Cryptoloop

Last updated

Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework introduced in version 2.5.45 of the Linux kernel mainline. [1] Cryptoloop was first introduced in the 2.5.x kernel series; its functionality was later incorporated into the device mapper, a generic framework used to map one block device onto another.

Contents

Cryptoloop can create an encrypted file system within a partition or from within a regular file in the regular file system. Once a file is encrypted, it can be moved to another storage device. This is accomplished by making use of a loop device, a pseudo device that enables a normal file to be mounted as if it were a physical device. By encrypting I/O to the loop device, any data being accessed must first be decrypted before passing through the regular file system; conversely, any data being stored will be encrypted.

Cryptoloop is vulnerable to watermarking attacks, [2] making it possible to determine presence of watermarked data on the encrypted filesystem:

This attack exploits weakness in IV computation and knowledge of how file systems place files on disk. This attack works with file systems that have soft block size of 1024 or greater. At least ext2, ext3, reiserfs and minix have such property. This attack makes it possible to detect presence of specially crafted watermarked files. Watermarked files contain special bit patterns that can be detected without decryption. [3]

Newer versions of cryptoloop's successor, dm-crypt, are less vulnerable to this type of attack if used correctly. [4]

See also

Related Research Articles

XFS is a high-performance 64-bit journaling file system created by Silicon Graphics, Inc (SGI) in 1993. It was the default file system in SGI's IRIX operating system starting with its version 5.3. XFS was ported to the Linux kernel in 2001; as of June 2014, XFS is supported by most Linux distributions, some of which use it as the default file system.

The ext2 or second extended file system is a file system for the Linux kernel. It was initially designed by French software developer Rémy Card as a replacement for the extended file system (ext). Having been designed according to the same principles as the Berkeley Fast File System from BSD, it was the first commercial-grade filesystem for Linux.

ext3, or third extended filesystem, is a journaled file system that is commonly used by the Linux kernel. It used to be the default file system for many popular Linux distributions. Stephen Tweedie first revealed that he was working on extending ext2 in Journaling the Linux ext2fs Filesystem in a 1998 paper, and later in a February 1999 kernel mailing list posting. The filesystem was merged with the mainline Linux kernel in November 2001 from 2.4.15 onward. Its main advantage over ext2 is journaling, which improves reliability and eliminates the need to check the file system after an unclean shutdown. Its successor is ext4.

Disk encryption software is computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

The device mapper is a framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices. It forms the foundation of the logical volume manager (LVM), software RAIDs and dm-crypt disk encryption, and offers additional features such as file system snapshots.

In computing, initrd is a scheme for loading a temporary root file system into memory, which may be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

In Unix-like operating systems, a loop device, vnd, or lofi is a pseudo-device that makes a file accessible as a block device.

EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

The following tables compare general and technical information for a number of file systems.

The ext4 journaling file system or fourth extended filesystem is a journaling file system for Linux, developed as the successor to ext3.

Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt also addresses some reliability problems of cryptoloop.

Btrfs, an abbreviation for b-tree file system, is a file system based on the copy-on-write (COW) principle. It was initially designed at Oracle Corporation in 2007 for use in Linux, and since November 2013 the file system's on-disk format has been declared stable in the Linux kernel.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used to retrieve encryption keys from a running operating system for malicious and/or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes after power has been removed.

TRESOR is a Linux kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual random-access memory (RAM). It is one of two proposed solutions for general-purpose computers, was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011. The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.

bcachefs is a copy-on-write (COW) file system for Linux-based operating systems. Its primary developer Kent Overstreet first announced it in 2015, and efforts are ongoing to have it included in the mainline Linux kernel. It is intended to compete with the modern features of ZFS or btrfs, and the speed and performance of ext4 or XFS.

References

  1. "Kernel development". LWN.net. October 2002. Retrieved 2015-02-15.
  2. SecuriTeam (2005-05-26). "Linux Cryptoloop Watermark Exploit" . Retrieved 2006-08-09.
  3. Saarinen, Markku-Juhani O. (2004-02-19). "'Re: Oopsing cryptoapi (or loop device?) on 2.6.*' - MARC" . Retrieved 2017-06-04.
  4. Markus Reichelt (2004-06-20). "Why Mainline Cryptoloop Should Not Be Used" . Retrieved 2017-06-04.