Watermarking attack

Watermarking attack

In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data (e.g., a decoy file) can be detected by an attacker without knowing the encryption key.

Problem description

Disk encryption suites generally operate on data in 512-byte sectors which are individually encrypted and decrypted. These 512-byte sectors alone can use any block cipher mode of operation (typically CBC), but since arbitrary sectors in the middle of the disk need to be accessible individually, they cannot depend on the contents of their preceding/succeeding sectors. Thus, with CBC, each sector alone has to use an initialization vector (IV). If these IVs are predictable by an attacker, then a specially crafted file can be generated to "NOP-out" the IV, causing different blocks on the encrypted disk to have identical sectors, or at least the first block in a number of sectors to be identical. The sector patterns generated in this way can give away the existence of the file, without any need for the disk to be decrypted first. The problem is analogous to that of using block ciphers in the electronic codebook (ECB) mode, but instead of whole blocks, only the first block in different sectors are identical.

This weakness affected many disk encryption programs, including older versions of BestCryptcite paper
author = Chiriliuc, Adal
title = BestCrypt IV generation flaw
date = 2003-10-23
url = http://adal.chiriliuc.com/bc_iv_flaw.php
accessdate = 2006-08-23] as well as the now-deprecated cryptoloop. [cite web
last = Saarinen
first = Markku-Juhani O.
title = Linux for the Information Smuggler
date = 2004-02-19
publisher = Helsinki University of Technology
url = http://mareichelt.de/pub/notmine/diskenc.pdf
format = PDF
accessdate = 2006-10-01]

The problem can be relatively easily eliminated by making the IVs unpredictable with, for example, ESSIV. [cite web
last = Fruhwirth
first = Clemens
title = Linux hard disk encryption settings
url = http://clemens.endorphin.org/LinuxHDEncSettings
accessdate = 2006-01-02 ] Alternatively, one can use modes of operation specifically meant for disk encryption (see disk encryption theory).

ee also

* Disk encryption theory
* Initialization vector
* Block cipher modes of operation
* Watermark

Notes and references


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Digital watermarking — An image with visible digital watermarking the text Brian Kell 2006 is visible across the center of the image Digital watermarking is the process of embedding information into a digital signal which may be used to verify its authenticity or the… …   Wikipedia

  • Copy attack — Not to be confused with Replay attack. The copy attack is an attack on certain digital watermarking systems proposed by M. Kutter, S. Voloshynovskiy, and A. Herrige in a paper presented in January, 2000 at the Photonics West SPIE convention.[1]… …   Wikipedia

  • Digital Watermarking Alliance — The Digital Watermarking Alliance is a group of like minded companies that share a common interest in furthering the adoption of digital watermarking. The mission of the Digital Watermarking Alliance is: to create awareness and promote the value… …   Wikipedia

  • Watermark (disambiguation) — Watermark can refer to:* Watermark, a recognizable image or pattern in paper used to identify authenticity * Digital watermarking, a technique to embed data in digital audio, images or video * Watermark (album), a 1988 album by Enya * Watermark… …   Wikipedia

  • Disk encryption theory — Disk encryption is a special case of data at rest protection when the storage media is a sector addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For discussion of different software packages and… …   Wikipedia

  • Dm-crypt — is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel s Crypto API. Unlike its predecessor cryptoloop, dm crypt was… …   Wikipedia

  • FileVault — is a system that protects files on a Macintosh computer. It can be found in the Mac OS X v10.3 ( Panther ) operating system and later.FileVault uses encrypted file systems that are mounted and unmounted when the user logs into or out of the… …   Wikipedia

  • BestCrypt — Infobox Software name = BestCrypt caption = author = developer = Jetico, Inc. released = latest release version = 8.05.3 latest release date = 2008 07 22 latest preview version = latest preview date = operating system = Windows Vista, Windows XP …   Wikipedia

  • GBDE — GBDE, standing for GEOM Based Disk Encryption, is a block device layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul Henning Kamp …   Wikipedia

  • Steganography — is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. By contrast, cryptography obscures the meaning of a message, but it does not conceal …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”