Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.
[1]
Hugo Krawczyk,et al.
Keying Hash Functions for Message Authentication
,
1996,
CRYPTO.
[2]
Ken Thompson,et al.
Password security: a case history
,
1979,
CACM.
[3]
Tore Kasper Frederiksen.
Using CUDA for Exhaustive Password Recovery
,
2011
.
[4]
Hugo Krawczyk,et al.
HMAC: Keyed-Hashing for Message Authentication
,
1997,
RFC.
[5]
Tim Güneysu,et al.
Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms
,
2012,
ESORICS.
[6]
Clemens Fruhwirth,et al.
New Methods in Hard Disk Encryption
,
2005
.
[7]
Marc.
Efficient Password and Key recovery using Graphic Cards
,
2012
.
[8]
Andrea Visconti,et al.
On the Weaknesses of PBKDF2
,
2015,
CANS.
[9]
Peter Gutmann,et al.
Secure deletion of data from magnetic and solid-state memory
,
1996
.