INVISILINE: Invisible Plausibly-Deniable Storage

Plausibly-deniable (PD) storage systems allow users to securely hide data and plausibly deny its presence when challenged by adversaries who coerce them to provide encryption keys and passwords. However, PD systems need specialized software that renders them detectable by suspicious adversaries ques...

Full description

Saved in:
Bibliographic Details
Main Authors: Pinjala, Sandeep Kiran, Carbunar, Bogdan, Chakraborti, Anrin, Sion, Radu
Format: Conference Proceeding
Language:English
Subjects:
Data privacy
disk encryption
Layout
Linux
Passwords
plausible deniability
Software
Throughput
Writing
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Plausibly-deniable (PD) storage systems allow users to securely hide data and plausibly deny its presence when challenged by adversaries who coerce them to provide encryption keys and passwords. However, PD systems need specialized software that renders them detectable by suspicious adversaries questioning the very use of a PD system. To address this fundamental problem, we introduce and formally define the notion of plausible invisibility, preventing adversaries from determining whether a PD system was used in the first place. We develop INVISILINE, a plausibly invisible system resilient against multi-snapshot adversaries that can access the device multiple times. To remain invisible, INVISILINE uses a data layout and encoding that is compatible with the Linux dmcrypt disk encryption subsystem, and stores hidden data in the initialization vectors used by dm-crypt to encrypt public data. INVISILINE ensures that any disk changes that result from changes to the hidden data between adversary snapshots, can be plausibly explained using changes to public data resulting from regular use of dm-crypt. In the presence of adversaries, INVISILINE enables users to access all and only the public data using only dm-crypt. INVISILINE can securely and invisibly hide 19GB on a 1TB disk with no impact on public data I/O, and an average of 4.5MB/s throughput for writing hidden data.
ISSN:2375-1207
DOI:10.1109/SP54263.2024.00018