DEFY:ADeniable,EncryptedFileSystemforLog-StructuredStorage.
TimothyM.Peters,MarkA.Gondree,andZachary
N.J.Peterson.InNDSS'15
PresentedbyFengweiZhang
WayneStateUniversity CSC6991AdvancedComputerSecurity 1
IntroducSon
• In2012,avideographersmuggledevidenceofhumanrightsviolaSonsoutofSyria.HelackedanydataprotecSonmechanismsandinsteadhidamicro-SDcardinawoundonhisarm
• Humanrightsgroup,ND-Burma,collectsdataonhundredsofthousandsofhumanrightsviolaSonsbytheBurmesegovernment.ND-BurmaacSvistscarrydataonmobiledevices,riskingexposureatcheckpointsandbordercrossings
WayneStateUniversity CSC6991AdvancedComputerSecurity 2
IntroducSon
• TradiSonalencrypSonmaynotworkwhenanadversaryisabletocoercedeviceownersintorevealingtheirencryptedcontent
• PlausiblyDeniableEncrypSon(PDE)
WayneStateUniversity CSC6991AdvancedComputerSecurity 3
RelatedWork
• Steganography-based– StegFS[1]hidesblockswithinrandomdataanditworksonExt2filesystem.However,theexistenceofthemodifiedExt2driverandtheexternalblocktablemaymakethesystemsuspicious.
• Hiddenvolumes-based– Mobiflage[2],MobiPluto[3]
WayneStateUniversity CSC6991AdvancedComputerSecurity 4
DEFY
• DEFY,theDeniableEncryptedFileSystemfromYAFFS
• File-system,Flash-based
• Resistantagainstthemostpowerfuladversaryconsideredbypriorwork,asnapshobngadversary
WayneStateUniversity CSC6991AdvancedComputerSecurity 5
YAFFS
• FilesystemdesignedforusewithNANDflash• Log-structuredfilesysteminthatwriterequestsareallocatedsequenSally
• Read/writeatthepagelevel(e.g.,pagesize4KB)anderasureoccursattheblocklevel(e.g.,blocksize256KB)
• YAFFS1vs.YAFFS2
WayneStateUniversity CSC6991AdvancedComputerSecurity 6
WayneStateUniversity CSC6991AdvancedComputerSecurity 7
WayneStateUniversity CSC6991AdvancedComputerSecurity 8
WayneStateUniversity CSC6991AdvancedComputerSecurity 9
WayneStateUniversity CSC6991AdvancedComputerSecurity 10
WayneStateUniversity CSC6991AdvancedComputerSecurity 11
WayneStateUniversity CSC6991AdvancedComputerSecurity 12
WayneStateUniversity CSC6991AdvancedComputerSecurity 13
WayneStateUniversity CSC6991AdvancedComputerSecurity 14
WayneStateUniversity CSC6991AdvancedComputerSecurity 15
WayneStateUniversity CSC6991AdvancedComputerSecurity 16
WayneStateUniversity CSC6991AdvancedComputerSecurity 17
WayneStateUniversity CSC6991AdvancedComputerSecurity 18
LimitaSonsofDEFY
• InformaSonLeakage– DiskLevel
• Recentopenfilesingeditor• MicrosoiWordbackupfuncSon
– MemoryLevel• Coldbootajack• Scanmemorytoextractkeys
WayneStateUniversity CSC6991AdvancedComputerSecurity 19
References1. A.D.McDonaldandM.G.Kuhn.StegFS:Asteganographicfile
systemforLinux.InInformaSonHiding,pages463–477.Springer,2000.
2. A.SkillenandM.Mannan.OnimplemenSngdeniablestorageencrypSonformobiledevices.In20thAnnualNetworkandDistributedSystemSecuritySymposium,NDSS2013,SanDiego,California,USA,February24-27,2013
3. BingChang,ZhanWang,BoChen,andFengweiZhang.MobiPluto:FileSystemFriendlyDeniableStorageforMobileDevices,InProceedingsofThe2015AnnualComputerSecurityApplicaSonsConference(ACSAC'15),LosAngeles,CA,December2015.
WayneStateUniversity CSC6991AdvancedComputerSecurity 20
TermProjectPresentaSons
• ClassesonWednesday,Dec09andMonday,Dec14
• 11:00am-13:40pmonTuesday,Dec15?
WayneStateUniversity CSC6991AdvancedComputerSecurity 21
