In the paper, a systematic description of the process of providing the security of data storage in modern operating systems is presented. The advantages of Full Disk Encryption (FDE) modules as compared with the other ways to security of this data storage are considered and explained. For most of modern FDE modules, there are four stages of work, namely: setup - initial data encryption, mounting - unfolding the key system in OS memory, session - reading and writing data using the FDE module (interaction of the file system with the hard disk driver), and unmounting - carrying out operations for ensuring purposeful properties of security and finishing work with the FDE module. These stages are introduced for the operating FDE module, including possible disrepairs, which are also systematized and considered in details. Performance characteristics that are important for synthesis and analysis are listed. Also, their target protective properties are studied in detail, the relationship between the problems of ensuring the confidentiality and integrity of data storage is shown and substantiated. New variants of these security properies are introduced so that they can become a guideline in the creation of FDE modules and a possible tradeoff between performance and security. Some typical scenarios of using such systems are described.
Download file
Counter downloads: 116
- Title Data storage security and full disk encryption
- Headline Data storage security and full disk encryption
- Publesher
Tomsk State University
- Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 49
- Date:
- DOI 10.17223/20710410/49/6
Keywords
модели и методы защиты информации, защита хранимых данных, models and methods in information security, data storage securityAuthors
References
Рекомендации по стандартизации Р 1323565.1.012-2017 «Информационная технология. Криптографическая защита информации. Принципы разработки и модернизации шифровальных (криптографических) средств защиты информации». М.: Стандартинформ, 2017.
Об утверждении Требований к средствам электронной подписи и Требований к средствам удостоверяющего центра. Приказ ФСБ РФ от 27 декабря 2011г. №796.
Зима В. М., Клюев А. В., Литвинов О. А. и др. Основы защиты информации от несанкционированного доступа в автоматизированных системах конфиденциального делопроизводства // Тр. СПИИРАН. 2006. Вып.3. Т. 2. С. 84-95.
Khati L. Full Disk Encryption and Beyond. Diss. Cryptography and Security [cs.CR]. Universite PSL; ENS Paris - Ecole Normale Superieure de Paris, 2019. 182 p.
Broz M. Authenticated and Resilient Disk Encryption. PhD thesis. Brno: Masaryk University, 2018.
Damgard I. and Dupont K. Universally Composable Disk Encryption Schemes. IACR Cryptology ePrint Archive. 2005. https://eprint.iacr.org/2005/333.pdf.
Gjosteen K. Security notions for disk encryption // LNCS. 2005. V. 3679. P.455-474.
https://integralmemory.com.
Алексеев Е. К., Ахметзянова Л. Р., Зубков А. М. и др. Об одном подходе к формализации задач криптографического анализа // Матем. вопр. криптогр. 2020 (в печати).
Алексеев Е. К., Ахметзянова Л. Р., Карпунин Г. А. и др. Что плохого можно сделать, неправильно используя криптоалгоритмы? Доклад на лектории симпозиума CTCrypt’2019. https://ctcrypt.ru/files/files/2019/materials/29_Alekseyev.pdf.
Bhargavan K. and Leurent G. On the practical (in-)security of 64-bit block ciphers. Collision attacks on HTTP over TLS and OpenVPN // Proc. CCS’16, October 24-28, 2016, Vienna, Austria. P.456-467. https://sweet32.info/SWEET32_CCS16.pdf.
Smyshlyaev S. Re-keying Mechanisms for Symmetric Keys. RFC 8645. August 2019. https: //tools.ietf.org/html/rfc8645.
Akhmetzyanova L. R., Alekseev E. K., Oshkin I. B., and Smyshlyaev S. V. Increasing the Lifetime of Symmetric Keys for the GCM Mode by Internal Re-keying. Cryptology ePrint Archive: Report 2017/697.
Алексеев Е. К., Ахметзянова Л. Р., Мешков Д. А. и др. О нагрузке на ключ. Ч. 1. Блог ООО «КРИПТО-ПРО». 2017. http://cryptopro.ru/blog/2017/05/17/ o-nagruzke-na-klyuch-chast-1.
Алексеев Е. К., Ахметзянова Л. Р., Мешков Д. А. и др. О нагрузке на ключ. Ч. 2. Блог ООО «КРИПТО-ПРО». 2017. http://cryptopro.ru/blog/2017/05/29/ o-nagruzke-na-klyuch-chast-2.
Bellare M. and Rogaway P. Introduction to Modern Cryptography. 2005. https://web.cs. ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf.
Bellare M., Boldyreva A., and O’Neill A. Deterministic and efficiently searchable encryption // LNCS. 2007. V. 4622. P. 535-552.

Data storage security and full disk encryption | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2020. № 49. DOI: 10.17223/20710410/49/6
Download full-text version
Counter downloads: 190