Practical Cryptographic Data Integrity Protection with Full Disk   Encryption Extended Version

Milan Broz; Mikulas Patocka; and Vashek Matyas

arXiv:1807.00309·cs.CR·July 3, 2018·1 cites

Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version

Milan Broz, Mikulas Patocka, and Vashek Matyas

PDF

Open Access

TL;DR

This paper presents a software-based, algorithm-agnostic method for providing cryptographic data integrity and confidentiality at the disk sector level, integrated into the Linux kernel without special hardware.

Contribution

It introduces a novel software-only solution for cryptographic data integrity protection in full disk encryption, integrated into Linux kernel since version 4.12.

Findings

01

Implemented in Linux kernel 4.12

02

Provides data integrity without special hardware

03

Open-source and hardware-agnostic

Abstract

Full Disk Encryption (FDE) has become a widely used security feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per-sector metadata fields implemented in software. Our implementation has been included in the Linux kernel since the version 4.12. This is extended version of our article that appears in IFIP SEC 2018 conference proceedings.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Data Storage Technologies · Cloud Data Security Solutions · Cryptography and Data Security