Proceedings on Privacy Enhancing Technologies ; 2019 (1):153–171 Chen Chen*, Anrin Chakraborti, and Radu Sion PD-DM: An efficient locality-preserving block device mapper with plausible deniability Abstract: Encryption protects sensitive data from 1 Introduction unauthorized access, yet is not sufficient when users are forced to surrender keys under duress. In contrast, plau- Although encryption is widely used to protect sensitive sible deniability enables users to not only encrypt data data, it alone is usually not enough to serve users’ in- but also deny its existence when challenged. tentions. At the very least, the existence of encryption Most existing plausible deniability work (e.g. the suc- can draw the attention of adversaries that may have the cessful and unfortunately now-defunct TrueCrypt) tack- power to coerce users to reveal keys. les “single snapshot” adversaries, and cannot handle the Plausible deniability(PD) aims to tackle this prob- more realistic scenario of adversaries gaining access to lem. It defines a security property making it possible a device at multiple time points. Such “multi-snapshot” to claim that “some information is not in possession [of adversaries can simply observe modifications between the user] or some transactions have not taken place” snapshots and detect the existence of hidden data. [23]. In the context of storage devices, as addressed in Existing ideas handling “multi-snapshot” scenarios this paper, PD refers to the ability of a user to plausibly feature prohibitive overheads when deployed on deny the existence of certain stored data even when an practically-sized disks. This is mostly due to a lack adversary has access to the storage medium. of data locality inherent in certain standard access- In practice, PD storage is often essential for sur- randomization mechanisms, one of the building blocks vival and sometimes a matter of life and death. In used to ensure plausible deniability. a notable example, the human rights group Network In this work, we show that such randomization is not for Human Rights Documentation-Burma (ND-Burma) necessary for strong plausible deniability. Instead, it can carried data proving hundreds of thousands of human be replaced by a canonical form that permits most of rights violations out of the country on mobile devices, writes to be done sequentially. This has two key advan- risking exposure at checkpoints and border crossings tages: 1) it reduces the impact of seek due to random [27]. Videographers brought evidence of human rights accesses; 2) it reduces the overall number of physical violations out of Syria by hiding a micro-SD card in blocks that need to be written for each logical write. As body wounds [24], again at high risk of life. a result, PD-DM increases I/O throughput by orders Yet, unfortunately, existing PD storage solutions of magnitude (10–100× in typical setups) over exist- are either slow or insecure against “multi-snapshot” ad- ing work while maintaining strong plausible deniability versaries that can gain access to the storage multiple against multi-snapshot adversaries. times over a longer period. For example, steganographic Notably, PD-DM is the first plausible-deniable system filesystems [5, 23, 26] (also known as “deniable filesys- getting within reach of the performance of standard en- tems”), resist only adversaries who can access storage crypted volumes (dm-crypt) for random I/O. mediums once (“single-snapshot” adversaries). And al- Keywords: Plausible deniability, Storage security though some attempts [26] have been made to handle multi-snapshot adversaries, they are insecure. A strong DOI 10.2478/popets-2019-0009 Received 2018-05-31; revised 2018-09-15; accepted 2018-09-16. adversary can straightforwardly infer what data is hid- den with a relatively high probability, better than ran- dom guessing. On the other hand, while block-level PD solutions [6, 8] handling multi-snapshot adversaries ex- ist, their performance is often simply unacceptable and *Corresponding Author: Chen Chen: Stony Brook Uni- versity, E-mail: [email protected] many orders of magnitude below the performance of Anrin Chakraborti: Stony Brook University, E-mail: an- non-PD storage. [email protected] Nevertheless, most realistic PD adversaries are ul- Radu Sion: Stony Brook University, E-mail: timately multi-snapshot. Crossing a border twice, or [email protected] having an oppressive government collude with a hotel PD-DM 154 maid and subsequently a border guard, provides easy 2 Storage-centric PD Model and cheap multi-snapshot capabilities to any adversary. It is obvious that the security of a PD system PD can be provided at different layers in a storage sys- should not break down completely (under reasonable tem. However, properly designing multi-snapshot PD at user behavior) and should be resilient to such real- the filesystem level is not trivial. As filesystems involve istic externalities (hotel maids, border guards, airline many different