DEBridge: Towards Secure and Practical Plausibly Deniable Encryption Based on USB Bridge Controller
摘要
Plausibly deniable encryption (PDE) systems have been developed to enable users to securely store sensitive data while plausibly denying its existence under coercion to disclose encryption keys. However, the majority of existing PDE systems are software-based, lacking hardware-level security protection for keys. Additionally, they often require the installation of additional supporting software and depend on specific operating systems (OS), file systems (FS), or storage media, significantly limiting their practicality. To address these limitations, we present DEBridge, the first PDE system based on the USB bridge controller—a component that supports and controls data transfer between a host and a storage device. With the help of USB bridge controller, DEBridge introduces hardware security modules to provide hardware-level security protection for keys. We implement the “pseudo disk” as an interface for users to interact with the device, thereby avoiding the installation of additional software. Furthermore, DEBridge integrates hidden volume technology that supports multi-level deniability into the firmware of the USB bridge controller, thereby eliminating the dependence on OS, FS or storage media. We implement DEBridge on the TUSB9261 USB bridge controller and evaluate its feasibility and performance. Given the peculiarities and sensitivities of PDE systems themselves, we believe that the security and practicality brought by DEBridge are of significant value.