Advertisement

What Users Should Know About Full Disk Encryption Based on LUKS

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9476)

Abstract

Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.

Keywords

LUKS PBKDF2 Full disk encryption HMAC Hash functions Power management options 

References

  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996) Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Message authentication using hash functions–the hmac construction. RSA Laboratories CryptoBytes 2(1), 12–15 (1996)Google Scholar
  3. 3.
    Dürmuth, M., Güneysu, T., Kasper, M., Paar, C., Yalcin, T., Zimmermann, R.: Evaluation of standardized password-based key derivation against parallel processing platforms. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 716–733. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  4. 4.
    Elenkov, N.: Android Security Internals. No Starch Press (2014)Google Scholar
  5. 5.
    Frederiksen, T.K.: Using cuda for exhaustive password recovery (2011). http://daimi.au.dk/~jot2re/cuda/resources/report.pdf
  6. 6.
    Fruhwirth, C.: New methods in hard disk encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf
  7. 7.
    Fruhwirth, C.: LUKS On-Disk Format Specification Version 1.2.1 (2011). http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
  8. 8.
    Gutmann, P.: Secure deletion of data from magnetic and solid-state memory (1996). https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
  9. 9.
    Krawczyk, H., Bellare, M., Canetti, R.: Hmac: Keyed-hashing for message authentication. Internet RFC 2104 (1998)Google Scholar
  10. 10.
    Morris, R., Thompson, K.: Password security: A case history. Commun. ACM 22(11), 594–597 (1979)CrossRefGoogle Scholar
  11. 11.
    NIST: SP 800–132: Recommendation for password-based key derivation (2010)Google Scholar
  12. 12.
    NIST: FIPS PUB 180–4: Secure Hash Standard, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
  13. 13.
  14. 14.
    RSA Laboratories: Pkcs #5 v2.1: Password based cryptography standard (2012)Google Scholar
  15. 15.
    Schober, M.: Efficient password and key recovery using graphic cards. Diploma Thesis, Ruhr-Universität Bochum (2010)Google Scholar
  16. 16.
    Visconti, A., Bossi, S., Ragab, H., Caló, A.: On the weaknesses of PBKDF2. In: Proceedings of CANS 2015 (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversità Degli Studi di MilanoMilanItaly

Personalised recommendations