Topic
dm-crypt
About: dm-crypt is a research topic. Over the lifetime, 5 publications have been published within this topic receiving 10 citations.
Papers
19 Mar 2018
TL;DR: This paper proposes StrongBox, a stream cipher-based FDE layer that is a drop-in replacement for dm-crypt, the standard Linux FDE module based on AES-XTS, and introduces a system design and on-drive data structures that exploit LFS»s lack of overwrites to avoid costly rekeying and a counter stored in trusted hardware to protect against attacks.
Abstract: Full-drive encryption (FDE) is especially important for mobile devices because they contain large quantities of sensitive data yet are easily lost or stolen. Unfortunately, the standard approach to FDE-the AES block cipher in XTS mode-is 3--5× slower than unencrypted storage. Authenticated encryption based on stream ciphers is already used as a faster alternative to AES in other contexts, such as HTTPS, but the conventional wisdom is that stream ciphers are unsuitable for FDE. Used naively in drive encryption, stream ciphers are vulnerable to attacks, and mitigating these attacks with on-drive metadata is generally believed to ruin performance. In this paper, we argue that recent developments in mobile hardware invalidate this assumption, making it possible to use fast stream ciphers for FDE. Modern mobile devices employ solid-state storage with Flash Translation Layers (FTL), which operate similarly to Log-structured File Systems (LFS). They also include trusted hardware such as Trusted Execution Environments (TEEs) and secure storage areas. Leveraging these two trends, we propose StrongBox, a stream cipher-based FDE layer that is a drop-in replacement for dm-crypt, the standard Linux FDE module based on AES-XTS. StrongBox introduces a system design and on-drive data structures that exploit LFS»s lack of overwrites to avoid costly rekeying and a counter stored in trusted hardware to protect against attacks. We implement StrongBox on an ARM big.LITTLE mobile processor and test its performance under multiple popular production LFSes. We find that StrongBox improves read performance by as much as 2.36× (1.72× on average) while offering stronger integrity guarantees.
14 citations
Posted Content•
TL;DR: Several common combinations of block device layers used as virtual disks in the Linux operating system are examined: disk partitions, loopback files, software RAID, Logical Volume Manager, and Network Block Devices.
Abstract: Block devices in computer operating systems typically correspond to disks or disk partitions, and are used to store files in a filesystem. Disks are not the only real or virtual device which adhere to the block accessible stream of bytes block device model. Files, remote devices, or even RAM may be used as a virtual disks. This article examines several common combinations of block device layers used as virtual disks in the Linux operating system: disk partitions, loopback files, software RAID, Logical Volume Manager, and Network Block Devices. It measures their relative performance using different filesystems: Ext2, Ext3, ReiserFS, JFS, XFS,NFS.
3 citations
Journal Article•
TL;DR: The paper constructs a package of flexible and credible storage schemes for the server under Linux system, by applying the LVM and RAID technique comprehensively, and also realizes the auto-mount use of which.
Abstract: In Linux system the LVM (Logical Volume Management) improves the flexibility of disk storage, and the RAID equipment ensures the credibility of data storage. The paper constructs a package of flexible and credible storage schemes for the server under Linux system, by applying the LVM and RAID technique comprehensively, and also realizes the auto-mount use of which.
1 citations
30 May 2021
TL;DR: This paper will discuss about forensic analysis to getting the disk encryption key on the dm-crypt is used to encrypt the disk on Linux operating system and prove that through forensic image memory on a live memory dump, key dM-crypt disk encryption can be found with a success percentage of 80%.
Abstract: Disk encryption technology is something very useful in securing data. On the other hand, disk encryption can be used by criminals to hide the digital evidence. The information in the disk will be very useful for the investigation, but if the disk on the computer evidence encrypted then it will hamper the investigation process. The conditions will certainly be a challenge for investigator cybercrime to be able to find the disk encryption key, especially if the perpetrator did not cooperate in the investigation process. The analysis of the image memory to get the encryption key will be helpful in the investigation. In the overall memory activity on the computer evidence will be recorded, using a live image memory dump on the computer evidence, the decryption keys can be recovered. This paper will discuss about forensic analysis to getting the disk encryption key on the dm-crypt is used to encrypt the disk on Linux operating system and prove that through forensic image memory on a live memory dump, key dm-crypt disk encryption can be found with a success percentage of 80%. On this paper the research will be focused on the Linux operating system with dm-crypt function to full disk encryption.
1 citations
Proceedings Article•
18 Nov 2016
TL;DR: It is shown that the dm-crypt module used in Linux for full disk encryption has limitations that can be relaxed when considering larger block sizes, and it is demonstrated that performance gains almost by a factor two are possible, which opens new opportunities for future use-cases.
Abstract: Using dedicated hardware is common practice in order to accelerate cryptographic operations: complex operations are managed by a dedicated co-processor and RAM/crypto-engine data transfers are fully managed by DMA operations. The CPU is therefore free for other tasks, which is vital in embedded environments with limited CPU power. In this work we discuss and benchmark XTS-AES, using either software or mixed approaches, using Linux and dm-crypt, and a low-power At-mel(tm) board. This board featurs an AES crypto-engine that supports ECB-AES but not the XTS-AES mode. We show that the dm-crypt module used in Linux for full disk encryption has limitations that can be relaxed when considering larger block sizes. In particular we demonstrate that performance gains almost by a factor two are possible, which opens new opportunities for future use-cases.
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 1 |
| 2018 | 1 |
| 2016 | 1 |
| 2010 | 1 |
| 2005 | 1 |