Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.6.1539

The Vulnerability Improvement Research Using Pseudo-Random Number Generator Scheme in EncFS  

Jeong, Won-Seok (Graduate School of Information Security, Korea University)
Jeong, Jaeyeol (Graduate School of Information Security, Korea University)
Jeong, Ik Rae (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.6, 2016 , pp. 1539-1550 More about this Journal
Abstract
In modern society, the number of applications, which needs storage, is increased. Among them, the advance of FinTech increased the importance of storage encryption. FinTech storage, storing sensitive information, should be kept secure. Unless the storage is kept, many users will be damaged monetarily. To prevent this problem, we should encrypt the storage. A EncFS, which is one of the most popular storage encryption application, uses different IVs for each block to provide higher levels of security in the encryption algorithm. However, there is a vulnerability related to the usage of same IVs. In this paper, we propose a technique that decrypts the ciphertexts without knowing the secret key by using the vulnerability. Moreover, we show that the EncFS is not secure under IND-CPA model and propose a new scheme which is secure under IND-CPA model.
Keywords
EncFS; AES; CBC; CFB; Pseudo-Random Number Generator;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. Scarfone, M. Souppaya, M. Sexton, "Guide to Storage Encryption Technologies for End User Devices," NIST Special Publication 800-111, pp. '3-1'-'3-9', NIST, Nov. 2007.
2 Microsoft, "BitLocker: About BitLocker," Available: https://technet.microsoft.com/en-us/library/cc732774(v=ws.11).aspx.
3 Apple, "OS X: About FileVault 2," Available: https://support.apple.com/ko-kr/HT204837.
4 V. Gough, "EncFS Encrypted Filesystem," Available: https://github.com/vgough/encfs/blob/master/README.md.
5 AxCrypt DB "AxCrypt," Available: http://www.axcrypt.net/wp-content/uploads/dlm_uploads/2016/06/AxCryptVersion2AlgorithmsandFileFormat.pdf.
6 T. Hicks and D. Kirkland, "eCryptfs," Available: http://ecryptfs.org/about.html.
7 M. A. Halcrow, "eCryptfs: An Enterprise-class Encrypted Filesystem for Linux," In Proceedings of the 2005 Linux Symposium, vol. 1, pp 201-218, Jul. 2005.
8 M. Szeredi, "File System in User Space," Available: https://github.com/libfuse/libfuse/blob/master/README.md.
9 M. Dworkin, "Recommendation for Block Cipher Modes of Operation. Methods and Techniques," NIST Special Publication 800-38A, pp. 10-13, NIST, Dec. 2001.
10 M. Bellare and P. Rogaway, "Introduction to modern cryptography," In UCSD CSE 207 Course Notes, Available : http://digidownload.libero.it/persiahp/crittografia/2005_Introduction_to_Modern_Cryptography.pdf, pp. 102-109, May. 2005.
11 T. Ptacek and E. Ptacek, "You Don't Want XTS," Available: https://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/, Apr. 2014.
12 OpenSSL, "Manual page of RAND add()", Available: https://wiki.openssl.org/index.php/Random_Numbers#Generators.
13 P. Lacharme, A. Rock, and V. Strubel, "The linux pseudorandom number generator revisited," IACR ePrint Archive, 2012-251, May. 2012.
14 T. Hornby, "EncFS Security Audit," Available: https://defuse.ca/audits/encfs.htm, Feb, 2014.
15 V. Gough, "EncFS Issues," Available: https://github.com/vgough/encfs/issues/10, Aug. 2014.
16 J. Daeman and V. Rijmen, The Design of Rijndael. AES - the advanced encryption standard, 1st Ed, Springer-Verlag, pp. 31-50, 2002.
17 H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," IETF RFC 2104, Feb. 1997.