FileVault

Abstract: This document is intended to be a source of information about the Russian Federal standard for for electronic encryption, decryption and MAC algorithms (GOST 28147-89) [GOST28147], which is one of the official standards in the Russian cryptography, used in Russian algorithms (GOST algorithms). Recently, the Russian cryptography started to be used in different applications intended to work with the OpenSSL cryptographic library. Thus, this document has been created for the informational purposes for users of Russian cryptography.

Abstract: A new message authentication code (MAC) algorithm is proposed, which improves the popular retail MAC based on the data encryption standard: it has the same complexity, but provides better resistance against key recovery attacks In addition, a new key recovery attack on the retail MAC is presented, requiring a single known text-MAC pair and 2/sup 56/ online MAC verifications

Abstract: Software-based disk encryption techniques store necessary keys in main memory and are therefore vulnerable to DMA and cold boot attacks which can acquire keys from RAM. Recent research results have shown operating system dependent ways to overcome these attacks. For example, the TRESOR project patches Linux to store AES keys solely on the microprocessor. We present TreVisor, the first software-based and OS-independent solution for full disk encryption that is resistant to main memory attacks. It builds upon BitVisor, a thin virtual machine monitor which implements various security features. Roughly speaking, TreVisor adds the encryption facilities of TRESOR to BitVisor, i. e., we move TRESOR one layer below the operating system into the hypervisor such that secure disk encryption runs transparently for the guest OS. We have tested its compatibility with both Linux and Windows and show positive security and performance results.

Abstract: With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume encryption mechanism known as FileVault 2. Apple only disclosed marketing aspects of the closed-source software, e.g. its use of the AES-XTS tweakable encryption, but a publicly available security evaluation and detailed description was unavailable until now. We have performed an extensive analysis of FileVault 2 and we have been able to find all the algorithms and parameters needed to successfully read an encrypted volume. This allows us to perform forensic investigations on encrypted volumes using our own tools. In this paper we present the architecture of FileVault 2, giving details of the key derivation, encryption process and metadata structures needed to perform the volume decryption. Besides the analysis of the system, we have also built a library that can mount a volume encrypted with FileVault 2. As a contribution to the research and forensic communities we have made this library open source. Additionally, we present an informal security evaluation of the system and comment on some of the design and implementation features. Among others we analyze the random number generator used to create the recovery password. We have also analyzed the entropy of each 512-byte block in the encrypted volume and discovered that part of the user data was left unencrypted. ∗The opinions expressed in this paper are mine alone and do not reflect the opinions of my employer or affiliates of my employer unless otherwise explicitly stated.