Watermarking attack
In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.
Problem description
Disk encryption suites generally operate on data in 512-byte
The problem is analogous to that of using block ciphers in the
Alternatively, one can use modes of operation specifically designed for disk encryption (see disk encryption theory). This weakness affected many disk encryption programs, including older versions of BestCrypt[2] as well as the now-deprecated cryptoloop.[3]
To carry out the attack, a specially crafted plaintext file is created for encryption in the system under attack, to "NOP-out" the IV[4] such that the first ciphertext block in two or more sectors is identical. This requires that the input to the cipher (plaintext, ,
The ciphertext block patterns generated in this way give away the existence of the file, without any need for the disk to be decrypted first.
See also
- Disk encryption theory
- Initialization vector
- Block cipher modes of operation
- Watermark
References
- ^ Fruhwirth, Clemens. "Linux hard disk encryption settings". Retrieved 2006-01-02.
- ^ Chiriliuc, Adal (2003-10-23). "BestCrypt IV generation flaw". Retrieved 2023-05-21.
- ^
Saarinen, Markku-Juhani O. (2004-02-19). "Linux for the Information Smuggler". Helsinki University of Technology. CiteSeerX 10.1.1.117.4062. Retrieved 2006-10-01.
- ^ Markus Gattol. "Redundancy, the Watermarking Attack and its Countermeasures".