Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2017: Topics in Cryptology – CT-RSA 2017 pp 241–257Cite as

Full Disk Encryption: Bridging Theory and Practice

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10159))

Abstract

We revisit the problem of Full Disk Encryption (FDE), which refers to the encryption of each sector of a disk volume. In the context of FDE, it is assumed that there is no space to store additional data, such as an IV (Initialization Vector) or a MAC (Message Authentication Code) value. We formally define the security notions in this model against chosen-plaintext and chosen-ciphertext attacks. Then, we classify various FDE modes of operation according to their security in this setting, in the presence of various restrictions on the queries of the adversary. We will find that our approach leads to new insights for both theory and practice. Moreover, we introduce the notion of a diversifier, which does not require additional storage, but allows the plaintext of a particular sector to be encrypted to different ciphertexts. We show how a 2-bit diversifier can be implemented in the EagleTree simulator for solid state drives (SSDs), while decreasing the total number of Input/Output Operations Per Second (IOPS) by only 4%.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Two distinct keys are needed: the message is encrypted with key K, and the IV is encrypted with key \(K'\ne K\) (see Fig. 1), in order to avoid an attack by Rogaway [24].

  2. 2.

    These blocks should not be confused with the blocks of the block cipher, nor with the “block” (actually “sector”) in the term Logical Block Address (LBA).

References

  1. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: On-line ciphers and the hash-CBC constructions. J. Cryptology 25(4), 640–679 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  2. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) Advances in Cryptology - CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_30

    Chapter  Google Scholar 

  3. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS, pp. 394–403. IEEE Computer Society Press (1997)

    Google Scholar 

  4. Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000). doi:10.1007/3-540-44448-3_24

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Introduction to Modern Cryptography. In: UCSD CSE 207 Course Notes, 207 pages (2005). http://cseweb.ucsd.edu/~mihir/cse207/

  6. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Berlin (2006). doi:10.1007/11761679_25

    Chapter  Google Scholar 

  7. Campbell, C.M.: Design and specification of cryptographic capabilities. IEEE Commun. Soc. Mag. 16(6), 15–19 (1978)

    Article  Google Scholar 

  8. Dayan, N., Svendsen, M.K., Bjørling, M., Bonnet, P., Bouganim, L.: EagleTree: exploring the design space of SSD-based algorithms. PVLDB 6(12), 1290–1293 (2013)

    Google Scholar 

  9. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. NIST SP 800–38E (2010)

    Google Scholar 

  10. Ferguson, N.: AES-CBC + Elephant diffuser: A Disk Encryption Algorithm for Windows Vista (2006). http://www.microsoft.com/en-us/download/details.aspx?id=13866

  11. Fruhwirth, C.: New methods in hard disk encryption. Master’s thesis, Vienna University of Technology (2005)

    Google Scholar 

  12. Gjøsteen, K.: Security notions for disk encryption. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 455–474. Springer, Heidelberg (2005). doi:10.1007/11555827_26

    Chapter  Google Scholar 

  13. Götzfried, J., Müller, T.: Analysing android’s full disk encryption feature. JoWUA 5(1), 84–100 (2014)

    Google Scholar 

  14. Halcrow, M., Savagaonkar, U., Ts’o, T., Muslukhov, I.: EXT4 Encryption Design Document (public version). Google Technical report (2015)

    Google Scholar 

  15. Halevi, S.: Re: Lrw key derivation (formerly pink-herring). IEEE P1619 Mailing List, May 2006

    Google Scholar 

  16. Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24660-2_23

    Chapter  Google Scholar 

  17. IEEE: IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. IEEE Std 1619–2007, pp. 1–32 (2008)

    Google Scholar 

  18. Joux, A., Martinet, G., Valette, F.: Blockwise-adaptive attackers revisiting the (in)security of some provably secure encryption modes: CBC, GEM, IACBC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 17–30. Springer, Berlin (2002). doi:10.1007/3-540-45708-9_2

    Chapter  Google Scholar 

  19. Jutla, C.: Attack on Free-MAC (2000). https://groups.google.com/d/msg/sci.crypt/4bkzm_n7UGA/5cDwfju6evUJ

  20. Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_32

    Chapter  Google Scholar 

  21. Khati, L., Mouha, N., Vergnaud, D.: Full Disk Encryption: Bridging Theory and Practice. Cryptology ePrint Archive, Report 2016/1114, full version of this paper (2016)

    Google Scholar 

  22. Müller, T., Freiling, F.C.: A systematic assessment of the security of full disk encryption. IEEE Trans. Dependable Sec. Comput. 12(5), 491–503 (2015)

    Article  Google Scholar 

  23. Nandi, M.: Two new efficient CCA-secure online ciphers: MHCBC and MCBC. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 350–362. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89754-5_27

    Chapter  Google Scholar 

  24. Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–358. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4_22

    Chapter  Google Scholar 

  25. Rogaway, P.: Evaluation of Some Blockcipher Modes of Operation. Technical report, CRYPTREC Investigation Report (2011)

    Google Scholar 

  26. Rogaway, P., Zhang, H.: Online ciphers from tweakable blockciphers. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 237–249. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19074-2_16

    Chapter  Google Scholar 

  27. Saarinen, M.-J.O.: Encrypted watermarks and linux laptop security. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 27–38. Springer, Heidelberg (2005). doi:10.1007/978-3-540-31815-6_3

    Chapter  Google Scholar 

Download references

Acknowledgments

Nicky Mouha is supported by a Postdoctoral Fellowship from the Flemish Research Foundation (FWO-Vlaanderen), by a JuMo grant from KU Leuven (JuMo/14/48CF), and by FWO travel grant 12F9714N. Certain algorithms and commercial products are identified in this paper to foster understanding. Such identification does not imply recommendation or endorsement by NIST, nor does it imply that the algorithms or products identified are necessarily the best available for the purpose. Damien Vergnaud is supported in part by the French ANR JCJC ROMAnTIC project (ANR-12-JS02-0004).

We thank Matias Bjørling, Luc Bouganim, Niv Dayan and Javier Gonzalez for their useful comments and suggestions on SSD technology.

Author information

Authors and Affiliations

  1. École Normale Supérieure - CNRS - Inria, Paris, France

    Louiza Khati & Damien Vergnaud

  2. Oppida, Montigny-le-Bretonneux, France

    Louiza Khati

  3. Department of Electrical Engineering-ESAT/COSIC, KU Leuven, Leuven and iMinds, Ghent, Belgium

    Nicky Mouha

  4. Project-team SECRET, Inria, Paris, France

    Nicky Mouha

  5. National Institute of Standards and Technology, Gaithersburg, MD, USA

    Nicky Mouha

Authors
  1. Louiza Khati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicky Mouha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Damien Vergnaud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicky Mouha .

Editor information

Editors and Affiliations

  1. Cryptography Research Inc. , San Francisco, California, USA

    Helena Handschuh

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Khati, L., Mouha, N., Vergnaud, D. (2017). Full Disk Encryption: Bridging Theory and Practice. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52153-4_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52152-7

  • Online ISBN: 978-3-319-52153-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation