TY - JOUR
T1 - MDEFTL
T2 - Incorporating Multi-Snapshot Plausible Deniability into Flash Translation Layer
AU - Jia, Shijie
AU - Zhang, Qionglu
AU - Xia, Luning
AU - Jing, Jiwu
AU - Liu, Peng
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Conventional encryption solutions cannot defend against a coercive attacker who can capture the device owner, and force the owner to disclose keys used for decrypting sensitive data. To defend against such a coercive adversary, Plausibly Deniable Encryption (PDE) was introduced to allow the device owner to deny the very existence of sensitive data. The existing PDE systems built for computing devices equipped with flash storage media, are problematic, since they cannot defend against multi-snapshot adversaries, who may have access to the storage medium of a user's device at different points of time. In this article, we propose MDEFTL, a secure multi-snapshot PDE system for mobile devices which incorporates plausible deniability into Flash Translation Layer (FTL). MDEFTL is the first practical design which integrates multi-snapshot PDE into FTL, a pervasively deployed layer in literally all the current mobile devices. A salient advantage of MDEFTL lies in its capability of achieving multi-snapshot plausible deniability while being able to accommodate the special nature of NAND flash as well as eliminate deniability compromises from it. We implemented MDEFTL using an open-source NAND flash controller. The experimental results show that, compared to conventional encryption which does not provide deniability, our MDEFTL only incurs a small overhead.
AB - Conventional encryption solutions cannot defend against a coercive attacker who can capture the device owner, and force the owner to disclose keys used for decrypting sensitive data. To defend against such a coercive adversary, Plausibly Deniable Encryption (PDE) was introduced to allow the device owner to deny the very existence of sensitive data. The existing PDE systems built for computing devices equipped with flash storage media, are problematic, since they cannot defend against multi-snapshot adversaries, who may have access to the storage medium of a user's device at different points of time. In this article, we propose MDEFTL, a secure multi-snapshot PDE system for mobile devices which incorporates plausible deniability into Flash Translation Layer (FTL). MDEFTL is the first practical design which integrates multi-snapshot PDE into FTL, a pervasively deployed layer in literally all the current mobile devices. A salient advantage of MDEFTL lies in its capability of achieving multi-snapshot plausible deniability while being able to accommodate the special nature of NAND flash as well as eliminate deniability compromises from it. We implemented MDEFTL using an open-source NAND flash controller. The experimental results show that, compared to conventional encryption which does not provide deniability, our MDEFTL only incurs a small overhead.
UR - http://www.scopus.com/inward/record.url?scp=85112619089&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85112619089&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2021.3100897
DO - 10.1109/TDSC.2021.3100897
M3 - Article
AN - SCOPUS:85112619089
SN - 1545-5971
VL - 19
SP - 3494
EP - 3507
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 5
ER -