Skip to Main content Skip to Navigation
New interface
Conference papers

Full Disk Encryption: Bridging Theory and Practice

Louiza Khati 1, 2 Nicky Mouha 3, 4, 5 Damien Vergnaud 6, 2 
Abstract : We revisit the problem of Full Disk Encryption (FDE), which refers to the encryption of each sector of a disk volume. In the context of FDE, it is assumed that there is no space to store additional data, such as an IV (Initialization Vector) or a MAC (Message Authentica-tion Code) value. We formally define the security notions in this model against chosen-plaintext and chosen-ciphertext attacks. Then, we classify various FDE modes of operation according to their security in this setting, in the presence of various restrictions on the queries of the adversary. We will find that our approach leads to new insights for both theory and practice. Moreover, we introduce the notion of a diversifier, which does not require additional storage, but allows the plaintext of a particular sector to be encrypted to different ciphertexts. We show how a 2-bit diversifier can be implemented in the EagleTree simulator for solid state drives (SSDs), while decreasing the total number of Input/Output Operations Per Second (IOPS) by only 4%.
Document type :
Conference papers
Complete list of metadata

Cited literature [26 references]  Display  Hide  Download
Contributor : Nicky Mouha Connect in order to contact the contributor
Submitted on : Friday, November 25, 2016 - 9:42:16 PM
Last modification on : Friday, November 18, 2022 - 9:23:50 AM
Long-term archiving on: : Monday, March 20, 2017 - 7:09:23 PM


Files produced by the author(s)


Public Domain




Louiza Khati, Nicky Mouha, Damien Vergnaud. Full Disk Encryption: Bridging Theory and Practice. CT-RSA 2017 - RSA Conference Cryptographers' Track, Feb 2017, San Francisco, United States. pp.241--257, ⟨10.1007/978-3-319-52153-4_14⟩. ⟨hal-01403418⟩



Record views


Files downloads