|
|
- 2016
一种Android平台下高性能透明文件加密机制
|
Abstract:
针对Android平台当前采用的文件加密机制不能兼顾高安全性和高I/O性能的问题,提出了一种新型的基于映射表加密和物理块加密的透明文件加密机制。该机制使用10轮AES??128块加密算法加密文件的逻辑块与物理块的映射关系,使用改进的7轮AES-128块加密算法加密存储文件数据的物理块,从而在安全性和I/O性能之间寻求平衡。通过密码学理论推导证明了该机制的密码强度不低于Android平台当前采用的加密机制,通过I/O性能理论分析得出该机制的I/O性能优于Android平台当前采用的文件加密机制。此外,在Google Nexus 4智能手机上分别对该机制和Android平台当前采用的文件加密机制进行了108种不同测试条件下的I/O性能测试,测试结果验证了I/O性能理论分析得出的结论,并且发现:该机制的I/O写入性能比率比Android平台当前采用的文件加密机制平均高出13??12%,该机制的I/O读取性能比率比Android平台当前采用的文件加密机制平均高出16.16%。
It is regarded as a design defect that high I/O performance is not compatible to high security in the file encryption mechanism used nowadays in Android platform. To solve this problem, we presented a new transparent file encryption mechanism based on the mapping chart encryption and physical block encryption. It applies 10??round AES-128 block cipher algorithm to the mapping chart encryption and applies revised 7??round AES-128 block cipher algorithm to physical block encryption, which contributes to the balance between I/O performance and high security. Then we performed cryptanalysis and proved that the cipher strength of our mechanism is not lower than Android’s. In addition, we have conducted I/O performance theoretical analysis and concluded that the I/O performance of this mechanism is higher than Android’s. Moreover, we also performed 108 I/O performance tests in different test conditions on Google Nexus 4 smart phone. The result of these tests not only verifies the conclusion proved by I/O performance analysis, but also shows that the I/O writing performance of our mechanism is 13.12% higher than Android’s and the I/O reading performance is 16.16% higher than that of Android system
| [1] | [11]MEDIA W. Ext4 disk layout [EB/OL]. [2015??05??21]. https: ∥ext4??wiki??kernel??org/index??php/Ext4_Disk_Layout, 2014. |
| [2] | [2]CROWLEY P. Mercy: a fast large block cipher for disk sector encryption [C]∥Fast Software Encryption. Berlin, Germany: Springer, 2001: 49??63. |
| [3] | [3]FLUHRER S R. Cryptanalysis of the mercy block cipher [C]∥Fast Software Encryption. Berlin, Germany: Springer, 2002: 28??36. |
| [4] | [4]AGOSTA G, BARENGHI A, DE SANTIS F, et al. Fast disk encryption through GPGPU acceleration [C]∥International Conference on Parallel and Distributed Computing, Applications and Technologies. Piscataway, NJ, USA: IEEE, 2009: 102??109. |
| [5] | [5]LI Jun, YU Huiping. Trusted full disk encryption model based on TPM [C]∥2010 2nd International Conference on Information Science and Engineering. Piscataway, NJ, USA: IEEE, 2010: 1??4. |
| [6] | [6]LV Y Q, ZHOU Q, CAI Y C, et al. Trusted integrated circuits: the problem and challenges [J]. Journal of Computer Science and Technology, 2014, 29(5): 918??928. |
| [7] | [7]WANG Z, MURMURIA R, STAVROU A. Implementing and optimizing an encryption filesystem on Android [C]∥13th International Conference on Mobile Data Management. Piscataway, NJ, USA: IEEE, 2012: 52??62. |
| [8] | [8]DAEMEN J, RIJMEN V. The design of Rijndael: AES??the advanced encryption standard [M]. Berlin, Germany: Springer, 2013. |
| [9] | [9]DESAI A, YIN Y, HEVIA A. Enhanced ANSI X9??17 pseudorandom number generators with forward security: US 7, 227, 951 [P]. 2007??06??05. |
| [10] | [10]BOGDANOV A, KHOVRATOVICH D, RECHBERGER C. Advances in Cryptology??ASIACRYPT 2011[M]. Berlin, Germany: Springer, 2011: 344??371. |
| [11] | [1]胡文君, 赵双, 陶敬, 等. 一种针对Android平台恶意代码的检测方法及系统实现 [J]. 西安交通大学报, 2013, 47(10): 37??43. |
| [12] | HU Wenjun, ZHAO Shuang, TAO Jing, et al. A detection method and system implementation for Android malware [J]. Journal of Xi’an Jiaotong University, 2013, 47(10): 37??43. |