types of data and associated metadata, checked luggage etc). Thus, undeniably, a practical and resolving all data and metadata modifications and as- sound plausible-deniable storage solution crucially needs sociated chain reactions in a plausibly deniable manner to handle multi-snapshot accesses. requires significant and careful consideration. We are In virtually all PD designs, handling multi-snapshot not aware of any successful, fully secure design. More- adversaries requires hiding the “access patterns” to hid- over, data loss (overwriting of data at a high deniability den data. Otherwise, adversaries could trivially observe level by writes to data at a lower deniability level) is implausible modifications between snapshots and infer likely an unavoidable drawback of filesystem PD ideas. the existence of hidden data. Instead, the focus of this work is on storage-centric Some of the first solutions [8, 31] hide access pat- PD for block devices – allowing a user to store files of dif- terns by rendering them indistinguishable from random. ferent confidentiality levels to different logical volumes Unfortunately, existing randomization-based mecha- stored on the same underlying physical device. These nisms completely break data locality and naturally im- volumes are accessed independently by upper-layer ap- pose large numbers of physical writes that are needed plications such as filesystems and databases. to successfully complete one logical write. This results It is important to note that no existing PD solu- in unacceptable performance, especially for high-latency tion hides the fact that a PD system is in place. So far storage (e.g., rotational disks). For example, HIVE [8] (and in this paper), the role of a sound PD system has performs 3 orders of magnitude slower than a non-PD been to hide whether a user stores any hidden files (for disk baseline. filesystems) or uses any hidden volumes (in block level We observe that randomization is not the only way schemes). In other words, it is assumed that adversaries to hide access patterns. Canonical forms that depend won’t punish users for merely using a PD-enabled sys- only on non-hidden public data (e.g., sequential struc- tem, at least as long as the system allows also non-PD turing) suffice and can yield dramatic throughput in- purposes, e.g., storing in a public volume. creases. This is mainly due to two reasons. First, it is well known that sequential structuring can vastly speed up I/O by reducing the impact of random seeks [14]. 2.1 PD Framework at Block Level This has been previously well explored in log-structured filesystems [13, 28]. Second, the predictable nature of A PD system at the block level intermediates between such sequential access leads to more efficient searches a raw storage device and upper logical volumes (Figure for free block locations (to write new data) with lower 1). It structures accesses to the underlying device while numbers of I/O operations, when compared with exist- providing upper-level abstractions for multiple indepen- i ing (mostly randomized access) solutions. dent logical volumes. Logical public volumes Vp can be Finally, we note that, by definition, a well-defined revealed to adversaries, whereas the existence and us- j multi-snapshot adversary cannot observe the device (in- age of hidden volumes Vh should be hidden from ad- cluding its RAM, etc) between snapshots. This enables versaries. The physical device contains Nd blocks of B i j additional optimizations for increased throughput. bytes each, while each logical volume has Np/Nh logi- The result is PD-DM, a new, efficient block-level cal data blocks, respectively. The volumes are encrypted i j storage solution that is strongly plausibly deniable with different encryption keys Kp and Kh (e.g., derived i j against multi-snapshot adversaries, preserves locality from passwords Pp and Ph). If coerced, users can pro- and dramatically increases performance over existing vide the public passwords and deny the existence or use work. In typical setups PD-DM is orders of magnitude of hidden volumes even to multi-snapshot adversaries. (10–100×) faster than existing approaches. Adversary. We consider a strong computationally bounded “multi-snapshot” adversary able to get com- plete representations of the device’s static state at mul- tiple times of her choosing. Importantly, the adversary cannot see the running state (memory, caches etc) of PD-DM 155 Fig. 1. Overview of a PD system with one public volume and one hidden volume as an example. PD-DM provides virtual volume abstractions. The choice of whether the hidden volume is used Fig. 2. Consider two access patterns O0 and O1 that transform will be hidden. the state of the disk from S1 to S20 and S21 respectively. Ad- versaries should not be able to distinguish S20 from S21 based on the snapshots. Effectively the adversary should not be able to the PD layer occurring before she takes possession of distinguish W(O0) from W(O1) the device.