Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.

What users should know about full disk encryption based on LUKS / S. Bossi, A. Visconti (LECTURE NOTES IN COMPUTER SCIENCE). - In: Cryptology and Network Security / [a cura di] M. Reiter, D. Naccache. - [s.l] : Springer, 2015. - ISBN 9783319268224. - pp. 225-237 (( Intervento presentato al 14. convegno CANS tenutosi a Marrakesh nel 2015 [10.1007/978-3-319-26823-1_16].

What users should know about full disk encryption based on LUKS

A. Visconti
Ultimo
2015

Abstract

Mobile devices, laptops, and USB memory usually store large amounts of sensitive information frequently unprotected. Unauthorized access to or release of such information could reveal business secrets, users habits, non-public data or anything else. Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show that unwitting users can significantly reduce the security of a LUKS implementation by setting specific hash functions and aggressive power management options.
LUKS; PBKDF2; Full disk encryption; HMAC; Hash functions; Power management options
Settore INF/01 - Informatica
2015
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
chp%3A10.1007%2F978-3-319-26823-1_16.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 797.5 kB
Formato Adobe PDF
797.5 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/342452
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 7
social impact