Defense: Artifice: A Design for Usable Deniable Storage Informed by Adversary Threat

Austen Barker
Computer Science PhD Candidate
Location
Virtual Event
Advisor
Darrell Long

Join us on Zoom: https://ucsc.zoom.us/s/97335448931 / Passcode: 396086

Description: With the widespread adoption of disk encryption technologies, it has become common for adversaries to employ coercive tactics to force users to surrender encryption keys or passwords. For some users, this creates a need for data storage that provides plausible deniability: the ability to deny the existence of sensitive information to avoid coercive tactics that put their safety at risk. Most previous systems rely on some form of steganography to conceal sensitive information among innocuous-appearing data on a user's storage device. Previous approaches all exhibit major design weaknesses stemming from flawed assumptions in their design, like the assumption that the presence of the driver software used to run a deniable volume would not be suspicious to an adversary. Generally, there is a lack of experimental evaluation and available implementations. As a result of these flawed assumptions and other shortcomings, previous deniable storage systems only offer pieces of an implementable and usable solution.
 

We have developed a new threat model for plausibly deniable storage, designed a system to counter
the adversary described in the threat model, and experimentally evaluated both our design and long-held assumptions integral to previous systems. We have designed and implemented Artifice, a deniable storage system where hidden data blocks are split with an information dispersal algorithm to produce a set of obfuscated carrier blocks that are indistinguishable from other random blocks on the disk. The blocks are then stored in unallocated space, possess a self-repair capability, and rely on combinatorial security. We have evaluated the reliability and effectiveness of this approach in protecting the integrity of a hidden volume through theoretical models and empirical evaluation. Unlike existing and proposed systems, Artifice addresses problems regarding flash storage devices and multiple snapshot attacks through comparatively simple block allocation schemes and operational security. To hide the user's ability to run a deniable system and prevent information leakage, Artifice stores its driver software separately from the hidden data.