Paper 2023/1792

Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones

Daniel Hugenroth, University of Cambridge
Alberto Sonnino, Mysten Labs, University College London
Sam Cutler, The Guardian
Alastair R. Beresford, University of Cambridge
Abstract

Privacy enhancing technologies must not only protect sensitive data in-transit, but also locally at-rest. For example, anonymity networks hide the sender and/or recipient of a message from network adversaries. However, if a participating device is physically captured, its owner can be pressured to give access to the stored conversations. Therefore, client software should allow the user to plausibly deny the existence of meaningful data. Since biometrics can be collected without consent and server-based authentication leaks metadata, implementations typically rely on memorable passwords for local authentication. Traditional password-based key stretching lacks a strict time guarantee due to the ease of parallelized password guessing by attackers. This paper introduces Sloth, a key stretching method leveraging the Secure Element (SE) commonly found in modern smartphones to provide a strict rate limit on password guessing. While this would be straightforward with full access to the SE, Android and iOS only provide a very limited API. Sloth utilizes the existing developer SE API and novel cryptographic constructions to build an effective rate-limit for password guessing on recent Android and iOS devices. Our approach ensures robust security even for short, randomly-generated, six-character alpha-numeric passwords against adversaries with virtually unlimited computing resources. Our solution is compatible with approximately 96% of iPhones and 45% of Android phones and Sloth seamlessly integrates without device or OS modifications, making it immediately usable by app developers today. We formally define the security of Sloth and evaluate its performance on various devices. Finally, we present HiddenSloth, a plausibly-deniable encryption scheme leveraging Sloth. It provides multi-snapshot resistance against adversaries who can covertly capture its on-disk content multiple times.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Proceedings on Privacy Enhancing Technologies
DOI
10.56553/popets-2024-0123
Keywords
key stretchingdeniable encryptionsecure elementpassword hashingAndroidiOS
Contact author(s)
dh623 @ cam ac uk
History
2024-07-23: last of 2 revisions
2023-11-20: received
See all versions
Short URL
https://ia.cr/2023/1792
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2023/1792,
      author = {Daniel Hugenroth and Alberto Sonnino and Sam Cutler and Alastair R. Beresford},
      title = {Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1792},
      year = {2023},
      doi = {10.56553/popets-2024-0123},
      url = {https://eprint.iacr.org/2023/1792}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.