Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Network Security

CANS 2015: Cryptology and Network Security pp 225–237Cite as

What Users Should Know About Full Disk Encryption Based on LUKS

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9476))

Abstract

Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.

S. Bossi—Part of this work was performed as part of the author’s B.Sc. thesis, under the supervision of Dr. Andrea Visconti.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    32-bit or 64-bit operating system and cryptsetup version 1.6.6 (the latest version available at the time of testing) were installed on our laptops.

References

  1. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  2. Bellare, M., Canetti, R., Krawczyk, H.: Message authentication using hash functions–the hmac construction. RSA Laboratories CryptoBytes 2(1), 12–15 (1996)

    Google Scholar 

  3. Dürmuth, M., Güneysu, T., Kasper, M., Paar, C., Yalcin, T., Zimmermann, R.: Evaluation of standardized password-based key derivation against parallel processing platforms. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 716–733. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Elenkov, N.: Android Security Internals. No Starch Press (2014)

    Google Scholar 

  5. Frederiksen, T.K.: Using cuda for exhaustive password recovery (2011). http://daimi.au.dk/~jot2re/cuda/resources/report.pdf

  6. Fruhwirth, C.: New methods in hard disk encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf

  7. Fruhwirth, C.: LUKS On-Disk Format Specification Version 1.2.1 (2011). http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf

  8. Gutmann, P.: Secure deletion of data from magnetic and solid-state memory (1996). https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

  9. Krawczyk, H., Bellare, M., Canetti, R.: Hmac: Keyed-hashing for message authentication. Internet RFC 2104 (1998)

    Google Scholar 

  10. Morris, R., Thompson, K.: Password security: A case history. Commun. ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  11. NIST: SP 800–132: Recommendation for password-based key derivation (2010)

    Google Scholar 

  12. NIST: FIPS PUB 180–4: Secure Hash Standard, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

  13. Ponemon Institute: The billion dollar lost laptop problem (2010). http://newsroom.intel.com/servlet/JiveServlet/download/1544-16-3132/The_Billion_Dollar_Lost_Laptop_Study.pdf

  14. RSA Laboratories: Pkcs #5 v2.1: Password based cryptography standard (2012)

    Google Scholar 

  15. Schober, M.: Efficient password and key recovery using graphic cards. Diploma Thesis, Ruhr-Universität Bochum (2010)

    Google Scholar 

  16. Visconti, A., Bossi, S., Ragab, H., Caló, A.: On the weaknesses of PBKDF2. In: Proceedings of CANS 2015 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Università Degli Studi di Milano, Milan, Italy

    Simone Bossi & Andrea Visconti

Authors
  1. Simone Bossi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrea Visconti .

Editor information

Editors and Affiliations

  1. Department of Computer Science, UNC Chapel Hill, CHAPEL HILL, North Carolina, USA

    Michael Reiter

  2. Départment d'Informatique, Ecole Normale Supérieure, Paris, French Southern Territories

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bossi, S., Visconti, A. (2015). What Users Should Know About Full Disk Encryption Based on LUKS. In: Reiter, M., Naccache, D. (eds) Cryptology and Network Security. CANS 2015. Lecture Notes in Computer Science(), vol 9476. Springer, Cham. https://doi.org/10.1007/978-3-319-26823-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26823-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26822-4

  • Online ISBN: 978-3-319-26823-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation