GBDE

GBDE,standing forGEOM Based Disk Encryption,is ablock device-layerdisk encryptionsystem written forFreeBSD,^[1]^[2]initially introduced in version 5.0. It is based on theGEOMdisk framework. GBDE was designed and implemented byPoul-Henning Kampand Network Associates Inc. (now known asMcAfee).^[3]

Design decisions

Unlike most disk encryption software, GBDE does not attempt to defeatwatermarking attacksthrough the use of disk encryption-specific modes of operation (seedisk encryption theory), but instead generates a randomkeyeach time asectoris written.^[4]Unlike some alternatives, such as CBC with sector-specificinitialization vectors,this approach does not reveal any information to the attacker even if they have access to snapshots of the disk image from different points in time, since encryption keys are never re-used.

The one time sector key is encrypted using a pseudorandom key. This pseudorandom key is derived from the sector number and a static 2048-bit master key with 128 bits ofsalt.Thepseudorandom number generatorused for this purpose is called the Cherry Picker. This is not a well established PRNG, but rather one invented for GBDE. This generator may not meet the security levels of standard algorithms, and could be distinguishable from random numbers.^[5]

Limitations

Due to this unique approach, GBDE only supports 128-bitAES.Using a different key for each write also introduces a significant CPU overhead, as mostblock ciphersuse key-specific precomputations, and makes disk updates non-atomicsince the keys are written separately from the data.^[5]^[6]^[7]As a result, data loss can occur on unexpected power drops, even when used withjournaling file systems.GBDE also has a disk spaceoverheadof about 3% to store the per-sector keys.

To address these shortcomings, a more typical disk encryption solution for FreeBSD,GELI,was written later by Pawel Jakub Dawidek.

References

^Michael W. Lucas (12 April 2013).Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD.No Starch Press. p. 558.ISBN 978-1-59327-221-0.
^Malone, David (2005)."Security through obscurity: a review of a few of FreeBSD's lesser known security capabilities"(PDF).;login:.30(5): 27–34.
^"gbde(4) man page in FreeBSD 5.0".GBDE manual page.Retrieved2007-01-01.
^Poul-Henning Kamp."GBDE - GEOM Based Disk Encryption"(PDF).GBDE Design Document.Retrieved2007-01-01.
^^a ^bRoland C. Dowdeswell (2005-03-26)."Initial Analysis of GBDE"(PDF).Retrieved2007-01-26.
^Brož, M. (10 September 2018)."Practical Cryptographic Data Integrity Protection with Full Disk Encryption".In Lech Jan Janczewski (ed.).ICT Systems Security and Privacy Protection.Springer. p. 92.ISBN 978-3-319-99828-2.
^Broz, Milan; Patocka, Mikulas; Matyas, Vashek (2018-07-01). "Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version".arXiv:1807.00309[cs.CR].

This cryptography-related article is astub.You can help Wikipedia byexpanding it.

[Lucas2013-1] Michael W. Lucas (12 April 2013).Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD.No Starch Press. p. 558.ISBN 978-1-59327-221-0.

[2] Malone, David (2005)."Security through obscurity: a review of a few of FreeBSD's lesser known security capabilities"(PDF).;login:.30(5): 27–34.

[3] "gbde(4) man page in FreeBSD 5.0".GBDE manual page.Retrieved2007-01-01.

[4] Poul-Henning Kamp."GBDE - GEOM Based Disk Encryption"(PDF).GBDE Design Document.Retrieved2007-01-01.

[elric-initial-analysis-5] Roland C. Dowdeswell (2005-03-26)."Initial Analysis of GBDE"(PDF).Retrieved2007-01-26.

[Janczewski-6] Brož, M. (10 September 2018)."Practical Cryptographic Data Integrity Protection with Full Disk Encryption".In Lech Jan Janczewski (ed.).ICT Systems Security and Privacy Protection.Springer. p. 92.ISBN 978-3-319-99828-2.

[7] Broz, Milan; Patocka, Mikulas; Matyas, Vashek (2018-07-01). "Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version".arXiv:1807.00309[cs.CR].

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Design decisions

Limitations

See also

References