File-based encryption (FBE) schemes have been developed by software vendors to address security concerns related to data storage. While methods of encrypting data-at-rest may seem relatively straightforward, the main proponents of these technologies in mobile devices have nonetheless created seemingly different FBE solutions. As most of the underlying design decisions are described either at a high-level in whitepapers, or are accessible at a low-level by examining the corresponding source code (Android) or through reverse-engineering (iOS), comparisons between schemes and discussions on their relative strengths are scarce. In this paper, we propose a formal framework for the study of file-based encryption systems, focusing on two prominent implementations: the FBE scheme used in Android and Linux operating systems, as well as the FBE scheme used in iOS. Our proposed formal model and our detailed description of the existing algorithms are based on documentation of diverse nature, such as whitepapers, technical reports, presentations and blog posts, among others. Using our framework we validate the security of the existing key derivation chains, as well as the security of the overall designs, under widely-known security assumptions for symmetric ciphers, such as IND-CPA or INT-CTXT security, in the random-oracle model.
翻译:软件供应商已经制定了基于文件的加密(FBE)计划,以解决与数据存储有关的安全问题。虽然加密数据备查方法似乎相对直截了当,但移动设备中这些技术的主要支持者却创造了看起来不同的FBE解决方案。由于大多数基本设计决定都是在白皮书的高层描述的,或者通过审查相应的源代码(Android)或通过逆向工程(iOS)在低层次上可以查阅,因此,对各种计划进行比较并讨论其相对强项的情况很少。在本文件中,我们提出了一个研究基于文件的加密系统的正式框架,重点是两个突出的实施:安卓和Linux操作系统中使用的FBE计划,以及iOS中使用的FBE计划。我们提出的正式模式和我们对现有算法的详细描述是基于不同性质的文件,例如白纸、技术报告、演示和博客文章等。我们利用我们的框架验证了现有关键导出链的安全性,以及总体设计的安全性,在众所周知的安全性假设下,即IX级安全、I-CP的随机安全性假设。