论文信息 - The forensic analysis of encrypted Truecrypt volumes

The forensic analysis of encrypted Truecrypt volumes

In this paper, we investigate the inner encryption principles of Truecrypt volumes including cryptographic algorithms, encryption mode, key derivation way and password verifying process. Besides, we explain the forensic operation by password cracking with concrete data instances. Our research could be helpful in two scenarios of Truecrypt application: one is to enable a personal user to retrieve his forgotten password, the other is to provide computer forensic analysis of criminal activity. To the best of our knowledge, this is the first time that the complete and explicit password cracking details are presented publicly and finally we also give some suggestion to enhance the security of Truecrypt encryption.

Yu Zhou | Lijun Zhang | Jia Fan

[1] Li-Yi Wei,et al. Parallel white noise generation on a GPU via cryptographic hash , 2008, I3D '08.

[2] Morris J. Dworkin. SP 800-38E. Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices , 2010 .

[3] S.A. Manavski,et al. CUDA Compatible GPU as an Efficient Hardware Accelerator for AES Cryptography , 2007, 2007 IEEE International Conference on Signal Processing and Communications.

[4] Jie Cheng,et al. CUDA by Example: An Introduction to General-Purpose GPU Programming , 2010, Scalable Comput. Pract. Exp..

[5] Jason Sanders,et al. CUDA by example: an introduction to general purpose GPU programming , 2010 .

[6] Philippe Oechslin,et al. Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[7] Phillip Rogaway,et al. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[8] Moti Yung,et al. High-Speed Implementations of Block Cipher ARIA Using Graphics Processing Units , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).