Deniable File Systems


Journalists, aid workers, and democracy advocates all put themselves in harm’s way for the benefit of others. Yet, there is a glaring need for them to store data securely. Typically, secret data is protected with encryption that is assumed unbreakable. Yet, if those in a hostile environment are caught with encrypted data, they could be forced to comply through coercion or threats of bodily harm. We propose to secure data in plain sight by hiding it so that the operating system doesn’t even know it’s there. Therefore, the owner can completely deny the existence of the data. 

Our Steganographic file system, operates through the use of an external virtual block device driver. It utilizes secret sharing, external entropy sources, and erasure coding to deniably and reliably store data within the unallocated space of an existing file system. A set of data blocks to be hidden are combined with entropy blocks through erasure coding to produce a set of obfuscated carrier blocks that are then indistinguishable from other pseudorandom blocks on the disk. A subset of these blocks are then required to reconstruct the data. The system is information theoretically secure without knowledge of the entropy blocks.

This system will be the first fully deniable, secure, and tunable steganographic file system. All previous attempts might attain security or performance but sacrifice deniability. Our project will not only push the boundaries of modern steganography, but we will build a fully working system that can survive intensive forensic examination. This will allow users in the field to have a reliable, secure means of carrying information where the presence of that information does not endanger their lives.

We plan to maintain the project indefinitely through publicly available sources such as Bitbucket or Github, as well as on the Storage and Systems Research Center’s web page. We hope to eventually include our system in the Linux source tree.


Linux Device Mapper Prototype

The Artifice prototype is implemented as a Linux Device Mapper that presents the user with a virtual block device that can be formatted like any other disk. The prototype currently supports hiding in FAT-32 and EXT4 file systems with planned support for NTFS and APFS. The prototype also supports both Reed-Solomon and Shamir Secret Sharing for obfuscation and error correction. The initial prototype is capable of running simple benchmarks but a stable release is still a work in progress.

Supporting Experiments

We are currently designing and running experiments to better understand the constantly shifting environment in which Artifice resides. The amount and location of random data, free space reuse behavior, SSD TRIM, and write pattern deniability among other factors are poorly understood and greatly impact the ability of a deniable storage system to provide sufficient security guarantees. 


The initial design for Artifice has been published the FOCI '19 workshop.


Last modified 21 Oct 2019