With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume encryption mechanism known as FileVault 2.
During the past year Joachim Metz, Felix Grobert and I have been analysing this encryption mechanism. We have identified most of the components in FileVault 2’s architecture and we have also built an open source tool that can read volumes encrypted with FileVault 2. This tool can be useful to forensic investigators (who know the encryption password or recovery token) that need to recover some files from an encrypted volume but cannot trust or load the MAC OS that was used to encrypt the data. We have also made an analysis of the security of FileVault 2.
A few weeks ago we have made public this paper on eprint describing our work. The tool to recover data from encrypted volumes is available here.
5 thoughts on “Analysis of FileVault 2 (Apple's full disk encryption)”
Have you tried something similar for reading a volume encrypted in Linux?
From the paper:
> We are not sure of the real advantage introduced by encrypting the
> EncryptedRoot.plist ﬁle. This ﬁle contains the keys in an encrypted
> blob (therefore security measures have already been taken), but the
> key to decrypt the ﬁle is available as plain text in the header of the
> CoreStorage volume (so any attacker can do that; for a dictionary
> attack, as detailed earlier, an attacker only needs to decrypt this
> ﬁle once).
The purpose of encrypting this file is obvious given that its name is EncryptedRoot.plist.wipekey — clearly it is encrypted with the “wipekey” from the header such that overwriting the sector(s) containing that wipekey will cryptographically wipe the volume (assuming true overwrites are possible on the media, and that attackers have not previously had access to the media to copy the key).
“assuming true overwrites are possible on the media, and that attackers have not previously had access to the media to copy the key”
Not a safe assumption. Besides, the best way to erase an encrypted volume is to forget the key. That trick let’s you erase TB of data in under a second. 😉
Have you performed a similar analysis on the McAfee Endpoint Encryption for Mac?
Has anyone tried to use the “tools” with Mavericks 10.9 FileVault 2 encrypted drives?