A Multiple Snapshot Attack on Deniable Storage Systems

Appeared in MASCOTS 2021.

Abstract

While disk encryption is suitable for use in most situations where confidentiality of disks is required, stronger guarantees are required in situations where adversaries may employ coercive tactics to gain access to cryptographic keys. Deniable volumes are one such solution in which the security goal is to prevent an adversary from discovering that there is an encrypted volume. Multiple snapshot attacks, where an adversary is able to gain access to two or more images of a disk, have often been proposed in the deniable storage system literature; however, there have been no concrete attacks proposed or carried out. We present the first multiple snapshot attack, and we find that it is applicable to most, if not all, implemented deniable storage systems. Our attack leverages the pattern of consecutive block changes an adversary would have access to with two snapshots, and demonstrate that with high probability it detects moderately sized and large hidden volumes, while maintaining a low false positive rate.

Publication date:
October 2021

Authors:
Kyle Fredrickson
Austen Barker
Darrell D. E. Long

Projects:
Deniable File Systems

Available media

Full paper text: PDF

Bibtex entry

@inproceedings{fredrickson-mascots21,
  author       = {Kyle Fredrickson and Austen Barker and Darrell D. E. Long},
  title        = {A Multiple Snapshot Attack on Deniable Storage Systems},
  booktitle    = {MASCOTS 2021},
  pages        = {8},
  month        = oct,
  year         = {2021},
}
Last modified 9 Oct 2021