|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Analysis of FileVault 2: Apple's full disk encryption scheme
If you have a question about this talk, please contact Wei Ming Khoo.
With the launch of Mac OS X 10 .7 (Lion), Apple has introduced a volume encryption mechanism known as FileVault 2. Apple only disclosed marketing aspects of the closed-source software, e.g. its use of the AES -XTS tweakable encryption, but a publicly available security evaluation and detailed description was unavailable until recently.
We have performed an extensive analysis of FileVault 2 and we have been able to find all the algorithms and parameters needed to successfully read an encrypted volume. This allows us to perform forensic investigations on encrypted volumes using our own tools.
In this presentation I will present the architecture of FileVault 2, giving details of the key derivation, encryption process and metadata structures needed to perform the volume decryption. I will also comment on the security of the system and the analysis we have performed.
Besides the analysis of the system, we have also built a library that can mount a volume encrypted with FileVault 2. As a contribution to the research and forensic communities we have made this library open source.
The paper is available at http://eprint.iacr.org/2012/374
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsCUED Computer Vision Research Seminars Cambridge Realist Workshop Arts, Culture and Education
Other talksMembers' slides (or digital presentations!) Understanding and manipulating the T-cell response to peptide-MHC Parasitic infection 2016 From Sea to Shining Sea: The Future of American Education in a post-federalist era. Flies, bees, aphids and frogs: what can this menagerie tell us about the evolution of developmental processes? Behavioural Studies at Sanquin and Beyond