Data storage security and full disk encryption

E. K. Alekseev; L. R. Akhmetzyanova; A. A. Babueva; S. V. Smyshlyaev

Geodesic

Parcourir par

Data storage security and full disk encryption

E. K. Alekseev ; L. R. Akhmetzyanova ; A. A. Babueva ; S. V. Smyshlyaev

Prikladnaâ diskretnaâ matematika, no. 3 (2020), pp. 78-97.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

In the paper, a systematic description of the process of providing the security of data storage in modern operating systems is presented. The advantages of Full Disk Encryption (FDE) modules as compared with the other ways to security of this data storage are considered and explained. For most of modern FDE modules, there are four stages of work, namely: setup — initial data encryption, mounting — unfolding the key system in OS memory, session — reading and writing data using the FDE module (interaction of the file system with the hard disk driver), and unmounting — carrying out operations for ensuring purposeful properties of security and finishing work with the FDE module. These stages are introduced for the operating FDE module, including possible disrepairs, which are also systematized and considered in details. Performance characteristics that are important for synthesis and analysis are listed. Also, their target protective properties are studied in detail, the relationship between the problems of ensuring the confidentiality and integrity of data storage is shown and substantiated. New variants of these security properies are introduced so that they can become a guideline in the creation of FDE modules and a possible trade-off between performance and security. Some typical scenarios of using such systems are described.

Keywords: models and methods in information security, data storage security.

@article{PDM_2020_3_a5,
     author = {E. K. Alekseev and L. R. Akhmetzyanova and A. A. Babueva and S. V. Smyshlyaev},
     title = {Data storage security and full disk encryption},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {78--97},
     publisher = {mathdoc},
     number = {3},
     year = {2020},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2020_3_a5/}
}

TY  - JOUR
AU  - E. K. Alekseev
AU  - L. R. Akhmetzyanova
AU  - A. A. Babueva
AU  - S. V. Smyshlyaev
TI  - Data storage security and full disk encryption
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2020
SP  - 78
EP  - 97
IS  - 3
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2020_3_a5/
LA  - ru
ID  - PDM_2020_3_a5
ER  -

%0 Journal Article
%A E. K. Alekseev
%A L. R. Akhmetzyanova
%A A. A. Babueva
%A S. V. Smyshlyaev
%T Data storage security and full disk encryption
%J Prikladnaâ diskretnaâ matematika
%D 2020
%P 78-97
%N 3
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2020_3_a5/
%G ru
%F PDM_2020_3_a5

E. K. Alekseev; L. R. Akhmetzyanova; A. A. Babueva; S. V. Smyshlyaev. Data storage security and full disk encryption. Prikladnaâ diskretnaâ matematika, no. 3 (2020), pp. 78-97. http://geodesic.mathdoc.fr/item/PDM_2020_3_a5/

Bibliographie
Cité par

[1] Information Technology. Cryptographic Data Security. Principles of Creation and Modernization for Cryptographic Modules. Recommendations for Standardization R 1323565.1.012-2017, Standartinform Publ., M., 2017 (in Russian)

[2] On Approval of the Requirements for Cryptographic Modules for Digital Signature and Certificate Authority, Order of the Federal Security Service of the Russian Federation of December 27, 2011 No 796 (in Russian)

[3] Zima V. M., Kljuev A. V., Litvinov O. A., et al., “Basics of protection of the information from unauthorized access in the automated systems of confidential office-work”, Tr. SPIIRAN, 2:3 (2006), 84–95 (in Russian)

[4] Khati L., Full Disk Encryption and Beyond, Diss. Cryptography and Security [cs.CR], Universite PSL; ENS Paris — Ecole Normale Superieure de Paris, 2019, 182 pp.

[5] Broz M., Authenticated and Resilient Disk Encryption, PhD thesis, Masaryk University, Brno, 2018

[6] Damgard I., Dupont K., Universally Composable Disk Encryption Schemes, IACR Cryptology, , 2005 https://eprint.iacr.org/2005/333.pdf

[7] Gjosteen K., “Security notions for disk encryption”, LNCS, 3679, 2005, 455–474 | MR

[8] https://integralmemory.com

[9] Akhmetzyanova L., Alekseev E., Karpunin G., et al., “On one approach to formalizing cryptographic analysis tasks”, Matem. Vopr. Kriptogr., 2020 (in Russian)

[10] Akhmetzyanova L., Alekseev E., Karpunin G., et al., CTCrypt'2019 (in Russian)

[11] Bhargavan K., Leurent G., “On the practical (in-)security of 64-bit block ciphers. Collision attacks on HTTP over TLS and OpenVPN”, Proc. CCS'16 (October 24–28, 2016, Vienna, Austria), 456–467 https://sweet32.info/SWEET32_CCS16.pdf

[12] Smyshlyaev S., Re-keying Mechanisms for Symmetric Keys, RFC 8645, , August 2019 https://tools.ietf.org/html/rfc8645

[13] Akhmetzyanova L. R., Alekseev E. K., Oshkin I. B., Smyshlyaev S. V., Increasing the Lifetime of Symmetric Keys for the GCM Mode by Internal Re-keying, Cryptology ePrint Archive: Report 2017/697

[14] Alekseev E. K., Akhmetzyanova L. R., Meshkov D. A., et al., On Key Lifetime. P. 1, CRYPTO-PRO LLC Blog, 2017 (in Russian)

[15] Alekseev E. K., Akhmetzyanova L. R., Meshkov D. A., et al., On Key Lifetime. P. 2, CRYPTO-PRO LLC Blog, 2017 (in Russian)

[16] Bellare M., Rogaway P., Introduction to Modern Cryptography, , 2005 https://web.cs.ucdavis.edu/r̃ogaway/classes/227/spring05/book/main.pdf

[17] Bellare M., Boldyreva A., O'Neill A., “Deterministic and efficiently searchable encryption”, LNCS, 4622, 2007, 535–552 | MR | Zbl