Sensitive data protection is essential for mobile users. Plausibly Deniable Encryption (PDE) systems provide an effective manner to protect sensitive data by hiding them on the device. However, existing PDE systems can lose data due to overriding the hidden volume, waste physical storage because of the reserved area used for avoiding data loss, and require device reboot when using the hidden volume. This paper presents MobiGyges, a hidden volume-based mobile PDE system, to fill the gap. MobiGyges addresses the problem of data loss by restricting each storage block used only by one volume, and it improves storage utilization by eliminating the reserved area. MobiGyges can also avoid device reboot by mounting the hidden volume dynamically on-demand with the Dynamic Mounting service. Moreover, we identify two novel PDE oriented attacks, the capacity comparison attack and the fill-to-full attack. MobiGyges can defend them by jointly leveraging the Shrunk U-disk method and multi-level deniability. We implement the MobiGyges proof-of-concept system on a real mobile phone Google Nexus 6P with LineageOS 13. Experimental results show that MobiGyges prevents data loss, avoids device reboot, improves storage utilization by over 30% with acceptable performance overhead compared with current works.
翻译:对移动用户来说,敏感数据保护至关重要。 显而易见的可否认加密( PDE) 系统通过将敏感数据隐藏在设备上,为保护敏感数据提供了有效的方式。 但是, 现有的 PDE 系统可能会因为覆盖隐藏的容量而丢失数据, 因为用于避免数据丢失的预留区域而浪费物理存储, 并且使用隐藏的容量时需要重新启用设备。 本文展示了隐藏的量基移动PDE系统MobiGyges, 以填补空白。 MobiGyges通过限制每个存储区只使用一个体积来解决数据丢失问题, 并通过消除保留区来改进存储设施的利用率。 MobiGyges 也可以通过动态挂载服务, 以动态挂载需求的方式增加隐藏的容量, 从而避免设备重啟。 此外, 我们确定了两种新型的 PDE 目标攻击、 能力比较攻击和填充全攻击。 MobiGyges 可以通过联合利用 Shrunk U- disk 方法和多级可操作性来保护数据丢失问题。 我们用 MobiG- Gyges 校验系统在实时存储系统上, 30 软移动 Gloeal Geal 的存储系统, 上无法显示运行结果, 。