MobiWear: A Plausibly Deniable Encryption System for Wearable Mobile Devices

Mobile computing devices are widely used in our daily life. With their increased use, a large amount of sensitive data are collected, stored, and managed in the mobile devices. To protect sensitive data, encryption is often used but, traditional encryption is vulnerable to coercive attacks in which the device owner is coerced by the adversary to disclose the decryption key. To defend against the coercive attacks, Plausibly Deniable Encryption (PDE) has been designed which can allow the victim user to deny the existence of hidden sensitive data. The PDE systems have been explored broadly for smartphones. However, the PDE systems which are suitable for wearable mobile devices are still missing in the literature.

In this work, we design(\mathsf{MobiWear}), the first PDE system specifically for wearable mobile devices. To accommodate the hardware nature of wearable devices,(\mathsf{MobiWear}): 1) uses image steganography to achieve PDE, which suits the resource-limited wearable devices; and 2) relies on various sensors equipped with the wearable devices to input passwords, rather than requiring users to enter them via a keyboard or a touchscreen. Security analysis and experimental evaluation using a real-world prototype (ported to an LG G smartwatch) show that(\mathsf{MobiWear})can ensure deniability with a small computational overhead as well as a small decrease of image quality.