DEFY:ADeniable,EncryptedFileSystemforLog-StructuredStorage.

TimothyM.Peters,MarkA.Gondree,andZachary

N.J.Peterson.InNDSS'15

PresentedbyFengweiZhang

WayneStateUniversity CSC6991AdvancedComputerSecurity 1

IntroducSon

•  In2012,avideographersmuggledevidenceofhumanrightsviolaSonsoutofSyria.HelackedanydataprotecSonmechanismsandinsteadhidamicro-SDcardinawoundonhisarm

•  Humanrightsgroup,ND-Burma,collectsdataonhundredsofthousandsofhumanrightsviolaSonsbytheBurmesegovernment.ND-BurmaacSvistscarrydataonmobiledevices,riskingexposureatcheckpointsandbordercrossings

WayneStateUniversity CSC6991AdvancedComputerSecurity 2

IntroducSon

•  TradiSonalencrypSonmaynotworkwhenanadversaryisabletocoercedeviceownersintorevealingtheirencryptedcontent

•  PlausiblyDeniableEncrypSon(PDE)

WayneStateUniversity CSC6991AdvancedComputerSecurity 3

RelatedWork

•  Steganography-based– StegFS[1]hidesblockswithinrandomdataanditworksonExt2filesystem.However,theexistenceofthemodifiedExt2driverandtheexternalblocktablemaymakethesystemsuspicious.

•  Hiddenvolumes-based– Mobiflage[2],MobiPluto[3]

WayneStateUniversity CSC6991AdvancedComputerSecurity 4

DEFY

•  DEFY,theDeniableEncryptedFileSystemfromYAFFS

•  File-system,Flash-based

•  Resistantagainstthemostpowerfuladversaryconsideredbypriorwork,asnapshobngadversary

WayneStateUniversity CSC6991AdvancedComputerSecurity 5

YAFFS

•  FilesystemdesignedforusewithNANDflash•  Log-structuredfilesysteminthatwriterequestsareallocatedsequenSally

•  Read/writeatthepagelevel(e.g.,pagesize4KB)anderasureoccursattheblocklevel(e.g.,blocksize256KB)

•  YAFFS1vs.YAFFS2

WayneStateUniversity CSC6991AdvancedComputerSecurity 6

WayneStateUniversity CSC6991AdvancedComputerSecurity 7

WayneStateUniversity CSC6991AdvancedComputerSecurity 8

WayneStateUniversity CSC6991AdvancedComputerSecurity 9

WayneStateUniversity CSC6991AdvancedComputerSecurity 10

WayneStateUniversity CSC6991AdvancedComputerSecurity 11

WayneStateUniversity CSC6991AdvancedComputerSecurity 12

WayneStateUniversity CSC6991AdvancedComputerSecurity 13

WayneStateUniversity CSC6991AdvancedComputerSecurity 14

WayneStateUniversity CSC6991AdvancedComputerSecurity 15

WayneStateUniversity CSC6991AdvancedComputerSecurity 16

WayneStateUniversity CSC6991AdvancedComputerSecurity 17

WayneStateUniversity CSC6991AdvancedComputerSecurity 18

LimitaSonsofDEFY

•  InformaSonLeakage– DiskLevel

•  Recentopenfilesingeditor•  MicrosoiWordbackupfuncSon

– MemoryLevel•  Coldbootajack•  Scanmemorytoextractkeys

WayneStateUniversity CSC6991AdvancedComputerSecurity 19

References1.  A.D.McDonaldandM.G.Kuhn.StegFS:Asteganographicfile

systemforLinux.InInformaSonHiding,pages463–477.Springer,2000.

2.  A.SkillenandM.Mannan.OnimplemenSngdeniablestorageencrypSonformobiledevices.In20thAnnualNetworkandDistributedSystemSecuritySymposium,NDSS2013,SanDiego,California,USA,February24-27,2013

3.  BingChang,ZhanWang,BoChen,andFengweiZhang.MobiPluto:FileSystemFriendlyDeniableStorageforMobileDevices,InProceedingsofThe2015AnnualComputerSecurityApplicaSonsConference(ACSAC'15),LosAngeles,CA,December2015.

WayneStateUniversity CSC6991AdvancedComputerSecurity 20

TermProjectPresentaSons

•  ClassesonWednesday,Dec09andMonday,Dec14

•  11:00am-13:40pmonTuesday,Dec15?

WayneStateUniversity CSC6991AdvancedComputerSecurity 21