SaTC: CORE: Small: Collaborative: Hardware-assisted Plausibly Deniable System for Mobile Devices

SaTC：核心：小型：协作：用于移动设备的硬件辅助合理可否认系统

• 批准号: 2313139
• 负责人: Weisong Shi
• 金额: $ 25万
• 依托单位: University of Delaware
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2024-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2313139&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Hardware

Mobile computing devices typically use encryption to protect sensitive information. However, traditional encryption systems used in mobile devices cannot defend against an active attacker who can force the mobile device owner to disclose the key used for decrypting the sensitive information. This is particularly of concern to dissident users who are targets of nation states. An example of this would be a human rights worker collecting evidence of untoward activities in a region of oppression or conflict and storing the same in an encrypted form on the mobile device, and then being coerced to disclose the decryption key by an official. Plausibly Deniable Encryption (PDE) has been proposed to defend against such adversaries who can coerce users into revealing the encrypted sensitive content. However, existing techniques suffer from several problems when used in flash-memory-based mobile devices, such as weak deniability because of the way read/write/erase operations are handled at the operating systems level and at the flash translation layer, various types of side channel attacks, and computation and power limitations of mobile devices. This project investigates a unique opportunity to develop an efficient (low-overhead) and effective (high-deniability) hardware-assisted PDE scheme on mainstream mobile devices that is robust against a multi snapshot adversary. The project includes significant curriculum development activities and outreach activities to K-12 students. This project fundamentally advances the mobile PDE systems by leveraging existing hardware features such as flash translation layer (FTL) firmware and TrustZone to achieve a high deniability with a low overhead. Specifically, this project develops a PDE system with capabilities to: 1) defend against snapshot attacks using raw flash memory on mobile devices; and 2) eliminate side-channel attacks that compromise deniability; 3) be scalable to deploy on mainstream mobile devices; and 4) efficiently provide usable functions like fast mode switching. This project also develops novel teaching material on PDE and cybersecurity for K-12 students and the Regional Cybersecurity Education Collaboration (RCEC), a new educational partnership on cybersecurity in Michigan.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

移动计算设备通常使用加密来保护敏感信息。然而，移动设备中使用的传统加密系统无法防御主动攻击者，攻击者可以迫使移动设备所有者披露用于解密敏感信息的密钥。对于成为民族国家目标的持不同政见的用户来说，这一点尤其令人担忧。一个例子是，人权工作者收集压迫或冲突地区的不当活动的证据，并将其以加密形式存储在移动设备上，然后被官员强迫透露解密密钥。合理可否认加密 (PDE) 已被提出来防御此类可以强迫用户泄露加密敏感内容的对手。然而，现有技术在基于闪存的移动设备中使用时遇到一些问题，例如由于在操作系统级别和闪存转换层处处理读/写/擦除操作的方式而导致的弱否认性、各种类型的侧信道攻击以及移动设备的计算和功率限制。该项目研究了在主流移动设备上开发高效（低开销）和有效（高可否认性）硬件辅助 PDE 方案的独特机会，该方案对多快照对手具有鲁棒性。该项目包括重要的课程开发活动和针对 K-12 学生的外展活动。 该项目通过利用闪存转换层 (FTL) 固件和 TrustZone 等现有硬件功能，从根本上改进了移动 PDE 系统，以低开销实现高可否认性。具体来说，该项目开发了一个 PDE 系统，该系统具有以下功能：1）在移动设备上使用原始闪存防御快照攻击； 2) 消除损害可否认性的旁道攻击； 3）可扩展以部署在主流移动设备上； 4）有效地提供可用的功能，例如快速模式切换。该项目还为 K-12 学生和区域网络安全教育合作组织 (RCEC)（密歇根州的一个新的网络安全教育合作伙伴）开发有关 PDE 和网络安全的新颖教材。该奖项反映了 NSF 的法定使命，并通过评估被认为值得支持利用基金会的智力优势和更广泛的影响审查标准。