Encrypting Volumes

Chapter 9 Overview

  • Topic: Encrypting Volumes

  • Key Points:

    • Protecting an entire device versus individual files.

    • Risks and policy alternatives for protecting drive contents.

    • Block ciphers that achieve high security.

    • Block cipher encryption modes.

    • Hardware for volume encryption.

    • Software for volume encryption.

Securing a Volume

Full-Disk Encryption

  • Definition: Protects either a full disk or any mass storage volume.

Risks to Volumes

  • Loss of Device: Risk of computer theft.

  • Eavesdropping: Potential unauthorized access without an Operating System (OS) in place or via OS bypass techniques.

  • Data Disposal: Users discarding drives without proper wiping.

Risks and Policy Trade-Offs

  • Critical Data Identification: Assessment of whether it’s practical to identify critical data versus applying encryption to all data automatically.

  • Security Boundary: Querying whether attackers already have access inside the system.

Access Control versus Encryption

  1. Hostile Users: Does the system protect against users who are logged in and hostile?

  2. Trojan Threats: Does it guard against data leaks through Trojan horse applications?

  3. Trojan Crypto: How does it deal with Trojan software embedded within the encryption software?

  4. External Files: Protection of files copied onto removable storage taken to other computers?

  5. Physical Control: Protection if an attacker gains physical control of the computer and disassembles it?

  6. Theft Protection: Do files remain secured if there is theft?

  7. Recycling Concerns: Ensuring files remain secured when selling, discarding, or recycling drives, preventing unauthorized recovery by scavengers or new owners.

Block Ciphers

  • Definition: Stream ciphers encrypt data bit-by-bit, while block ciphers encrypt fixed-size blocks of bits.

  • Key Examples:

    • DES: An older standard operating on 64-bit blocks.

    • AES: A modern standard working on 128-bit blocks.

  • Padding: Necessary for aligning data sizes.

Building a Block Cipher

  • Rounds in Block Ciphers:

    • Block ciphers operate using multiple loops, known as rounds, which enhance security through increased data scrambling.

  • Process:

    • The first round applies plaintext as input, while subsequent rounds use output from prior rounds.

    • Keys from the key schedule are utilized in each round with permutations and substitutions as defined by the encryption algorithm.

Steps in Building a Block Cipher

  1. Key Schedule Generation: Derived sub-keys from the original encryption key.

  2. Round Operations:

    • Each round takes the input block or the previous round outcome.

    • The key schedule is used to apply substitutions and permutations.

Decryption Process

  • Follows the same steps as encryption in reverse, employing the key schedule inversely.

Key Schedule Details

  • Subkeys: The key schedule includes smaller sub-keys applied in subsequent rounds to strengthen security.

  • Key Expansion: Many algorithms create a larger schedule than the original key to enhance robustness.

Evolution of DES and AES

  • DES Development:

    • Created in the mid-1970s by IBM, based on the cipher named “Lucifer.”

    • Criticism centered around its obscure design process and short key length.

  • AES Development:

    • Developed through an open process with comprehensive analysis and larger key sizes.

Triple DES

  • Definition: Enhancement over DES using three applications of the DES algorithm.

  • Process Flow:

    1. Encrypt with the first key.

    2. Decrypt with the second key.

    3. Encrypt again with the third key.

The RC4 Story

  • Origin: Created by Ron Rivest in 1987, originally kept secret.

  • Export Approval: Came with limitations (e.g., 40-bit keys).

  • Leakage: After being leaked, biases were revealed leading to vulnerabilities in the early 2000s.

  • Falling from Favor: Widespread usage in protocols like WEP and WPA diminished due to vulnerabilities.

RC4 Characteristics

Type of Cipher

  • Stream Cipher: Encrypts data byte-by-byte utilizing the XOR operation.

Operation Process

  1. Key Scheduling Algorithm (KSA):

    • Initializes a 256-byte state array, shuffling it based on the key.

  2. Pseudo-Random Generation Algorithm (PRGA):

    • Updates state and generates a keystream used in encryption.

  3. Decryption: Reuses the same process as encryption via XOR operations to recover plaintext.

Example of RC4 Operation

  • Example Key: "KEY" (3 bytes - K=75, E=69, Y=89).

  • KSA utilized to create a shuffled internal state, then PRGA creates a random keystream.

  • Example illustrates the XOR operation that generates ciphertext from plaintext.

Characteristics of RC4

  • Key Size:

    • Vulnerabilities due to smaller key sizes (e.g., 40-bit for SSL).

  • Advantages:

    • Fast and simple software implementation.

    • Flexible key sizes.

  • Disadvantages:

    • Susceptibility to several attacks, especially with key reuse, and issues with randomness in keystreams.

