Length-preserving authenticated encryption of storage blocks

Thumbnail Image

Files

master_Surmont_Jasper_2022.pdf (4.31 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2022-12-12

Department

Major/Subject

Exchange studies in Computer Science

Mcode

SCI3042

Degree programme

Master’s Programme in Computer, Communication and Information Sciences

Language

en

Pages

79+1

Series

Abstract

Digital storage is often protected by individually authenticating and encrypting each storage unit, usually a disk block or a memory page. This results in one ciphertext and authentication tag per unit. Where used, these tags are written to external memory locations or to different blocks within the same device, but this has two main drawbacks. First, it is not always possible to use external memory, or to allocate extra blocks to store the tags. Second, storing the tag in a different location than the ciphertext requires two IO requests for each read or write: one request for the ciphertext, another for the tag. In this thesis, I ask and resolve the question: is it possible to use data compression to provide length-preserving storage protection, providing integrity and confidentiality, removing the need for external storage or extra blocks. The thesis contributes to the research of block-level data protection, and analyses existing protection methods for data protection of block devices, such as dm-crypt and dm-verity in Linux, as well as RAM protections such as AMD SEV-SNP. Previous compression-based solutions are analysed and found not to be fully length-preserving. The thesis presents LP-SP, a length-preserving storage protection method that does not need external storage or extra blocks for tags. Additionally, a prototype implementation in the device-mapper in Linux provides compression and performance measurements. These measurements result in LP-SP being especially useful in RAM and other environments with high compression rates.

Description

Supervisor

Ekberg, Jan-Erik

Thesis advisor

Niemi, Arto

Keywords

Data integrity, Compression, Encryption, FDE

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202212187134

Collections

[dipl] Perustieteiden korkeakoulu / SCI