Encrypted Watermarks and Linux Laptop Security

The most common way to implement full-disk encryption (as opposed to encrypted file systems) in the GNU/Linux operating system is using the encrypted loop device, known as CryptoLoop. We demonstrate clear weaknesses in the current CBC-based implementation of CryptoLoop, perhaps the most surprising being a very simple attack which allows specially watermarked files to be identified on an encrypted hard disk without knowledge of the secret encryption key. We take a look into the practical problems of securely booting, authenticating, and keying full-disk encryption. We propose simple improvements to the current CryptoLoop implementation based on the notions of tweakable encryption algorithms and enciphering modes. We also discuss sector-level authentication codes. The new methods have been implemented as a set of patches to the Linux Kernel series 2.6 and the relevant system tools.

[1]  Paul Crowley,et al.  Mercy: A Fast Large Block Cipher for Disk Sector Encryption , 2000, FSE.

[2]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[3]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[4]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[5]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Matthew J. B. Robshaw,et al.  Fast Block Cipher Proposal , 1993, FSE.

[7]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[8]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[9]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[10]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[11]  Scott R. Fluhrer Cryptanalysis of the Mercy Block Cipher , 2001, FSE.

[12]  William A. Arbaugh,et al.  Personal Secure Booting , 2001, ACISP.

[13]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[14]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[15]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[16]  Markku-Juhani O. Saarinen Cryptanalysis of Block Ciphers Based on SHA-1 and MD5 , 2003, FSE.

[17]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[18]  R. Card,et al.  Design and Implementation of the Second Extended Filesystem , 2001 .

[19]  Eli Biham,et al.  Two Practical and Provably Secure Block Ciphers: BEARS and LION , 1996, FSE.

[20]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[21]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.