[Cryptography] Security on TRIM for full-disk encrypted SSDs
Valmiky Arquissandas
crypto-metzdowd at kayvlim.com
Wed Apr 20 16:09:22 EDT 2016
>> On Apr 19, 2016, at 5:03 PM, Valmiky Arquissandas
>> <crypto-metzdowd at kayvlim.com> wrote:
>>
>> I understand at least some of the theory - encrypted information is
>> supposed to be indistinguishable from random noise, and TRIM reveals
>> patterns; and a plausible deniability scenario would probably be
>> unacceptable.
>
> Can you please explain?
>
> Assuming reasonable encryption, I do not understand what patters are
> being revealed.
The pattern is not in the ciphertext, but in the blocks marked by the
TRIM operation as unused. Without decrypting the block device, you know
which blocks are being used or not.
Since you can tell which blocks are unused, you can definitely infer
information like the disk usage, and I *think* these blocks of free
space may form patterns that can be used to identify the filesystem (as
different filesystems organize their information in their own unique
structure, and how they free their space should also be unique).
The plausible deniability scenario should be obvious by now: one can
hardly argue their drive is just full of random data when there are
visibly scattered unused blocks (that may form an identifiable pattern).
(I'm taking an uncompromising stance on whether these patterns exist
because I don't know if wear-leveling makes a difference. I'm supposing
it works at a lower level and is irrelevant to this discussion, but I
can't say I'm sure.)
More information about the cryptography
mailing list