HiPDS: A Storage Hardware-Independent Plausibly Deniable Storage System

Document Type


Publication Date



Department of Computer Science


A plausibly deniable storage (PDS) system not only conceals the plaintext of sensitive data, but also hides their very existence. It can essentially mitigate a novel coercive attack, in which the adversary captures both a victim and his/her device, and coerces the victim to disclose the sensitive data. A rich number of PDS systems have been designed in the literature. However, all of them are specifically designed for a certain type of storage hardware. In this work, we have designed \sf HiPDS , the first storage Hardware-independent Plausibly Deniable Storage system. \sf HiPDS can defend against a multi-snapshot adversary which can have access to both the external storage and the internal memory at multiple checkpoints over time. By leveraging our adapted chameleon hash, we encode the sensitive data into the non-sensitive cover data in a fine-grained manner, so that both the existence and the access of the sensitive data on the external storage device can be plausibly denied. In addition, to prevent the sensitive data from being compromised in the memory, the encoding/decoding process is run in a secure memory region isolated by the trusted execution environment. A salient feature of \sf HiPDS is that it can ensure deniability on any types of storage media, which is essentially important for users who may change the external storage devices over time. Security analysis and experimental evaluation confirm that \sf HiPDS can ensure deniability against the multi-snapshot adversary at the cost of an acceptable overhead.

Publication Title

IEEE Transactions on Information Forensics and Security