FileVault

Last updated

FileVault
Other names Disk encryption software
Operating system macOS
License Proprietary

FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

Contents

Versions and key features

FileVault was introduced with Mac OS X 10.3 Panther, [1] and could only be applied to a user's home directory, not the startup volume. The operating system uses an encrypted sparse disk image (a large single file) to present a volume for the home directory. Mac OS X 10.5 Leopard and Mac OS X 10.6 Snow Leopard use more modern sparse bundle disk images [2] which spread the data over 8 MB files (called bands) within a bundle. Apple refers to this original iteration of FileVault as "legacy FileVault". [3]

OS X 10.7 Lion and newer versions offer FileVault 2, [3] which is a significant redesign. This encrypts the entire OS X startup volume and typically includes the home directory, abandoning the disk image approach. For this approach to disk encryption, authorised users' information is loaded from a separate non-encrypted boot volume [4] (partition/slice type Apple_Boot).

FileVault

The original version of FileVault was added in Mac OS X Panther to encrypt a user's home directory.

Master passwords and recovery keys

When FileVault is enabled the system invites the user to create a master password for the computer. If a user password is forgotten, the master password or recovery key may be used to decrypt the files instead. [3] FileVault recovery key is different from a Mac recovery key, which is a 28-character code used to reset your password or regain access to your Apple ID.

Migration

Migration of FileVault home directories is subject to two limitations: [5]

If Migration Assistant has already been used or if there are user accounts on the target:

If transferring FileVault data from a previous Mac that uses 10.4 using the built-in utility to move data to a new machine, the data continues to be stored in the old sparse image format, and the user must turn FileVault off and then on again to re-encrypt in the new sparse bundle format.

Manual encryption

Instead of using FileVault to encrypt a user's home directory, using Disk Utility a user can create an encrypted disk image themselves and store any subset of their home directory in there (for example, ~/Documents/private). This encrypted image behaves similar to a FileVault encrypted home directory, but is under the user's maintenance.

Encrypting only a part of a user's home directory might be problematic when applications need access to the encrypted files, which will not be available until the user mounts the encrypted image. This can be mitigated to a certain extent by making symbolic links for these specific files.

Limitations and issues

Backups

Without Mac OS X Server, Time Machine will back up a FileVault home directory only while the user is logged out. In such cases, Time Machine is limited to backing up the home directory in its entirety. Using Mac OS X Server as a Time Machine destination, backups of FileVault home directories occur while users are logged in.

Because FileVault restricts the ways in which other users' processes can access the user's content, some third party backup solutions can back up the contents of a user's FileVault home directory only if other parts of the computer (including other users' home directories) are excluded. [6] [7]

Issues

Several shortcomings were identified in legacy FileVault. Its security can be broken by cracking either 1024-bit RSA or 3DES-EDE.

Legacy FileVault used the CBC mode of operation (see disk encryption theory); FileVault 2 uses stronger XTS-AES mode. Another issue is storage of keys in the macOS "safe sleep" mode. [8] A study published in 2008 found data remanence in dynamic random-access memory (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to use a cold boot attack to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control by the owner. [9]

Early versions of FileVault automatically stored the user's passphrase in the system keychain, requiring the user to notice and manually disable this security hole.

In 2006, following a talk at the 23rd Chaos Communication Congress titled Unlocking FileVault: An Analysis of Apple's Encrypted Disk Storage System, Jacob Appelbaum & Ralf-Philipp Weinmann released VileFault which decrypts encrypted Mac OS X disk image files. [8]

A free space wipe using Disk Utility left a large portion of previously deleted file remnants intact. Similarly, FileVault compact operations only wiped small parts of previously deleted data. [10]

FileVault 2

Security

FileVault uses the user's login password as the encryption pass phrase. It uses the XTS-AES mode of AES with 128 bit blocks and a 256 bit key to encrypt the disk, as recommended by NIST. [11] [12] Only unlock-enabled users can start or unlock the drive. Once unlocked, other users may also use the computer until it is shut down. [3]

Performance

The I/O performance penalty for using FileVault 2 was found to be in the order of around 3% when using CPUs with the AES instruction set, such as the Intel Core i, and OS X 10.10.3 Yosemite. [13] Performance deterioration will be larger for CPUs without this instruction set, such as older Core CPUs.

Master passwords and recovery keys

When FileVault 2 is enabled while the system is running, the system creates and displays a recovery key for the computer, and optionally offers the user to store the key with Apple. The 120 bit recovery key is encoded with all letters and numbers 1 through 9, and read from /dev/random, and therefore relies on the security of the PRNG used in macOS. During a cryptanalysis in 2012, this mechanism was found safe. [14]

Changing the recovery key is not possible without re-encrypting the File Vault volume. [3]

Validation

Users who use FileVault 2 in OS X 10.9 and above can validate their key correctly works after encryption by running sudo fdesetup validaterecovery in Terminal after encryption has finished. The key must be in form xxxx-xxxx-xxxx-xxxx-xxxx-xxxx and will return true if correct. [15]

Starting the OS with FileVault 2 without a user account

If a volume to be used for startup is erased and encrypted before clean installation of OS X 10.7.4 Lion or 10.8 Mountain Lion:

Apple describes this type of approach as Disk Password—based DEK. [11]

