skillen and Mohammad Mannan. Mobiflage: Deniable storage encryption for mobile devices. IEEE Trans. Dependable Sec. Comput., 11(3):224--237, 2014.

Digital Library

[16]

R. Anderson, R. Needham, and A. Shamir. The steganographic file system. In Information Hiding, pages 73--82. Springer, 1998.

[17]

B. Kaliski. PKCS 5: Password-based cryptography specification, version 2.0. RFC 2898 (informational), 2000.

Digital Library

[18]

E.-O. Blass, T. Mayberry, G. Noubir, and K. Onarlioglu. Toward robust hidden volumes using write-only oblivious RAM. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 203--214. ACM, 2014.

Digital Library

[19]

R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In Advances in Cryptology-CRYPTO'97, pages 90--104. Springer, 1997.

Digital Library

[20]

R. Coker. Bonnie++ file system benchmark suite. http://www.coker.com.au/bonnie++/, 2009.

[21]

B. Donohue. Android 5.0 data better protected with new crypto system. https://blog.kaspersky.com/full-disk-encryption-android-5/, 2014.

[22]

P. Gasti, G. Ateniese, and M. Blanton. Deniable cloud storage: sharing files via public-key deniability. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 31--42. ACM, 2010.

Digital Library

[23]

L. M. Grupp, J. D. Davis, and S. Swanson. The bleak future of NAND flash memory. In Proceedings of the 10th USENIX conference on File and Storage Technologies, pages 2--2. USENIX Association, 2012.

Digital Library

[24]

J. Assange, R.P. Weinmann, and S. Dreyfus. Rubberhose Filesystem. Archive available at: http://web.archive.org/web/20120716034441/http://marutukku.org/, 2001.

[25]

J.-M. Kim and J.-S. Kim. AndroBench: Benchmarking the storage performance of Android-based mobile devices. In Frontiers in Computer Education, pages 667--674. Springer, 2012.

[26]

A. Levin. The 10 Dumbest Risks People Take With Their Smartphones. http://blog.credit.com/2013/01/the-10-dumbest-risks-people-take-on-their-smartphones-64384/, 2013.

[27]

L. Martin. XTS: A mode of AES for encrypting hard disks. IEEE Security & Privacy, (3):68--69, 2010.

Digital Library

[28]

A. D. McDonald and M. G. Kuhn. StegFS: A steganographic file system for Linux. In Information Hiding, pages 463--477. Springer, 2000.

Digital Library

[29]

H. Pang, K.-L. Tan, and X. Zhou. StegFS: A steganographic file system. In Data Engineering, 2003. Proceedings. 19th International Conference on, pages 657--667. IEEE, 2003.

[30]

T. M. Peters, M. A. Gondree, and Z. N. Peterson. DEFY: A deniable, encrypted file system for log-structured storage. In 22th Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8--11, 2015.

[31]

B. Ragnarsson, G. Toth, H. Bagheri, and W. Minnaard. Desirable features for plausibly deniable encryption. https://www.os3.nl/_media/2012-2013/courses/ssn/desirable_features_for_plausibly_deniable_encryption.pdf, 2012.

[32]

E. Silverstein. 2013 Was a Year to Remember for NAND eMMC Memory. http://www.mobilitytechzone.com/topics/4g-wirelessevolution/articles/2014/02/28/371835-2013-a-year-remember-nand-emmc-memory.htm, 2014.

[33]

A. Skillen and M. Mannan. On implementing deniable storage encryption for mobile devices. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27, 2013.

[34]

J. Thornber. Thin Provisioning Tools. https://github.com/jthornber/thin-provisioning-tools, 2015.

[35]

TrueCrypt. Free open source on-the-fly disk encryption software.version 7.1a. Project website: http://www.truecrypt.org/, 2012.

[36]

X. Yu, B. Chen, Z. Wang, B. Chang, W. T. Zhu, and J. Jing. MobiHydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices. In Information Security, pages 555--567. Springer, 2014.

