Design And Verification Of Deniable Storage Encryption System Based On Android Platform

At present, with the rapid development and popularization of smart phones,smart phones become more and more powerful, and penetrate into all aspects of people's lives.Therefore smart phones store a lot of sensitive personal information and business data, which exists the potential risks of user data leakage. And so, all major mobile operating systems also provide some necessary measures to protect sensitive data of users in the case of losing their mobile phone, such as setting lock screen password. However, if in a particular context, malware or malicious competitors take some measures like the threat of violence to make users tell the password, the protection of such measures will lose the effectiveness of the application and cannot guarantee the security of user data.Therefore, this thesis proposes the system of Plausible Deniable Encryption (PDE), through modifying the original Android system,to introduce the deniability from the PC into the mobile terminal, to provide users with "two passwords, two modes,two systems": When users enter the decoy password,it will activate the standard mode and enter the decoy system, which is used for daily use and does not contain any privacy data. When users enter the real password, it will activate the PDE mode and enter the real system, in which users can collect and store sensitive data. Therefore, users can tell the decoy password to protect the privacy data in the real system, when they are forced. In this way, the user could tell the decoy password to achieve the protection of privacy data in the real system in the case of being forced to expose the personal passwordThe thesis builds a Android source development platform as the basic environment for the practice of the system, and then we make a deep research and customization of the Vold part of the Android system, including the introduction of Logical Volume Management Technology (LVM) in the Linux kernel part and thin provision to achieve common volume and hidden volume of linear storage, and through the realization of a custom system service - AblePDE service,which is convenient to set the password for the standard mode and PDE mode. In the PDE mode, we modify the encryption algorithm based on the Android FDE encryption,introduce the XTS-AES encryption mode, and further enhance the system's security and deniability. In the end, the design of the system is summarized and verified, and the future development and improvement direction is proposed.