A Simple Mobile Plausibly Deniable System Using Image Steganography and Secure Hardware
Authors: 
Lichen Xia, Jinghui Liao, Niusen Chen, Bo Chen, and Weisong ShiAuthors Info & Claims
Lichen Xia, Jinghui Liao, Niusen Chen, Bo Chen, and Weisong ShiAuthors Info & ClaimsJune 2024
Pages 21 - 29
Abstract
Traditional encryption methods cannot defend against coercive attacks in which the adversary captures both the user and the possessed computing device, and forces the user to disclose the decryption keys. Plausibly deniable encryption (PDE) has been designed to defend against this strong coercive attacker. At its core, PDE allows the victim to plausibly deny the very existence of hidden sensitive data and the corresponding decryption keys upon being coerced. Designing an efficient PDE system for a mobile platform, however, is challenging due to various design constraints bound to the mobile systems.
Leveraging image steganography and the built-in hardware security feature of mobile devices, namely TrustZone, we have designed a Simple Mobile Plausibly Deniable Encryption (SMPDE) system which can combat coercive adversaries and, meanwhile, is able to overcome unique design constraints. In our design, the encoding/decoding process of image steganography is bounded together with Arm TrustZone. In this manner, the coercive adversary will be given a decoy key, which can only activate a DUMMY trusted application that will instead sanitize the sensitive information stored hidden in the stego-image upon decoding. On the contrary, the actual user can be given the true key, which can activate the PDE trusted application that can really extract the sensitive information from the stego-image upon decoding. Security analysis and experimental evaluation justify both the security and the efficiency of our design.
References
[1]
2009. ARM TrustZone Technology. https://developer.arm.com/ip-products/ security-ip/trustzone
[2]
2022. The Best Defense Against Rubber-Hose Cryptanalysis. https://pluralistic.net/2022/03/27/the-best-defense-against-rubber-hosecryptanalysis/
[3]
Nasir Ahmed, T_ Natarajan, and Kamisetty R Rao. 1974. Discrete cosine transform. IEEE transactions on Computers 100, 1 (1974), 90--93.
[4]
ARM. 2023. Silicon IP Security. https://www.arm.com/products/silicon-ipsecurity. Accessed: 2024-02--25.
[5]
Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, and Patrick Lincoln. 2014. Neuroscience meets cryptography: Crypto primitives secure against rubber hose attacks. Commun. ACM 57, 5 (2014), 110--118.
[6]
Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen-Tao Zhu, Yingjiu Li, and Zhan Wang. 2018. User-friendly deniable storage for mobile devices. computers & security 72 (2018), 163--174.
[7]
Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. 2015. Mobipluto: File system friendly deniable storage for mobile devices. In Proceedings of the 31st Annual Computer Security Applications Conference. ACM, 381--390.
[8]
Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. 2015. Mobipluto: File system friendly deniable storage for mobile devices. In Proceedings of the 31st annual computer security applications conference. 381--390.
[9]
Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li,Wen-Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. 2018. Mobiceal: Towards secure and practical plausibly deniable encryption on mobile devices. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 454-- 465.
[10]
Chen Chen, Anrin Chakraborti, and Radu Sion. 2020. INFUSE: Invisible plausiblydeniable file system for NAND flash. Proc. Priv. Enhancing Technol. 2020, 4 (2020), 239--254.
[11]
Chen Chen, Anrin Chakraborti, and Radu Sion. 2021. PEARL: Plausibly Deniable Flash Translation Layer using WOM coding. In The 30th Usenix Security Symposium.
[12]
Niusen Chen and Bo Chen. 2023. HiPDS: A Storage Hardware-independent Plausibly Deniable Storage System. IEEE Transactions on Information Forensics and Security (2023).
[13]
Niusen Chen, Bo Chen, and Weisong Shi. 2021. MobiWear: A Plausibly Deniable Encryption System for Wearable Mobile Devices. In EAI International Conference on Applied Cryptography in Computer and Communications. Springer, 138--154.
[14]
Niusen Chen, Bo Chen, and Weisong Shi. 2022. The block-based mobile pde systems are not secure-experimental attacks. In EAI International Conference on Applied Cryptography in Computer and Communications. Springer, 139--152.
[15]
Niusen Chen, Bo Chen, and Weisong Shi. 2022. A Cross-layer Plausibly Deniable Encryption System for Mobile Devices. In International Conference on Security and Privacy in Communication Systems. Springer, 150--169.
[16]
OP-TEE Contributors. 2021. OP-TEE/manifest. https://github.com/OP-TEE/ manifest GitHub repository.
