Comparison of Disk Encryption Software 1 Comparison of Disk Encryption Software
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Operating System Boot from Fully Encrypted Device
Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record . -
Effective Crypto Ransomawre Detection Using Hardware
Effective Crypto Ransomawre Detection Using Hardware Performance Counters John Podolanko Department of Computer Science & Engineering The University of Texas at Arlington Supervisor Jiang Ming, PhD In partial fulfillment of the requirements for the degree of Master of Science in Computer Science May 2019 Abstract Systems affected by malware in the past 10 years has risen from 29 million to 780 million, which tells us it is a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets, etc. all come un- der malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime, data loss, and financial damages are ris- ing, researchers continue to look for new ways to mitigate this threat. However, the common approaches have shown to yield high false posi- tive rates or delayed detection rates resulting in data loss. My research explores a dynamic approach for early-stage ransomware detection by modeling its behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running ran- somware which is profiled for hardware calls using Intel R VTuneTM Amplifier before it compromises the system. By using this approach, I am able to generate models using hardware performance counters extracted by VTuneTM on known ransomware samples collected from VirusTotal and Hybrid Analysis, and I use that data to train the de- tection system using machine learning techniques. I have shown that hardware performance counters can provide effective metrics for use in detecting and mitigating the ever-growing ransomware threat faced by the world while ensuring no data is lost. ii Acknowledgements The author thanks the supervisory committee for all their guidance, support, and patience. -
Mobiceal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices
2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices Bing Chang∗, Fengwei Zhang†, Bo Chen‡, Yingjiu Li∗, Wen-Tao Zhu§, Yangguang Tian∗, Zhan Wang¶ and Albert Ching ∗School of Information Systems, Singapore Management University, {bingchang, yjli, ygtian}@smu.edu.sg †Department of Computer Science, Wayne State University, [email protected] ‡Department of Computer Science, Michigan Technological University, [email protected] §Data Assurance and Communications Security Research Center, Chinese Academy of Sciences, [email protected] ¶RealTime Invent, Inc. i-Sprint Innovations Abstract—We introduce MobiCeal, the first practical Plausibly searched and copied when he was crossing a border, and he Deniable Encryption (PDE) system for mobile devices that can was inspected for seven times during five years [26]. defend against strong coercive multi-snapshot adversaries, who The existing PDE systems on mobile devices [21], [34], may examine the storage medium of a user’s mobile device at different points of time and force the user to decrypt data. [35], [43], [27], [20] are not resilient against such multi- MobiCeal relies on “dummy write” to obfuscate the differences snapshot attacks since they hide sensitive data in the ran- between multiple snapshots of storage medium due to existence domness initially filled across the entire disk. By comparing of hidden data. By incorporating PDE in block layer, MobiCeal storage snapshots at different points of time, a multi-snapshot supports a broad deployment of any block-based file systems on adversary may detect any unaccountable changes to the ran- mobile devices. -
PV204: Disk Encryption Lab
PV204: Disk encryption lab May 12, 2016, Milan Broz <[email protected]> Introduction Encryption can provide confidentiality and authenticity of user data. It can be implemented on several different layes, including application, file system or storage device. Application encryption examples are PGP or ZIP compression with password. Encryption of files (inside filesystem or through independent layer like Linux eCryptfs) provides more generic solution. Yet some parts (like filesystem metadata) are still unencrypted. However this solution provides encrypted data with private key per user. (Every user can have own directory encrypted by own key.) Encryption of the low-level storage (disk) is called Full Disk Encryption (FDE). It is completely transparent to the user (no need to choose what to encrypt – the whole disk is encrypted). The encrypted disk behaves as the same as a disk without encryption. The major disadvantage is that everyone who knows the password can read the whole disk. Often we combine FDE with another encryption layer. The primary use of FDE is to provide data confidentiality in power-down mode (stolen laptop does not leak user data). Once the disk is unlocked, the main encryption key remains in system, usually directly in system RAM. Exercise II will show how easy is to get this key from memory image of system. Another disadvantage of FDE is that it usually cannot guarantee integrity of data. Encryption is fully transparent and length-preserving, the ciphertext and plaintext device are of the same size. There is no space to store any integrity information. This allows attacks by direct modification of ciphertext. -
ストレージの管理: Geom, Ufs, Zfs
FreeBSD 勉強会 ストレージの管理: GEOM, UFS, ZFS 佐藤 広生 <[email protected]> 東京工業大学/ FreeBSD Project 2012/7/20 2012/7/20 (c) Hiroki Sato 1 / 94 FreeBSD 勉強会 前編 ストレージの管理: GEOM, UFS, ZFS 佐藤 広生 <[email protected]> 東京工業大学/ FreeBSD Project 2012/7/20 2012/7/20 (c) Hiroki Sato 1 / 94 講師紹介 佐藤 広生 <[email protected]> ▶ *BSD関連のプロジェクトで10年くらい色々やってます ▶ カーネル開発・ユーザランド開発・文書翻訳・サーバ提供 などなど ▶ FreeBSD コアチームメンバ(2006 年から 4期目)、 リリースエンジニア (commit 比率は src/ports/doc で 1:1:1くらい) ▶ AsiaBSDCon 主宰 ▶ 技術的なご相談や講演・執筆依頼は [email protected] まで 2012/7/20 (c) Hiroki Sato 2 / 94 お話すること ▶ ストレージ管理 ▶ まずは基礎知識 ▶ GEOMフレームワーク ▶ 構造とコンセプト ▶ 使い方 ▶ ファイルシステム ▶ 原理と技術的詳細を知ろう ▶ UFS の構造 ▶ ZFS の構造(次回) ▶ GEOM, UFS, ZFSの実際の運用と具体例(次回) 2012/7/20 (c) Hiroki Sato 3 / 94 復習:UNIX系OSの記憶装置 記憶装置 ハードウェア カーネル ソフトウェア ユーザランド ユーザランド ユーザランド プロセス プロセス プロセス 2012/7/20 (c) Hiroki Sato 4 / 94 復習:UNIX系OSの記憶装置 HDD カーネル デバイスドライバ GEOMサブシステム /dev/foo (devfs) バッファキャッシュ VMサブシステム physio() ファイルシステム ユーザランドアプリケーション 2012/7/20 (c) Hiroki Sato 5 / 94 復習:UNIX系OSの記憶装置 ▶ 記憶装置はどう見える? ▶ UNIX系OSでは、資源は基本的に「ファイル」 ▶ /dev/ada0 (SATA, SAS HDD) ▶ /dev/da0 (SCSI HDD, USB mass storage class device) ▶ 特殊ファイル(デバイスノード) # ls -al /dev/ada* crw-r----- 1 root operator 0, 75 Jul 19 23:46 /dev/ada0 crw-r----- 1 root operator 0, 77 Jul 19 23:46 /dev/ada1 crw-r----- 1 root operator 0, 79 Jul 19 23:46 /dev/ada1s1 crw-r----- 1 root operator 0, 81 Jul 19 23:46 /dev/ada1s1a crw-r----- 1 root operator 0, 83 Jul 19 23:46 /dev/ada1s1b crw-r----- 1 root operator 0, 85 Jul 19 23:46 /dev/ada1s1d crw-r----- 1 root operator 0, 87 Jul 19 23:46 /dev/ada1s1e crw-r----- 1 root operator 0, 89 -
Portace Na Jin´E Os
VYSOKEU´ CENˇ ´I TECHNICKE´ V BRNEˇ BRNO UNIVERSITY OF TECHNOLOGY FAKULTA INFORMACNˇ ´ICH TECHNOLOGI´I USTAV´ INFORMACNˇ ´ICH SYSTEM´ U˚ FACULTY OF INFORMATION TECHNOLOGY DEPARTMENT OF INFORMATION SYSTEMS REDIRFS - PORTACE NA JINE´ OS PORTING OF REDIRFS ON OTHER OS DIPLOMOVA´ PRACE´ MASTER’S THESIS AUTOR PRACE´ Bc. LUKA´ Sˇ CZERNER AUTHOR VEDOUC´I PRACE´ Ing. TOMA´ Sˇ KASPˇ AREK´ SUPERVISOR BRNO 2010 Abstrakt Tato pr´acepopisuje jak pˇr´ıpravu na portaci, tak samotnou portaci Linuxov´ehomodulu RedirFS na operaˇcn´ısyst´emFreeBSD. Jsou zde pops´any z´akladn´ırozd´ılypˇr´ıstupuk Lin- uxov´emu a FreeBSD j´adru,d´alerozd´ılyv implementaci, pro RedirFS z´asadn´ı,ˇc´astij´adra a sice VFS vrstvy. D´alezkoum´amoˇznostia r˚uzn´epˇr´ıstupy k implementaci funkcionality linuxov´ehoRedirFS na operaˇcn´ımsyst´emu FreeBSD. N´aslednˇejsou zhodnoceny moˇznostia navrˇzenide´aln´ıpostup portace. N´asleduj´ıc´ıkapitoly pak popisuj´ıpoˇzadovanou funkcional- itu spolu s navrhovanou architekturou nov´ehomodulu. D´aleje detailnˇepops´ann´avrha implementace nov´ehomodulu tak, aby mˇelˇcten´aˇrjasnou pˇredstavu jak´ymzp˚usobem modul implementuje poˇzadovanou funkcionalitu. Abstract This thesis describes preparation for porting as well aw porting itself of RedirFS Linux kernel module to FreeBSD. Basic differences between Linux and FreeBSD kernels are de- scribed as well as differences in implementation of the Virtual Filesystem, crucial part for RedirFS. Further there are described possibilities and different approaches to implemen- tation RedirFS functionality to FreeBSD. Then, the possibilities are evaluated and ideal approach is proposed. Next chapters introduces erquired functionality of the new module as well as its solutions. Then the implementation details are describet so the reader can very well understand how the new module works and how the required functionality is implemented into the module. -
Taxonomy of Linux Kernel Vulnerability Solutions
Taxonomy of Linux Kernel Vulnerability Solutions Serguei A. Mokhov Marc-Andre´ Laverdiere` Djamel Benredjem Computer Security Laboratory Computer Security Laboratory Computer Security Laboratory Concordia Institute for Concordia Institute for Concordia Institute for Information Systems Engineering Information Systems Engineering Information Systems Engineering Concordia University, Concordia University, Concordia University, Montreal, Quebec, Canada Montreal, Quebec, Canada Montreal, Quebec, Canada Email: [email protected] Email: ma [email protected] Email: d [email protected] Abstract—This paper presents the results of a case study on C programs in general, as well as statistics on their relative software vulnerability solutions in the Linux kernel. Our major importance. We also introduce a new methodology to track contribution is the introduction of a classification of methods used the patch solving a security issue based only on the contents to solve vulnerabilities. Our research shows that precondition validation, error handling, and redesign are the most used of the security advisory. methods in solving vulnerabilities in the Linux kernel. This The paper is organized as follows: we examine previous contribution is accompanied with statistics on the occurrence work that was done regarding Linux and C security in of the different types of vulnerabilities and their solutions that Section II, followed by a description of the methodology we observed during our case study, combined with example used in order to obtain the solutions to the vulnerabilities in source code patches. We also combine our findings with existing programming guidelines to create the first security-oriented Section III. Afterwards, in Section IV, we show our results, coding guidelines for the Linux kernel. -
Mcafee Foundstone Fsl Update
2016-AUG-18 FSL version 7.5.841 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 20369 - Splunk Enterprise Multiple Vulnerabilities (SP-CAAAPQM) Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2013-0211, CVE-2015-2304, CVE-2016-1541, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109, CVE-2016-2176 Description Multiple vulnerabilities are present in some versions of Splunk Enterprise. Observation Splunk Enterprise is an operational intelligence solution Multiple vulnerabilities are present in some versions of Splunk Enterprise. The flaws lie in multiple components. Successful exploitation by a remote attacker could lead to the information disclosure of sensitive information, cause denial of service or execute arbitrary code. 20428 - (HT206899) Apple iCloud Multiple Vulnerabilities Prior To 5.2.1 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4607, CVE- 2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619 Description Multiple vulnerabilities are present in some versions of Apple iCloud. Observation Apple iCloud is a manager for the Apple's could based storage service. Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive data, cause a denial of service condition or have other unspecified impact on the target system. -
Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password). -
Omegakey Manage Your Device at the Management Module
Welcome to use our latest version of Lost Mode How to Start to Use it Bluetooth tracker. Detect the distance between the device and Bluetooth Tracker module your phone under the lost mode .Turn on the Step 1: Download the latest version App(version 1.6.0) from Apple App store. omegakey Manage your device at the management module. alarm at alert whether the device is lost, there Step 2: Open the Bluetooth and App. are two levels of lost alarm mode. Select the Thank you for purchasing omegakey Freely set and remove your device here. Step 3: Tap the Beacon for 3-5 times on hard surface, and the Beacon will be connectable when you Double-click the “call” button to find your device. alarm mode you want from the device. Phone hear a buzz. alarm, and both ends alarm. Step 4: Click the Beacon in the App which you want to configure and enter a name to connect it. Step 5: Now, you can configure and use the Beacon normally. NEXT Note: If you're having trouble with the Bluetooth, we recommend you completely remove the battery from the unit for 10 sec and reinsert it. There are many apps you can download some are better than others, we have linked just click on the apple / android icons on the first page Once you have selected the app you like download it and follow the on screen instructions ATTACH BLUETOOTH BEACON EXTERNALLY FOR MAX PERFORMANCE Found mode More View the alarm location or item's last location Find the device under the find mode according p.s make sure your Bluetooth is on and your phone is compatible with 4.0 Bluetooth to the strength of the signal. -
A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes
A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes Extremely fast forensic imaging speed surpassing 50GB/min. Clone PCIe to PCIe at speeds above 90GB/min Image to/from Thunderbolt™ 3/USB-C external storage enclosures with an optional I/O card. Image and verify from up to 5 source drives up to 9 destinations simultaneously Create a logical image to capture only specific files needed Concurrent Image+Verify greatly reduces duration of image plus verification process Two 10GbE connections provide fast network imaging performance Network capture feature to capture network traffic, VOIP, internet activity Multi-task. Image from multiple sources simultaneously FEATURES n The Falcon®-NEO achieves imaging speeds when imaging directly to large capacity Thunder- n Image from a Mac® computer with USB-C ports surpassing 50GB/min and can clone PCIe to PCIe bolt 3 RAID storage enclosures for evidence data using a USB-C to USB-A cable and Target Disk at speeds at over 90GB/min. collection. The card connects to the Falcon-NEO’s Mode or use Logicube’s USB boot device to n Image and verify to multiple image formats; 2 write-blocked source I/O ports or 1 destination I/O image a source drive from a Mac computer on the native copy, .dd, dmg, e01 and ex01. The Falcon- port. The I/O card does not currently support imaging same network without booting the Mac computer’s ® NEO provides MD5, SHA1, SHA256, and dual hash in TDM from Mac systems, refer to the Falcon-NEO native OS. The Falcon-NEO supports imaging from ® authentication at extremely fast speeds. -
Taxonomy for Anti-Forensics Techniques & Countermeasures
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by St. Cloud State University St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 4-2020 Taxonomy for Anti-Forensics Techniques & Countermeasures Ziada Katamara [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Katamara, Ziada, "Taxonomy for Anti-Forensics Techniques & Countermeasures" (2020). Culminating Projects in Information Assurance. 109. https://repository.stcloudstate.edu/msia_etds/109 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. Taxonomy for Anti-Forensics Techniques and Countermeasures by Ziada Katamara A Starred Paper Submitted to the Graduate Faculty of St Cloud State University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Assurance June, 2020 Starred Paper Committee: Abdullah Abu Hussein, Chairperson Lynn A Collen Balasubramanian Kasi 2 Abstract Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes.