[liberationtech] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption

Sun, 15 Jul 2012 08:42:41 -0700 

Just came across the following research paper that no doubt will be of interest 
to folks on this list.

Kudos to the team at the University of Cambridge and others who have long been 
working on taking apart Apple File Vault's volume encryption mechanism.


--

Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk 
Encryption
http://eprint.iacr.org/2012/374.pdf

Omar Choudary
University of Cambridge

Felix Grobert ¨

Joachim Metz


Abstract 

With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume 
encryption mechanism known as FileVault 2. Apple only disclosed marketing 
aspects of the closed-source software, e.g. its use of the AES-XTS tweakable 
encryption, but a publicly available security evaluation and detailed 
description was unavailable until now.

We have performed an extensive analysis of FileVault 2 and we have been able to 
find all the algorithms and parameters needed to successfully read an encrypted 
volume. This allows us to perform forensic investigations on encrypted volumes 
using our own tools.

In this paper we present the architecture of FileVault 2, giving details of the 
key derivation, encryption process and metadata structures needed to perform 
the volume decryption. Besides the analysis of the system, we have also built a 
library that can mount a volume encrypted with FileVault 2. As a contribution 
to the research and forensic communities we have made this library open source.

Additionally, we present an informal security evaluation of the system and 
comment on some of the design and implementation features. Among others we 
analyze the random number generator used to create the recovery password. We 
have also analyzed the entropy of each 512-byte block in the encrypted volume 
and discovered that part of the user data was left unencrypted.
_______________________________________________
liberationtech mailing list
[email protected]

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Reply via email to