See also

Related Research Articles

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

<span class="mw-page-title-main">Apple Remote Desktop</span> Application by Apple

Apple Remote Desktop (ARD) is a Macintosh application produced by Apple Inc., first released on March 14, 2002, that replaced a similar product called Apple Network Assistant. Aimed at computer administrators responsible for large numbers of computers and teachers who need to assist individuals or perform group demonstrations, Apple Remote Desktop allows users to remotely control or monitor other computers over a network. Mac Pro (2019), Mac mini with a 10Gb Ethernet card, and Mac Studio (2022) have Lights Out Management function and are able to power-on by Apple Remote Desktop.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

<span class="mw-page-title-main">Keychain (software)</span> Password management system in macOS

Keychain is the password management system in macOS, developed by Apple. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of the operating system, now known as macOS. A Keychain can contain various types of data: passwords, private keys, certificates, and secure notes.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

<span class="mw-page-title-main">BitLocker</span> Disk encryption software for Microsoft Windows

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

<span class="mw-page-title-main">BestCrypt</span> Commercial disk encryption app available for Windows, Linux, macOS and Android

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

A sparse image is a type of disk image file used on macOS that grows in size as the user adds data to the image, taking up only as much disk space as stored in it. Encrypted sparse image files are used to secure a user's home directory by the FileVault feature in Mac OS X Snow Leopard and earlier. Sparse images can be created using Disk Utility.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

<span class="mw-page-title-main">Private Disk</span>

Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

<span class="mw-page-title-main">Apple Disk Image</span> File format developed by Apple and used by macOS

AppleDisk Image is a disk image format commonly used by the macOS operating system. When opened, an Apple Disk Image is mounted as a volume within the Finder.

<span class="mw-page-title-main">Xor–encrypt–xor</span> Block cypher operating mode

The xor–encrypt–xor (XEX) is a (tweakable) mode of operation of a block cipher. In tweaked-codebook mode with ciphertext stealing, it is one of the more popular modes of operation for whole-disk encryption. XEX is also a common form of key whitening, and part of some smart card proposals.

IPSW, iPhone Software, is a file format used to install iOS, iPadOS, tvOS, HomePod, watchOS, and most recently, macOS firmware for devices equipped with Apple silicon. All Apple devices share the same IPSW file format for iOS firmware and their derivatives, allowing users to flash their devices through Finder or iTunes on macOS or Windows, respectively. Users can flash Apple silicon Macs through Apple Configurator 2.

<span class="mw-page-title-main">KeRanger</span> MacOS ransomware

KeRanger is a ransomware trojan horse targeting computers running macOS. Discovered on March 4, 2016, by Palo Alto Networks, it affected more than 7,000 Mac users.

References

  1. "Apple Previews Mac OS X "Panther"". Apple Press Info. Apple. June 23, 2003. Retrieved January 21, 2013.
  2. ScottW (November 5, 2007). "Live FileVault and Sparse Bundle Backups in Leopard". macosx.com. Archived from the original on October 29, 2013. Retrieved January 21, 2013.
  3. 1 2 3 4 5 Apple Inc (August 9, 2012). "OS X: About FileVault 2". Apple Inc. Archived from the original on October 29, 2014. Retrieved September 5, 2012.
  4. Apple Inc (August 17, 2012). "Best Practices for Deploying FileVault 2" (PDF). Apple Inc. p. 40. Archived from the original (PDF) on August 22, 2017. Retrieved September 5, 2012.
  5. "Archived - Mac OS X 10.3, 10.4: Transferring data with Setup Assistant / Migration Assistant FAQ". Apple support. Apple. Retrieved January 21, 2013.
  6. "Using Encrypted Disks". CrashPlan PROe support. CrashPlan PROe. Archived from the original on January 14, 2013. Retrieved January 21, 2013.
  7. "Using CrashPlan with FileVault". CrashPlan support. CrashPlan. Archived from the original on October 20, 2013. Retrieved January 21, 2013.
  8. 1 2 Appelbaum, Jacob; Weinmann, Ralf-Philipp (December 29, 2006). Unlocking FileVault: An Analysis of Apple's disk encryption (PDF). 23rd Chaos Communication Congress. Berlin. Retrieved March 31, 2007.
  9. Halderman, J. Alex; et al. (February 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys (PDF). 17th USENIX Security Symposium. San Jose, CA.
  10. Zdziarski, Jonathan (January 1, 2008). "File Vault's Dirty Little Secrets".
  11. 1 2 Apple, Inc (August 17, 2012). "Best Practices for Deploying FileVault 2" (PDF). Apple, Inc. p. 28. Archived from the original (PDF) on August 22, 2017. Retrieved September 5, 2012.
  12. Dworkin, Morris (January 2010). "Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices" (PDF). NIST Special Publication (800–3E). doi:10.6028/NIST.SP.800-38E.
  13. "How Fast is the 512 GB PCIe X4 SSD in the 2015 MacBook Pro?". Tech ARP.
  14. Choudary, Omar; Felix Grobert; Joachim Metz (July 2012). "Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption" . Retrieved January 19, 2013.{{cite journal}}: Cite journal requires |journal= (help)
  15. "fdesetup(8) Mac OS X Manual Page". Apple. August 21, 2013. Retrieved August 9, 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.