BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Analysis of FileVault 2: Apple's full disk encryption scheme - Oma
 r Choudary (University of Cambridge)
DTSTART:20121016T151500Z
DTEND:20121016T161500Z
UID:TALK39684@talks.cam.ac.uk
CONTACT:Wei Ming Khoo
DESCRIPTION:With the launch of Mac OS X 10.7 (Lion)\, Apple has introduced
  a volume encryption mechanism known as FileVault 2. Apple only disclosed 
 marketing aspects of the closed-source software\, e.g. its use of the AES-
 XTS tweakable encryption\, but a publicly available security evaluation an
 d detailed description was unavailable until recently.\n\nWe have performe
 d an extensive analysis of FileVault 2 and we have been able to find all t
 he algorithms and parameters needed to successfully read an encrypted volu
 me. This allows us to perform forensic investigations on encrypted volumes
  using our own tools.\n\nIn this presentation I will present the architect
 ure of FileVault 2\, giving details of the key derivation\, encryption pro
 cess and metadata structures needed to perform the volume decryption. I wi
 ll also comment on the security of the system and the analysis we have per
 formed.\n\nBesides the analysis of the system\, we have also built a libra
 ry that can mount a volume encrypted with FileVault 2. As a contribution t
 o the research and forensic communities we have made this library open sou
 rce.\n\nThe paper is available at\nhttp://eprint.iacr.org/2012/374
LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR