HOME

TheInfoList



Click Here for Items Related To - watermarking attack
OR:
watermarking attack on:   [Wikipedia]   [Google]   [Amazon]

In cryptography, a watermarking attack is an attack on
disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that g ...
methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption
key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...
.


Problem description

Disk encryption suites generally operate on data in 512-byte
sector Sector may refer to: Places * Sector, West Virginia, U.S. Geometry * Circular sector, the portion of a disc enclosed by two radii and a circular arc * Hyperbolic sector, a region enclosed by two radii and a hyperbolic arc * Spherical sector, a po ...
s which are individually encrypted and decrypted. These 512-byte sectors alone can use any
block cipher mode of operation In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...
(typically CBC), but since arbitrary sectors in the middle of the disk need to be accessible individually, they cannot depend on the contents of their preceding/succeeding sectors. Thus, with CBC, each sector has to have its own
initialization vector In cryptography, an initialization vector (IV) or starting variable (SV) is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to ...
(IV). If these IVs are predictable by an attacker (and the filesystem reliably starts file content at the same offset to the start of each sector, and files are likely to be largely contiguous), then there is a
chosen plaintext attack A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts.Ross Anderson, ''Security Engineering: A Guide to Building Dependable Distributed Systems'' ...
which can reveal the existence of encrypted data. The problem is analogous to that of using block ciphers in the electronic codebook (ECB) mode, but instead of whole blocks, only the first block in different sectors are identical. The problem can be relatively easily eliminated by making the IVs unpredictable with, for example,
ESSIV Disk encryption is a special case of data rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion ...
. Alternatively, one can use modes of operation specifically designed for disk encryption (see
disk encryption theory Disk encryption is a special case of data rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion ...
). This weakness affected many
disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that g ...
programs, including older versions of
BestCrypt BestCrypt, developed bJetico is a commercial disk encryption app available for Windows, Linux, macOS and Android. BestCrypt comes in two editions: BestCrypt Volume Encryption to encrypt entire disk volumes; BestCrypt Container Encryption to ...
as well as the now-deprecated
cryptoloop Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework introduced in version 2.5.45 of the Linux kernel mainline. Cryptoloop was first introduced in the 2.5.x kernel series; its functi ...
. To carry out the attack, a specially crafted plaintext file is created for encryption in the system under attack, to " NOP-out" the IV Markus Gattol
"Redundancy, the Watermarking Attack and its Countermeasures"
 such that the first ciphertext block in two or more sectors is identical. This requires that the input to the cipher (plaintext, \scriptstyle P,
XOR Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
initialisation vector, \scriptstyle IV) for each block must be the same; i.e., \scriptstyle P_1 \,\oplus\, IV_1 \;=\; P_2 \,\oplus\, IV_2. Thus, we must choose plaintexts, \scriptstyle P_1,\, P_2 such that \scriptstyle P_1 \,\oplus\, P_2 \;=\; IV_1 \,\oplus\, IV_2. The ciphertext block patterns generated in this way give away the existence of the file, without any need for the disk to be decrypted first.


See also

*
Disk encryption theory Disk encryption is a special case of data rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion ...
*
Initialization vector In cryptography, an initialization vector (IV) or starting variable (SV) is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to ...
*
Block cipher modes of operation In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transforma ...
*
Watermark A watermark is an identifying image or pattern in paper that appears as various shades of lightness/darkness when viewed by transmitted light (or when viewed by reflected light, atop a dark background), caused by thickness or density variations ...


References

{{Reflist Cryptographic attacks Disk encryption