Paper 2012/374

Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption

Omar Choudary, Felix Grobert, and Joachim Metz

Abstract

With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume encryption mechanism known as FileVault 2. Apple only disclosed marketing aspects of the closed-source software, e.g. its use of the AES-XTS tweakable encryption, but a publicly available security evaluation and detailed description was unavailable until now. We have performed an extensive analysis of FileVault 2 and we have been able to find all the algorithms and parameters needed to successfully read an encrypted volume. This allows us to perform forensic investigations on encrypted volumes using our own tools. In this paper we present the architecture of FileVault 2, giving details of the key derivation, encryption process and metadata structures needed to perform the volume decryption. Besides the analysis of the system, we have also built a library that can mount a volume encrypted with FileVault 2. As a contribution to the research and forensic communities we have made this library open source. Additionally, we present an informal security evaluation of the system and comment on some of the design and implementation features. Among others we analyze the random number generator used to create the recovery password. We have also analyzed the entropy of each 512-byte block in the encrypted volume and discovered that part of the user data was left unencrypted.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
full disk encryptiontweakable encryptionkey derivation
Contact author(s)
omar choudary @ cl cam ac uk
History
2012-07-21: last of 2 revisions
2012-07-05: received
See all versions
Short URL
https://ia.cr/2012/374
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/374,
      author = {Omar Choudary and Felix Grobert and Joachim Metz},
      title = {Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2012/374},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/374}},
      url = {https://eprint.iacr.org/2012/374}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.