Building and Evaluating a k-Resilient Mobile Distributed File System Resistant to Device Compromise

Abstract

Deploying mobile devices to frontline troops presents many potential benefits, e.g.\ situational awareness, enhanced communication capabilities, etc. However, security remains an impediment to realizing such capability. In this research, we develop and evaluate an approach to securing the non-volatile storage of a collection of mobile devices. Our technique relies on well-established cryptographic primitives, combining them in a unique way to meet military mission specific security and resiliency requirements. Specifically, we create MDFS, a distributed mobile file system using erasure coding, Shamir's threshold secret sharing, and the symmetric AES block cipher. The resulting system provides two important properties: (1) data at rest is protected even after total compromise of up to $k$ devices, and (2) data is replicated within an infrastuctureless ad hoc network and, as such, resilient to device outages. We implement MDFS on Android mobile devices and achieve $\simeq$10Mbps throughput in real-world performance experiments, suggesting that MDFS is suitable for a variety of practical workloads.