DEFY: A Deniable, Encrypted File System for Log-Structured Storage

While solutions for file system encryption can prevent an adversary from determining the contents of files, in situations where a user wishes to hide the existence of data, encryption alone is not sufficient. Indeed, encryption may draw attention to those files, as they may likely contain information the user wishes to keep secret. Consequently, adversarial coercion may motivate the owner to surrender their encryption keys, under duress. This paper presents DEFY, a deniable file system following a log-structured design. Maintaining a log-structure is motivated by the technical constraints imposed by solid-state drives, such as those found in mobile devices. These devices have consequential properties that previous work largely ignores. Further, DEFY provides features not offered by prior work, including: authenticated encryption, fast secure deletion, and support for multiple layers of deniability. We consider security against a snapshot adversary, the strongest deniable filesystem adversary considered by prior literature. We have implemented a prototype based on YAFFS and an evaluation shows DEFY exhibits performance degradation comparable to the encrypted file system for flash, WhisperYAFFS.