Secure disk storage is a rich and complex topic and its study is challenging in theory as well as in practice. In case of loss or theft of mobile devices (such as laptops and smartphones), the threat ...of data exposure is important and a natural security objective is to guarantee the confidentiality of the data-at-rest stored in such devices (e.g. on disks or solid-state drives). Classical approaches to encrypt data may have a severe impact on performance if the underlying architectural specificities are not considered. In particular, it is usually assumed that an encryption scheme suitable for the application of disk encryption must be length preserving. This so-called “full disk encryption” method provides confidentiality but does not provide cryptographic data integrity protection. It indeed rules out the use of authenticated encryption where an authentication tag is concatenated to the ciphertext. Moreover, authenticated encryption requires storing tags, and latency is added due to extra read/write accesses and tag computations. We present a comprehensive study of full disk encryption solutions and compare their features from a security perspective. We additionally present threat models for authenticated disk encryption and present a systematized analysis of the techniques usable in these settings (which has, up to now, received little attention from the research community). We finally review the current state-of-the-art of incremental cryptography and provide new insights for its use in secure disk storage contexts.
XTS-AES is a disk encryption mode of operation that uses the block cipher AES. Several studies have been conducted to improve the encryption speed using XTS-AES according to the increasing disk size. ...Among them, there are researches on parallel encryption of XTS-AES using GPU. Although these studies focus on parallel encryption of AES, optimization for the entire XTS mode has not been performed. The reason is that the <inline-formula> <tex-math notation="LaTeX">\alpha ^{j} </tex-math></inline-formula> computation process included in XTS mode is not suitable for parallel operation. Therefore, in this paper, we proposed several techniques for high-speed encryption in GPU by modifying XTS-AES into a form that is advantageous for parallel operation. The core idea is to pre-calculate the <inline-formula> <tex-math notation="LaTeX">\alpha ^{j} </tex-math></inline-formula> calculation on the CPU into a form that is easy to operate on the GPU. To achieve this goal, we analyzed the <inline-formula> <tex-math notation="LaTeX">\alpha ^{j} </tex-math></inline-formula> calculation process and present the parts that can be optimized. First, we presented a method that can replace multiple operations with a single table reference through the analyzed <inline-formula> <tex-math notation="LaTeX">\alpha ^{j} </tex-math></inline-formula> computation progress. Thereafter, we proposed a method that can be calculated by partially skipping the entire <inline-formula> <tex-math notation="LaTeX">\alpha ^{j} </tex-math></inline-formula> computation process that must be sequentially calculated through the table reference technique. For the proposed optimization implementation, we presented various results for evaluating the optimal implementation. In addition, we compared the performance of XTS-AES OpenSSL implementation on CPU and our proposed optimization implementation on GPU.
Deceptive Deletion Triggers Under Coercion Lianying Zhao; Mannan, Mohammad
IEEE transactions on information forensics and security,
12/2016, Letnik:
11, Številka:
12
Journal Article
Recenzirano
For users in possession of password-protected encrypted data in persistent storage (i.e., "data at rest"), an obvious problem is that the password may be extracted by an adversary through dictionary ...attacks, or by coercing the user. Traditional full disk encryption (FDE) or plausibly deniable encryption cannot adequately address such situations. Therefore, making data verifiably inaccessible in a stealthy and quick fashion may be the preferred choice, specifically for users, such as government/corporate agents, journalists, and human rights activists with highly confidential secrets, when caught and interrogated in a hostile territory. Using secure storage on a trusted platform module (TPM) and modern CPU's trusted execution mode (e.g., Intel TXT), we design Gracewipe to enable secure and verifiable deletion of encryption keys through a special deletion password. When coerced, a user can fake compliance and enter the deletion password; and then, the user can prove to the adversary that Gracewipe has been executed and the real key is no longer available (through a TPM quote), hoping for a favorable situation (e.g., end of torture). To unlock the target encryption key, the adversary can only guess passwords through the valid Gracewipe environment with a high-risk of triggering deletion of the real key. Based on our two primary Gracewipe prototypes (i.e., software-based FDE with TrueCrypt and hardware-based FDE with self-encrypting drive), we also design and implement an extended family of unlocking schemes for triggering deletion, to achieve better plausibility, security and usability. We incur between 2-2.5 seconds delay during boot, and no performance penalty at run-time.
Organizations as well as private users frequently report the loss and theft of mobile devices such as laptops and smartphones. The threat of data exposure in such scenarios can be mitigated by ...protection mechanisms based on encryption. Full disk encryption (FDE) is an effective method to protect data against unauthorized access. FDE can generally be classified into software- and hardware-based solutions. We assess the practical security that users can expect from these FDE solutions regarding physical access threats. We assume that strong cryptography like AES cannot be broken but focus on vulnerabilities arising from practical FDE implementations. We present the results of a comprehensive and systematic comparison of the security of software- and hardware-based FDE. Thereby, we exhibit attacks on widespread FDE standards in many common scenarios and different system configurations. As a result, we show that neither software- nor hardware-based FDE provides perfect security, nor is one clearly superior to the other.
The integration of strong encryption into operating systems is creating challenges for forensic examiners, potentially preventing us from recovering any digital evidence from a computer. Because ...strong encryption cannot be circumvented without a key or passphrase, forensic examiners may not be able to access data after a computer is shut down, and must decide whether to perform a live forensic acquisition. In addition, with encryption becoming integrated into the operating system, in some cases, virtualization is the most effective approach to performing a forensic examination of a system with FDE. This paper presents the evolution of full disk encryption (FDE) and its impact on digital forensics. Furthermore, by demonstrating how full disk encryption has been dealt with in past investigations, this paper provides forensics examiners with practical techniques for recovering evidence that would otherwise be inaccessible.
The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern ...mobile devices store PII for applications that span from email to SMS and from social media to location-based services increasing the concerns of the end user's privacy. Therefore, there is a clear need and expectation for PII data to be protected in the case of loss, theft, or capture of the portable device. In this paper, we present a novel FUSE (File system in User space) encryption file system to protect the removable and persistent storage on heterogeneous smart gadget devices running the Android platform. The proposed file system leverages NIST certified cryptographic algorithms to encrypt the data-at-rest. We present an analysis of the security and performance trade-offs in a wide-range of usage and load scenarios. Using existing known micro benchmarks in devices using encryption without any optimization, we show that encrypted operations can incur negligible overhead for read operations and up to twenty (20) times overhead for write operations for I/O-intensive programs. In addition, we quantified the database transaction performance and we observed a 50% operation time slowdown on average when using encryption. We further explore generic and device specific optimizations and gain 10% to 60% performance for different operations reducing the initial cost of encryption. Finally, we show that our approach is easy to install and configure across all Android platforms including mobile phones, tablets, and small notebooks without any user perceivable delay for most of the regular Android applications.
PDF
