Call for Algorithm for Disk Sector Level Encryption Standard (For more information go to http://www.cryptobroker.net).
IEEE-SSSC Storage System Standards Committee (http://www.ieee-sssc.org) Security In Storage Working Group (http://www.siswg.org) The Security in Storage working group is looking for algorithms and modes for addressing Encrypted Storage. The initial focus is the ability to encrypt disk devices at the sector level (not at the file level). The goal of creating a standard for to allow multiple compatible vendor independent implementations. This requirements provides five significant constraints, 1) Confidentiality the obvious requirement. AES is expected to provide this capability. 2) The disk is read and written in sectors (or multiples of sectors). Sectors are normally 512 bytes. There is no room for any expansion or any additional integrity information. 3) The sectors are written and read at random. That is, each sector (or group of sectors) are stand alone and may be updated independently. This implies that chaining between sectors is not possible and that the sector number can be a factor of an implicit Initialization Vector. 4) Non-malleability of the data is a requirement. That is, the ciphertext can not be manipulated in any way to provide any understandable plaintext changes anywhere in the sector, possibly even in the face of a decryption oracle. It is desirable that any ciphertext manipulations "randomize" the entire sector (or group of sectors). 5) Dictionary attacks must be minimized. Since information on disks for the management of the file system is regular (partition map, boot sector, i-nodes, free space, etc.) the ability to guess plaintext is possible. It is expected that items 1-4 will provide a dictionary attack only at the individual sector level. That is, a dictionary attack can be applied to sector 123, but this dictionary is of no valuable at any other location on the disk. The "Loop Driver" by Ted Tso, Werner Almsberger and Jari Ruusu meets items 1-3. One can update this driver to use double AES in PCBC (chain left, chain right) to be able to meet 1-5 requirements. (See Menezes Handbook of Applied Cryptography for a definition of single PCBC mode.) Even with this it is an open issue as to the security of double PCBC mode. It is an open issue if there are other modes that can accomplish this with less overhead than double encryption. Since storage is a very performance and latency sensitive media, there is a desire that the algorithm to be parallelizable and pipelinable so that hardware implementations minimize the performance impact of this system. The first meeting of the SISWG will occur June 20, 2002, 9am to 4pm at the Hotel Thayer, 674 Thayer Rd., West Point, NY (845) 446-4731. The agenda will include a description of the requirements, relevant attacks and presentations from attendees proposing algorithms and modes. There is a meeting fee of $90 which will include lunch and refreshments. Advanced registration is preferred. https://www.cryptobroker.com/SISWGreg.php. If you wish to have time on the agenda, please contact Jim Hughes [EMAIL PROTECTED] For more information contact Jim Hughes [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