[17]
John Doe and Jane Smith. 2021. Fundamentals of Steganography: Hiding Information in Plain Sight. Journal of Cybersecurity and Digital Forensics 15, 3 (2021), 105--120. https://doi.org/10.1000/jcdf.2021.15.3.105
[18]
Wendi Feng, Chuanchang Liu, Zehua Guo, Thar Baker, Gang Wang, Meng Wang, Bo Cheng, and Junliang Chen. 2020. MobiGyges: A mobile hidden volume for preventing data loss, improving storage utilization, and avoiding device reboot. Future Generation Computer Systems (2020).
[19]
Seung-Kyun Han and Jinsoo Jang. 2023. MyTEE: Own the Trusted Execution Environment on Embedded Devices. In NDSS.
[20]
Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. 2017. Deftl: Implementing plausibly deniable encryption in flash translation layer. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2217--2229.
[21]
Konstantinos Karampidis, Ergina Kavallieratou, and Giorgos Papadourakis. 2018. A review of image steganalysis techniques for digital forensics. Journal of information security and applications 40 (2018), 217--235.
[22]
Mohammad Khan and Linda White. 2019. Steganalysis Techniques: Detecting the Undetectable. Computer Security Review 14, 2 (2019), 89--102. https://doi.org/ 10.1000/csr.2019.14.2.89
[23]
Jinghui Liao, Bo Chen, and Weisong Shi. 2021. TrustZone enhanced plausibly deniable encryption system for mobile devices. In 2021 IEEE/ACM Symposium on Edge Computing (SEC). IEEE, 441--447.
[24]
Jinghui Liao, Niusen Chen, Lichen Xia, Bo Chen, and Weisong Shi. 2024. FSPDE: A Full Stack Plausibly Deniable Encryption System for Mobile Devices. In 2024 ACM Conference on Data and Application Security and Privacy (CODASPY). ACM.
[25]
Jia Liu, Yan Ke, Zhuo Zhang, Yu Lei, Jun Li, Minqing Zhang, and Xiaoyuan Yang. 2020. Recent advances of image steganography with generative adversarial networks. IEEE Access 8 (2020), 60575--60597.
[26]
Shao-Ping Lu, Rong Wang, Tao Zhong, and Paul L Rosin. 2021. Large-capacity image steganography based on invertible neural networks. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 10816--10825.
[27]
OP-TEE. 2019. Open Portable Trusted Execution Environment. https://www.optee. org/ (2019).
[28]
Timothy M Peters, Mark A Gondree, and Zachary NJ Peterson. 2015. DEFY: A deniable, encrypted file system for log-structured storage. (2015).
[29]
Mark J Shensa et al. 1992. The discrete wavelet transform: wedding the a trous and Mallat algorithms. IEEE Transactions on signal processing 40, 10 (1992), 2464--2482.
[30]
Adam Skillen and MohammadMannan. 2013. On Implementing Deniable Storage Encryption for Mobile Devices. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27.
[31]
Nandhini Subramanian, Omar Elharrouss, Somaya Al-Maadeed, and Ahmed Bouridane. 2021. Image steganography: A review of the recent advances. IEEE access 9 (2021), 23409--23423.
[32]
Weike You, Hong Zhang, and Xianfeng Zhao. 2020. A Siamese CNN for image steganalysis. IEEE Transactions on Information Forensics and Security 16 (2020), 291--306.
[33]
Xingjie Yu, Bo Chen, ZhanWang, Bing Chang,Wen Tao Zhu, and Jiwu Jing. 2014. Mobihydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices. In International conference on information security. Springer, 555--567.
[34]
Tao Zhang and Xijian Ping. 2003. A new approach to reliable detection of LSB steganography in natural images. Signal processing 83, 10 (2003), 2085--2093.
Index Terms
- A Simple Mobile Plausibly Deniable System Using Image Steganography and Secure Hardware
Recommendations
FSPDE: A Full Stack Plausibly Deniable Encryption System for Mobile Devices
CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and PrivacyIn today's digital landscape, the ubiquity of mobile devices underscores the urgent need for stringent security protocols in both data transmission and storage. Plausibly deniable encryption (PDE) stands out as a pivotal solution, particularly in ...
Deniable encryptions secure against adaptive chosen ciphertext attack
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and ExperienceThe deniable encryption is a type of encryption which can hide the true message while revealing a fake one. Even if the sender or the receiver is coerced to show the plaintext and the used random numbers in encryption, a deniable encryption scheme ...
User-friendly deniable storage for mobile devices
Mobile devices are prevalently used to process sensitive data, but traditional encryption may not work when an adversary is able to coerce the device owners to disclose the encryption keys. Plausibly Deniable Encryption (PDE) is thus designed to protect ...
Comments
Information & Contributors
Information
Published In
June 2024
97 pages
ISBN:9798400705557
DOI:10.1145/3643650
- Program Chairs:
- Maanak Gupta,
- Mahmoud Abdelsalam,
- Mir Pritom,
- Feras Awaysheh
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CODASPY '24
Sponsor:
CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy
June 21, 2024
Porto, Portugal
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 8Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)8
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in