• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.39-48
• /
• 2015

As a growing number of people are concerned about the protection of personal information, the use of encryption solution has been increased. In addition, with the end of support for Windows XP and the improvement of operating system, the use of the Full Disk Encryption solution like Bitlocker will be increased. Therefore, it is necessary to consider countermeasures against Full Disk Encryption for the future digital forensic investigation. This paper provides the digital evidence acquisition procedure that responds to the Full Disk Encryption environment and introduces the countermeasures and detection tool against Full Disk Encryption solutions that are widely used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.201-211
• /
• 2012

This paper addresses a Full Disk Encryption hardware processor for SATA HDD in a single FPGA design, and shows its experimental result using an FPGA board. The proposed processor mainly consists of two blocks: the first block processes XTS-AES block cipher which is the IEEE P1619 standard of storage media encryption and the second block executes the interface between SATA Host (PC) and Device (HDD). To minimize the performance degradation, we designed the XTS-AES block with the 4-stage pipelined structure which can process a 128-bit block per 4 clock cycles and has 4.8Gbps (max) performance. Also, we implemented the proposed design with Xilinx ML507 FPGA board and our experiment showed 140MB/sec read/write speed in Windows XP 32-bit and a SATA II HDD. This performance is almost equivalent with the speed of the direct SATA connection without FDE devices, hence our proposed processor is very suitable for SATA HDD Full Disk Encryption environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.511-525
• /
• 2023

As awareness of personal data protection increases, various Full Disk Encryption (FDE)-based applications are being developed that real-time encryption or use virtual drive volumes to protect data on user's PC. FDE-based applications encrypt and protect the volume containing user's data. However, as disk encryption technology advances, some users are abusing FDE-based applications to encrypt evidence associated with criminal activities, which makes difficulties in digital forensic investigations. Thus, it is necessary to analyze the encryption process used in FDE-based applications and decrypt the encrypted data. In this paper, we analyze Cryptomator and Norton Ghost, which provide volume encryption and backup functions. We analyze the encrypted data structure and encryption process to classify the main data of each application and identify the encryption algorithm used for data decryption. The encryption algorithms of these applications are recently emergin gor customized encryption algorithms which are analyzed to decrypt data. User password is essential to generate a data encryption key used for decryption, and a password acquisition method is suggested using the function of each application. This supplemented the limitations of password investigation, and identifies user data by decrypting encrypted data based on the acquired password.

• Review of KIISC
• /
• v.28 no.5
• /
• pp.5-8
• /
• 2018

현대인에게 필수적인 스마트폰에는 통화기록, 문자 메시지, 이메일과 같은 사용자 개인 정보뿐 아니라 사진, 동영상, 문서 등과 같은 미디어 파일이 저장된다. 이러한 스마트폰 데이터는 포렌식 수사 입장에서 중요한 증거로써 사용될 수 있기 때문에 필수적으로 획득해야 하는 데이터이다. 하지만, 스마트폰의 꾸준한 업데이트와 FDE (Full Disk Encryption), FBE(File Based Encryption)과 같은 암호 기능의 적용으로 인해 스마트폰에서 사용자 데이터를 추출하는데 어려움이 있다. 이에 따라 스마트폰에서 사용자 데이터를 추출하는 연구가 지속적으로 수행되고 있으며, 본 논문에서는 그 중 하나인 백업 데이터에서 스마트폰의 데이터를 획득하는 연구 동향에 대해 설명한다.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.5-12
• /
• 2019

Full Disk Encryption(FDE)과 File Based Encryption(FBE)는 파일 디스크를 암호화하는 방식으로 안드로이드에서는 연락처, 문자 등의 사용자 데이터가 저장되는 데이터 파티션(/data)에 적용된다. FDE는 파티션 전체를 하나의 키로 암호화하는 방식이나 FBE는 2개 이상의 키로 파티션을 나누어 암호화한다. 이러한 FDE와 FBE는 기기 분실 및 도난 시 개인 정보 유출 피해를 방지할 수 있으나, 디지털 포렌식 수사 과정에서 증거 데이터 수집 및 분석을 어렵게 한다. 따라서 디지털 포렌식 관점의 FDE. FBE 분석 및 복호 방안에 관한 연구가 필요하다. 본 논문은 기존 FDE와 FBE의 복호 및 안전성 연구를 정리하고, 매년 FBE FDE가 보완되어 탑재되는 새로운 안드로이드 버전에 발맞춘 꾸준한 분석의 필요성을 시사한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.591-608
• /
• 2023

With the emergence of advanced encryption technologies such as Quantum Cryptography and Full Disk Encryption, an era of strengthening information security has begun. Users respond positively to the advancement of privacy-enhancing technology, on the other hand, investigative agencies have difficulty unveiling the actual truth as they fail to decrypt devices. In particular, unlike past ciphers, encryption methods using biometric information such as fingerprints, iris, and faces have become common and have faced technical limitations in collecting digital evidence. Accordingly, normative solutions have emerged as a major issue. The United States enacted the CLOUD Act with the legal mechanism of 'Contempt of court' and in 2016, the United Kingdom substantiated the Compelled Decryption through the Investigatory Powers Act (IPA). However, it is difficult to enforce Compelled Decryption on individuals in Korea because Korean is highly sensitive to personal information. Therefore, in this paper, we sought a method of introducing a Compelled Decryption that does not contradict the people's legal sentiment through a perception survey of 95 people on the Compelled Decryption. We tried to compare and review the Budapest Convention with major overseas laws such as the United States and the United Kingdom, and to suggest a direction of legislation acceptable to the people in ways to minimize infringement of privacy. We hope that this study will be an effective legal response plan for law enforcement agencies that can normatively overcome the technical limitations of decoding.