Data privacy is critical in instilling trust and empowering the societal pacts of modern technology-driven democracies. Unfortunately, it is under continuous attack by overreaching or outright oppressive governments, including some of the world's oldest democracies. Increasingly-intrusive anti-encryption laws severely limit the ability of standard encryption to protect privacy. New defense mechanisms are needed. Plausible deniability (PD) is a powerful property, enabling users to hide the existence of sensitive information in a system under direct inspection by adversaries. Popular encrypted storage systems such as TrueCrypt and other research efforts have attempted to also provide plausible deniability. Unfortunately, these efforts have often operated under less well-defined assumptions and adversarial models. Careful analyses often uncover not only high overheads but also outright security compromise. Further, our understanding of adversaries, the underlying storage technologies, as well as the available plausible deniable solutions have evolved dramatically in the past two decades. The main goal of this work is to systematize this knowledge. It aims to: - identify key PD properties, requirements, and approaches; - present a direly-needed unified framework for evaluating security and performance; - explore the challenges arising from the critical interplay between PD and modern system layered stacks; - propose a new "trace-oriented" PD paradigm, able to decouple security guarantees from the underlying systems and thus ensure a higher level of flexibility and security independent of the technology stack. This work is meant also as a trusted guide for system and security practitioners around the major challenges in understanding, designing, and implementing plausible deniability into new or existing systems.
翻译:数据私隐性在灌输信任和赋予现代技术驱动的民主国家的社会契约方面至关重要。 不幸的是,数据私隐性持续受到过度或直接压迫性政府,包括世界上一些最古老的民主国家的压迫性政府的攻击。 越来越多的侵入性反催眠法严重限制了标准加密保护隐私的能力。 需要新的防御机制。 显而易见的否认性(PD)是一个强大的财产,使用户能够在一个对手直接检查的系统中隐藏敏感信息的存在。 TrueCrypt和其他研究努力等大众加密存储系统也试图提供可信的可否认性。 不幸的是,这些努力往往在定义不甚明确的假设和对抗模式下运作。 仔细分析往往不仅发现高的间接费用,而且还发现彻底的安全妥协。 此外,我们对对手的理解、基本储存技术以及现有的可信的可公开性解决办法在过去20年发生了巨大的变化。 这项工作的主要目标是使这种知识系统系统系统系统系统系统系统系统系统系统系统系统系统系统系统系统化。 它的主要目的是:查明关键的PD特性、要求和办法; 提出一个急需的统一框架,用以评价安全和业绩的更高程度; 探索从安全的可靠程度到关键的安全层次的系统系统系统,从而形成新的安全层次的灵活性。