Cryptoloop
Encyclopedia
Cryptoloop is a disk encryption
module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series. Its functionality is incorporated into the device mapper
, a generic framework used to map one block device into another.
Cryptoloop can create an encrypted file system
within a partition
or from within a regular file in the regular file system. Once a file is encrypted, it can be moved to another storage device
. This is accomplished by making use of a loop device
, a pseudo-device that enables a normal file to be mounted
as if it were a physical device. By encrypting I/O
to the loop device, any data being accessed must first be decrypted before passing through the regular file system; conversely, any data being stored will be encrypted.
Cryptoloop is vulnerable to watermarking attack
s, making it possible to determine presence of watermark
ed data on the encrypted filesystem:
Newer versions of cryptoloop's successor, dm-crypt
, are less vulnerable to this type of attack if used correctly.
Disk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series. Its functionality is incorporated into the device mapper
Device mapper
In the Linux kernel, the device-mapper serves as a generic framework to map one block device onto another. It forms the foundation of LVM2 and EVMS, software RAIDs, dm-crypt disk encryption, and offers additional features such as file-system snapshots....
, a generic framework used to map one block device into another.
Cryptoloop can create an encrypted file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
within a partition
Disk partitioning
Disk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
or from within a regular file in the regular file system. Once a file is encrypted, it can be moved to another storage device
Storage device
Storage device may refer to:*Box, or any of a variety of containers or receptacles*Data storage device, a device for recording information, which could range from handwriting to video or acoustic recording, or to electromagnetic energy modulating magnetic tape and optical discs* Object storage...
. This is accomplished by making use of a loop device
Loop device
In Unix-like operating systems, a loop device, vnd , or lofi is a pseudo-device that makes a file accessible as a block device....
, a pseudo-device that enables a normal file to be mounted
Mount (computing)
Mounting takes place before a computer can use any kind of storage device . The user or their operating system must make it accessible through the computer's file system. A user can access only files on mounted media.- Mount point :A mount point is a physical location in the partition used as a...
as if it were a physical device. By encrypting I/O
Input/output
In computing, input/output, or I/O, refers to the communication between an information processing system , and the outside world, possibly a human, or another information processing system. Inputs are the signals or data received by the system, and outputs are the signals or data sent from it...
to the loop device, any data being accessed must first be decrypted before passing through the regular file system; conversely, any data being stored will be encrypted.
Cryptoloop is vulnerable to watermarking attack
Watermarking attack
In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.-Problem description:...
s, making it possible to determine presence of watermark
Watermark (data file)
A watermark stored in a data file refers to a method for ensuring data integrity which combines aspects of data hashing and digital watermarking. Both are useful for tamper detection, though each has its own advantages and disadvantages.- Data hashing :...
ed data on the encrypted filesystem:
This attack exploits weakness in IV computation and knowledge of how file systems place files on disk. This attack works with file systems that have soft block size of 1024 or greater. At least ext2Ext2The ext2 or second extended filesystem is a file system for the Linux kernel. It was initially designed by Rémy Card as a replacement for the extended file system ....
, ext3Ext3The ext3 or third extended filesystem is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions, including Debian...
, reiserfsReiserFSReiserFS is a general-purpose, journaled computer file system designed and implemented by a team at Namesys led by Hans Reiser. ReiserFS is currently supported on Linux . Introduced in version 2.4.1 of the Linux kernel, it was the first journaling file system to be included in the standard kernel...
and minixMinixMINIX is a Unix-like computer operating system based on a microkernel architecture created by Andrew S. Tanenbaum for educational purposes; MINIX also inspired the creation of the Linux kernel....
have such property. This attack makes it possible to detect presence of specially crafted watermarked files, such as, unreleased Hollywood movies, cruise missileCruise missileA cruise missile is a guided missile that carries an explosive payload and is propelled, usually by a jet engine, towards a land-based or sea-based target. Cruise missiles are designed to deliver a large warhead over long distances with high accuracy...
service manuals, and other content that you did not create yourself. Watermarked files contain special bit patterns that can be detected without decryption.
Newer versions of cryptoloop's successor, dm-crypt
Dm-crypt
dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...
, are less vulnerable to this type of attack if used correctly.
See also
- dm-cryptDm-cryptdm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API...
- Crypto API
- Comparison of disk encryption softwareComparison of disk encryption software-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...
- Disk encryptionDisk encryptionDisk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...