Bog: a Password-Based Key Derivation Function for Full Disk Encryption

Speaker/Bio

Sarah Scheffler is a first-year PhD candidate working primarily with Sharon Goldberg in the BUSec group of the BU Computer Science department. She focuses on applied cryptography, and is also interested in multi-party computation. Before coming to BU, she worked on encrypted database technology at the MIT Lincoln Laboratory and graduated with a B.S. in mathematics and computer science from Harvey Mudd College.

Abstract

The purpose of Full Disk Encryption (FDE) is to maintain confidentiality of the information stored in the hard drive of a computing device. This becomes especially important when the device is a laptop or other mobile device, which can be more easily lost, stolen, or confiscated. Typical FDE systems encrypt partitions of the devices hard drive with a strong master key, and then encrypt the master key under a key derived from a user-given password. This second key is usually generated using PBKDF2, a Password-Based Key Derivation Function which computes many iterations of the SHA-256 hash function. However, hardware technologies like ASICs FPGAs have grown much more powerful in recent years, partially due to the Bitcoin community. In light of this, the time required to do a brute-force or dictionary attack on the password-based key used for FDE is very small. Any PBKDF that relies on repeated iteration of a small computation is very vulnerable to hardware-assisted brute-force attacks. In this work, we propose an FDE-specific alternative to traditional password-based key derivation functions. We take advantage of resources that general computing devices already have, such as large memory, disk resources, and a general-purpose CPU. From these, we construct a modular, round-based PBKDF that would be difficult to perform on specialized hardware. Each round calculates several subround functions, customized so that users can include subround functions that give the properties they want, and exclude functions that they do not trust or that their device cannot use.

This is a joint work by Sarah Scheffler, Jason Hennessey, Mayank Varia, and Ethan Heilman.