Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a survey

Ensuring confidentiality of sensitive data is of paramount importance, since data leakage may not only endanger dataowners’ privacy, but also ruin reputation of businesses as well as violate various regulations like HIPPA andSarbanes-Oxley Act. To provide confidentiality guarantee, the data should be protected when they are preserved inthe personal computing devices (i.e.,confidentiality duringtheirlifetime); and also, they should be rendered irrecoverableafter they are removed from the devices (i.e.,confidentiality after their lifetime). Encryption and secure deletion are usedto ensure data confidentiality during and after their lifetime, respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of thedata in personal computing devices, including both encryption and secure deletion. Especially for encryption, wemainly focus on the novel plausibly deniable encryption (PDE), which can ensure data confidentiality against both acoercive (i.e., the attacker can coerce the data owner for the decryption key) and a non-coercive attacker

Secure State Deletion: Testing the efficacy and integrity of secure deletion tools onSolid State Drives

The research aimed to determine the efficacy and integrity of several hard-drive disk deletion tools on solid state drives (SSDs). SSDs contain new technologies such as wear-levelling and device under provisioning to provide efficient functionality and speed for data management, but the same technologies may also provide obstacles to ensuring that all information is fully removed from the drive. Furthermore SSDs stores files in 4KB pages, yet data can only be deleted in 512KB blocks. This function uses the disk controller to remove all the pages from the block a file is being deleted from, storing the pages in a disk controlled cache. Once the whole block has been reset, the valid data is retrieved from the cache and replaced on an available block. The reset block is added to the SSDs free space. The specific purpose of this paper was to discover if any data was recovered, especially from the disk controlled cache while testing various tools and methods for their effectiveness of securely wiping data off SSDs. All tools except the GNU core utility DD left some file information which was recovered, though none of the recovered files was loadable. Additionally, the paper introduces the concept of the TRIM functionality and provides a baseline further research into this feature. Finally, a comparison of methods for securely deleting Solid State Drives is provided

DEFY: A Deniable File System for Flash Memory

While solutions for file system encryption can prevent an adversary from determining the contents of files, in situations where a user wishes to hide even the existence of data, encryption alone is not enough. Indeed, encryption may draw attention to those files, as they most likely contain information the user wishes to keep secret, and coercion can be a very strong motivator for the owner of an encrypted file system to surrender their secret key. Herein we present DEFY, a deniable file system designed to work exclusively with solid-state drives, particularly those found in mobile devices. Solid-state drives have unique properties that render previous deniable file system designs impractical or insecure. Further, DEFY provides features not offered by any single prior work, including: support for multiple layers of deniability, authenticated encryption, and an ability to quickly and securely delete data from the device. We have implemented a prototype based on the YAFFS and WhisperYaffs file systems. An evaluation shows DEFY performs comparatively with WhisperYaffs

Forensic Aspects of Various Flash Memory Devices

Flash memory devices provide high storage volume with low power consumption and faster read-write operations when compared to HDD. This makes FLASH memory devices to be considered as an efficient storage unit thus bringing huge demand for the usage of FLASH memory devices. One of the major problems faced by forensic investigators is extracting deleted data from flash memory devices, as some of the flash memory devices prevent extraction of deleted data using the standard forensic techniques. This paper focuses on exploring forensic opportunities for various flash-based memory devices. This is done by a thorough study of physics of flash memory, the development of flash transition layers, and the file systems that support these devices. It then conducts forensic experiments on various types of flash-based storage media and summarizes the results of each media. This paper also tries to explore various practices to be applied on flash storage media thus enabling them to retrieve deleted information with the use of standard forensic techniques

A Forensically Sound Adversary Model for Mobile Devices

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device