Abstract
Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.
S. Bossi—Part of this work was performed as part of the author’s B.Sc. thesis, under the supervision of Dr. Andrea Visconti.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
32-bit or 64-bit operating system and cryptsetup version 1.6.6 (the latest version available at the time of testing) were installed on our laptops.
References
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Canetti, R., Krawczyk, H.: Message authentication using hash functions–the hmac construction. RSA Laboratories CryptoBytes 2(1), 12–15 (1996)
Dürmuth, M., Güneysu, T., Kasper, M., Paar, C., Yalcin, T., Zimmermann, R.: Evaluation of standardized password-based key derivation against parallel processing platforms. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 716–733. Springer, Heidelberg (2012)
Elenkov, N.: Android Security Internals. No Starch Press (2014)
Frederiksen, T.K.: Using cuda for exhaustive password recovery (2011). http://daimi.au.dk/~jot2re/cuda/resources/report.pdf
Fruhwirth, C.: New methods in hard disk encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf
Fruhwirth, C.: LUKS On-Disk Format Specification Version 1.2.1 (2011). http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory (1996). https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Krawczyk, H., Bellare, M., Canetti, R.: Hmac: Keyed-hashing for message authentication. Internet RFC 2104 (1998)
Morris, R., Thompson, K.: Password security: A case history. Commun. ACM 22(11), 594–597 (1979)
NIST: SP 800–132: Recommendation for password-based key derivation (2010)
NIST: FIPS PUB 180–4: Secure Hash Standard, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
Ponemon Institute: The billion dollar lost laptop problem (2010). http://newsroom.intel.com/servlet/JiveServlet/download/1544-16-3132/The_Billion_Dollar_Lost_Laptop_Study.pdf
RSA Laboratories: Pkcs #5 v2.1: Password based cryptography standard (2012)
Schober, M.: Efficient password and key recovery using graphic cards. Diploma Thesis, Ruhr-Universität Bochum (2010)
Visconti, A., Bossi, S., Ragab, H., Caló, A.: On the weaknesses of PBKDF2. In: Proceedings of CANS 2015 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Bossi, S., Visconti, A. (2015). What Users Should Know About Full Disk Encryption Based on LUKS. In: Reiter, M., Naccache, D. (eds) Cryptology and Network Security. CANS 2015. Lecture Notes in Computer Science(), vol 9476. Springer, Cham. https://doi.org/10.1007/978-3-319-26823-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-26823-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26822-4
Online ISBN: 978-3-319-26823-1
eBook Packages: Computer ScienceComputer Science (R0)