Abstract
The most common way to implement full-disk encryption (as opposed to encrypted file systems) in the GNU/Linux operating system is using the encrypted loop device, known as CryptoLoop. We demonstrate clear weaknesses in the current CBC-based implementation of CryptoLoop, perhaps the most surprising being a very simple attack which allows specially watermarked files to be identified on an encrypted hard disk without knowledge of the secret encryption key.
We take a look into the practical problems of securely booting, authenticating, and keying full-disk encryption. We propose simple improvements to the current CryptoLoop implementation based on the notions of tweakable encryption algorithms and enciphering modes. We also discuss sector-level authentication codes.
The new methods have been implemented as a set of patches to the Linux Kernel series 2.6 and the relevant system tools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197 (2001)
Anderson, R., Biham, E.: Two Practical and Provably Secure Block Ciphers: BEAR and LION. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 113–120. Springer, Heidelberg (1996)
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. 1997 IEEE Symposium on Security and Privacy, pp. 65–72. ACM Press, New York (1997)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Blaze, M.: A Cryptographic File System for Unix. In: Proc. First ACM Conference on Computer and Communications Security, Fairfax, VA (1993)
Card, R., Ts’o, T., Tweedie, S.: Design and implementation of the Second Extended Filesystem. In: Brokken, F.B., et al. (eds.) Proc. of the First Dutch International Symposium on Linux, Amsterdam (December 1994)
Cattaneo, G., Catuogno, L., Del Sorbo, A., Persiano, P.: The Design and Implementation of a Transparent Cryptographic File System for UNIX. In: USENIX Annual Technical Conference 2001, Freenix Track (2001)
Crowley, P.: Mercy: A Fast Large Block Cipher for Disk Sector Encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49–63. Springer, Heidelberg (2001)
Department of Defense. Industrial Security Manual for Safeguarding Classified Information, Department of Defense Manual, DoD 5220.22-M (June 1987)
Etienne, J.: Vulnerability in encrypted loop device for Linux (2002), Manuscript available from http://www.off.net/~jme/
Fluhrer, S.R.: Cryptanalysis of theMercy Block Cipher. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 28–36. Springer, Heidelberg (2002)
Gutmann, P.C.: SFS Version Documentation, http://www.cs.auckland.ac.nz/~pgut001/sfs/
Halevi, S., Rogaway, P.: A Tweakable Enciphering Mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)
Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)
Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal Secure Booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)
Jetico Inc. BestCrypt for Linux v.1.5.1 with Linux 2.6 support (2004), available from http://www.jetico.com
Kaliski, B.S., Robshaw, M.J.B.: Fast Block Cipher Proposal. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 33–40. Springer, Heidelberg (1994)
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)
Luby, M., Rackoff, C.: How to construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. of Computation 17(2) (April 1988)
Rivest, R.L.: All-Or-Nothing Encryption and The Package Transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)
Saarinen, M.-J.O.: Cryptanalysis of block ciphers based on SHA-1 and MD5. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 36–44. Springer, Heidelberg (2003)
Saarinen, M.-J.O.: Herring: A Tweakable Block Cipher for Sector level Encryption. Manuscript (2004) (to be submitted for publication)
Ruusu, J.: Loop-AES Source and Documentation, http://loop-aes.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saarinen, MJ.O. (2005). Encrypted Watermarks and Linux Laptop Security. In: Lim, C.H., Yung, M. (eds) Information Security Applications. WISA 2004. Lecture Notes in Computer Science, vol 3325. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31815-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-31815-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24015-0
Online ISBN: 978-3-540-31815-6
eBook Packages: Computer ScienceComputer Science (R0)