Lessons Learned from RC4

  • Creator biases: Algorithms created under non-disclosure can hide flaws.

  • Restricted analysis complicates flaw discovery.

  • Open Design Principle: Security shouldn't rely solely on the secrecy of design or implementation.

Qualities of Good Encryption Algorithms

  1. Design Purpose: Tailored for encryption specifically.

  2. Independence from Secrecy: Remains secure despite public knowledge.

  3. Public Analysis: Accessible for proper scrutiny by cryptographers.

  4. Extensive Review: Undergoes rigorous cryptanalysis.

  5. Lack of Weaknesses: No successful attacks against it.

  6. Formal Evaluation: Achieved recognized security standards.

Block Ciphers and Image Challenges

  • Issues: Block ciphers struggle against plaintext patterns leading to predictable ciphertext.

  • Historical Practices: Early methods involved restricting data and using clerks for message rearrangement, which introduced errors.

Modern Solutions and Modes of Operation

Modes of Operation

  • Defined as techniques to mix cipher outputs and enhance pattern prevention:

    • ECB: Encrypts each block separately, can retain patterns.

    • OFB: Stream cipher capability.

    • CTR: Generates a keystream (changing bit by bit) useful for stream cipher applications.

    • CFB: Combination of stream and block operations. (changing block by block)

    • CBC: Utilizes chaining on block encryptions, recommended for its robustness.(Changes the plaintext rather than changing the key)

Initialization Vector (IV)

  • Requirement for many modes to ensure unique encryptions.

  • Rules for IV:

    • Must be variable and not chosen by an attacker.

Stream Cipher Modes Using Block Ciphers

Key Stream Generation (OFB Mode)

  • Encryption uses keystream through XOR operations.

  • Key Handling: Importance of distinct IV for secure key stream generation.

Ciphertext Size

  • Ciphertext will generally exceed plaintext when using IVs, though most applications can accept this.

Error Propagation in Stream Cipher Modes

  • Different error propagation methods in stream versus block modes.

Salt vs Nonce vs IV

  • Salt: Random data for creating unpredicted hashes.

    • Salt is created from a number input into a has to make it unpredictable

  • Nonce: Uniquely identifiable, sequential or pseudo-random values.

  • Initialization Vector (IV): Unpredictably chosen, has no replay attack resistance.

Weaknesses of OFB Mode

  • Simplicity and IV Risks: Importance of comprehensive IV selection, preventing key stream duplication.

Counter (CTR) Mode

  • Generates a unique keystream incrementally, enhancing encryption flexibility and security in stream data contexts.

Cipher Feedback (CFB) Mode

  • Aimed to merge the benefits of both XOR and block ciphers while being mindful of single-bit error impacts.

Cipher Block Chaining (CBC) Mode

  • Similar error concerns as CFB, recognizing the need for integrity checks due to sensitivity to errors and rearrangement issues in ciphertext.

Volume Encryption in Software

  • Examples of Software-based encryption tools:

    • MS Windows: BitLocker feature.

    • Apple OS X: FileVault feature.

    • Commercial products: PGPDisk, Veracrypt.

Design Issues in Volume Encryption

  • Characteristics important for Full-Disk Encryption (FDE):

    • Strong encryption, integrity importance, pattern elimination, utilizing block cipher modes effectively.

Advanced Volume Encryption Techniques

Adapting CTR Mode

  • Unique nonce handling paired with sector numbering for improved security consistency.

Adapting CBC Mode: ESSIV

  • Utilizes a salty approach to the IV to prevent repeated patterns from leaking data and requiring additional mechanisms for integrity.

    • Improves confidentiality in disk encryption by randomizing IVs

XTS Mode: Truly Tweakable

  • Designed for disk encryption, eliminating the need for separate IV per block, while ensuring different outputs for identical inputs across various locations.

    • Provides Confidentiality but doesn’t guarantee integrity

Security Considerations

  • Vulnerabilities present in CTR mode and its relationship to potential exploitation through tampering.

  • XTS mode mitigates mentioned risks but may have its own limitations like rollback vulnerabilities.

Hardware-Based Self-Encrypting Drive

  • Overview of data encryption/decryption processed by the drive's controller to protect stored information securely and consistently.

Managing Volume Keys

  • Strategies for key management including key generation, re-keying during formatting, and key storage protocols.

Booting an Encrypted Drive

  • Importance of preboot authentication and its integration into the BIOS or dedicated partitions to secure access to encrypted drives.

Residual Risks to Keys

  • Discussion of potential threats to key integrity, addressing strategies against passphrase interception, software eavesdropping, and other attack vectors.