Paper 2016/274

What users should know about Full Disk Encryption based on LUKS

Simone Bossi and Andrea Visconti

Abstract

Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. The 14th International Conference on Cryptology and Network Security (CANS 2015)
Keywords
key management
Contact author(s)
andrea visconti @ unimi it
History
2016-03-10: received
Short URL
https://ia.cr/2016/274
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/274,
      author = {Simone Bossi and Andrea Visconti},
      title = {What users should know about Full Disk Encryption based on {LUKS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/274},
      year = {2016},
      url = {https://eprint.iacr.org/2016/274}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.