Disk Encryption Theory - Problem Definition

Problem Definition

Disk encryption methods aim to provide three distinct properties:

  1. The data on the disk should remain confidential
  2. Data retrieval and storage should both be fast operations, no matter where on the disk the data is stored.
  3. The encryption method should not waste disk space (i.e., the amount of storage used for encrypted data should not be significantly larger than the size of plaintext)

The first property requires defining an adversary with respect to whom the data is being kept confidential. The strongest adversaries studied in the field of disk encryption have these abilities:

  1. they can read the raw contents of the disk at any time;
  2. they can request the disk to encrypt and store arbitrary files of their choosing;
  3. and they can modify unused sectors on the disk and then request their decryption.

A method provides good confidentiality if the only information such an adversary can determine over time is whether the data in a sector has or has not changed since the last time they looked.

The second property requires dividing the disk into several sectors, usually 512 bytes (4,096 bits) long, which are encrypted and decrypted independently of each other. In turn, if the data is to stay confidential, the encryption method must be tweakable – no two sectors should be processed in exactly the same way. Otherwise, the adversary could decrypt any sector of the disk by copying it to an unused sector of the disk and requesting its decryption.

The third property is generally non-controversial. However, it indirectly prohibits the use of stream ciphers, since stream ciphers require, for their security, that the same initial state not be used twice (which would be the case if a sector is updated with different data); thus this would require an encryption method to store separate initial states for every sector on disk—seemingly a clear waste of space. The alternative, a block cipher, is limited to a certain block size (usually 128 or 256 bits). Because of this, disk encryption chiefly studies chaining modes, which expand the encryption block length to cover a whole disk sector. The considerations already listed make several well-known chaining modes unsuitable: ECB mode, which cannot be tweaked, and modes that turn block ciphers into stream ciphers, such as the CTR mode.

These three properties do not provide any assurance of disk integrity; that is, they don't tell you whether an adversary has been modifying your ciphertext. In part, this is because an absolute assurance of disk integrity is impossible: no matter what, an adversary could always revert the entire disk to a prior state, circumventing any such checks. If some non-absolute level of disk integrity is desired, it can be achieved within the encrypted disk on a file-by-file basis using message authentication codes.

Read more about this topic:  Disk Encryption Theory

Famous quotes containing the words problem and/or definition:

    The problem of the novelist who wishes to write about a man’s encounter with God is how he shall make the experience—which is both natural and supernatural—understandable, and credible, to his reader. In any age this would be a problem, but in our own, it is a well- nigh insurmountable one. Today’s audience is one in which religious feeling has become, if not atrophied, at least vaporous and sentimental.
    Flannery O’Connor (1925–1964)

    The physicians say, they are not materialists; but they are:MSpirit is matter reduced to an extreme thinness: O so thin!—But the definition of spiritual should be, that which is its own evidence. What notions do they attach to love! what to religion! One would not willingly pronounce these words in their hearing, and give them the occasion to profane them.
    Ralph Waldo Emerson (1803–1882)