Cited By

Dietz FMecke LRiesner DAlt F(2024)Delusio - Plausible Deniability For Face RecognitionProceedings of the ACM on Human-Computer Interaction10.1145/36764948:MHCI(1-13)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676494
Xia LLiao JChen NChen BShi WGupta MAbdelsalam MPritom MAwaysheh F(2024)A Simple Mobile Plausibly Deniable System Using Image Steganography and Secure HardwareProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658607(21-29)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658607
Liao JChen NXia LChen BShi WVilela JSchulmann HLi N(2024)FSPDE: A Full Stack Plausibly Deniable Encryption System for Mobile DevicesProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653262(265-276)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653262
Show More Cited By

Recommendations

DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Mobile devices today have been increasingly used to store and process sensitive information. To protect sensitive data, mobile operating systems usually incorporate a certain level of encryption to protect sensitive data. However, conventional encryption ...
User-friendly deniable storage for mobile devices

Mobile devices are prevalently used to process sensitive data, but traditional encryption may not work when an adversary is able to coerce the device owners to disclose the encryption keys. Plausibly Deniable Encryption (PDE) is thus designed to protect ...
A Simple Mobile Plausibly Deniable System Using Image Steganography and Secure Hardware
SaT-CPS '24: Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Traditional encryption methods cannot defend against coercive attacks in which the adversary captures both the user and the possessed computing device, and forces the user to disclose the decryption keys. Plausibly deniable encryption (PDE) has been ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

December 2015

489 pages

ISBN:9781450336826

DOI:10.1145/2818000

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National 973 Program
Strategy Pilot Project of Chinese Academy of Sciences

Conference

ACSAC 2015

ACSAC 2015: 2015 Annual Computer Security Applications Conference

December 7 - 11, 2015

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
290
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dietz FMecke LRiesner DAlt F(2024)Delusio - Plausible Deniability For Face RecognitionProceedings of the ACM on Human-Computer Interaction10.1145/36764948:MHCI(1-13)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676494
Xia LLiao JChen NChen BShi WGupta MAbdelsalam MPritom MAwaysheh F(2024)A Simple Mobile Plausibly Deniable System Using Image Steganography and Secure HardwareProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658607(21-29)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658607
Liao JChen NXia LChen BShi WVilela JSchulmann HLi N(2024)FSPDE: A Full Stack Plausibly Deniable Encryption System for Mobile DevicesProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653262(265-276)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653262
Chen NChen B(2024)HiPDS: A Storage Hardware-Independent Plausibly Deniable Storage SystemIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.333852819(1483-1495)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3338528
Chen NChen BShi W(2024)An application-layer plausibly deniable encryption system for wearable devicesDiscover Internet of Things10.1007/s43926-024-00061-w4:1Online publication date: 6-Aug-2024
https://doi.org/10.1007/s43926-024-00061-w
Chen NChen BShi W(2023)A Cross-layer Plausibly Deniable Encryption System for Mobile DevicesSecurity and Privacy in Communication Networks10.1007/978-3-031-25538-0_9(150-169)Online publication date: 4-Feb-2023
https://doi.org/10.1007/978-3-031-25538-0_9
Chen CLiang XCarbunar BSion R(2022)SoK: Plausibly Deniable StorageProceedings on Privacy Enhancing Technologies10.2478/popets-2022-00392022:2(132-151)Online publication date: 3-Mar-2022
https://doi.org/10.2478/popets-2022-0039
Mahmod JHicks MFalsafi BFerdman MLu SWenisch T(2022)Invisible bits: hiding secret messages in SRAM’s analog domainProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507756(1086-1098)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507756
Jia SZhang QXia LJing JLiu P(2022)MDEFTL: Incorporating Multi-Snapshot Plausible Deniability into Flash Translation LayerIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310089719:5(3494-3507)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TDSC.2021.3100897
Chen NChen BShi W(2022)The Block-Based Mobile PDE Systems are Not Secure - Experimental AttacksApplied Cryptography in Computer and Communications10.1007/978-3-031-17081-2_9(139-152)Online publication date: 6-Oct-2022
https://doi.org/10.1007/978-3-031-17081-2_9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents