Abstract. We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative measure of avalanche. To address these needs, we present Mercy, a new block cipher accepting large (4096-bit) blocks, which uses a key-dependent state machine to build a bijective F function for a Feistel cipher. Mercy achieves 9 cycles/byte on a Pentium compatible processor.

The Bitlocker Drive Encryption feature of Windows Vista poses an interesting set of security and performance requirements on the encryption algorithm used for the disk data. We discuss why no existing cipher satisfies the requirements of this application and document our solution which consists of using AES in CBC mode with a dedicated diffuser to improve the security against manipulation attacks. Copyright c ○ Microsoft Corp. Disclaimer This is a preliminary document and may be changed substantially prior to final commercial release of the software described. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WAR-

. This paper addresses the design issues and the security concept of the digital lecture board which is an enhanced whiteboard tailored to the speci#c needs of collaborativetypes of work, for instance, in computer#based distance education. The development of the digital lecture board emerged from our experiences with synchronous, computer# based distance education in the TeleTeaching projects of the University of Mannheim. For almost twoyears, wehave been using video conferencing tools for transmitting lectures and seminars. These tools proveto be far from optimal for this purpose since they do not takeinto account the speci#c requirements of teaching. Security issues suchasauthentication, secure key exchange, and fast symmetric encryption are almost completely neglected, even though security is extremely important to allow for con#dential, private sessions, and billing. 1 Introduction Computer#based video conferencing is one of today's most exciting multimedia applicatio...

This work investigates the state of the art in hard disk cryptography. As the choice of the cipher mode is essential for the security of hard disk data, we discuss the recent cipher mode developments at two standardisation bodies, NIST and IEEE. It is a necessity to consider new developments, as the most common cipher mode – namely CBC – has many security problems. This work devotes a chapter to the analysis of CBC weaknesses. Next to others, the main contributions of this work are (1) efficient algorithms for series of multiplications in a finite field (Galois Field), (2) analysis of the security of password-based cryptography with respect to low entropy attacks and (3) a design template for secure key management, namely TKS1. For the latter, it is assumed that key management has to be done on regular user hardware in the absence of any special security hardware like key tokens. We solve the problems arising from magnetic storage by introducing a method called anti-forensic information splitter. This work is complemented by the presentation of a system implementing a variant

We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows ' baroque name syntax- including restrictions on allowable characters, on the terminal character, and on several specific names- we develop a cryptographic process, called "exclusive encryption, " that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing caseinsensitive uniqueness for Unicode names.

In this paper we present a group of statistical tests that explore the random behavior of encryption modes of operations, when used in disk encryption applications. The results of these tests help us to better understand how these modes work. We tested ten modes of operations with the presented statistical tests, five of the narrow-block type and the other five of the wide-block type. Our analysis shows some weakness in some of these modes. Keywords: Disk encryption, modes of operations, randomness, AES.

In this paper we present two approaches to combine recent results of cryptographic research with the requirements of modern multimedia systems. The first is to evaluate modern block ciphers in a JAVA--environment. The second approach is based on recent developments regarding fast Luby--Rackoff ciphers. Paradoxically, it deals with doing "high-bandwidth encryption with low-bandwidth smartcards".

An interesting trend in the continuing convergence of information technologies is the emergence of the Internet as a content provider in its own right, as opposed to its simply being one of many delivery channels. For example, it is increasingly the primary source for items such as court rulings and software releases. Unfortunately the IP protocols normally employed for reliable data transfer are of the point-to-point type and not well suited to large-scale one-to-many dissemination. Sudden rushes to obtain new items can cause severe traffic congestion and degrade network service across a whole region. Even worse, sites which are routinely popular cause routine congestion. Broadcast technologies should be able to provide a better solution in terms of scalability. The Internet has a mature protocol suite for IP multicast and more recently the traditional wireless broadcast industry has started moving from analog to digital transmission formats. However, in both these cases the emphasis in protocol development has been on support for continuous media, which requires timeliness of delivery rather than bit-perfect data integrity. A further problem with the new digital broadcast channels is their lack of support for integration with the Internet. This paper examines some of the issues involved in providing both reliable and scalable dissemination across broadcast channels and describes the DABWeb architecture for Internet content dissemination via digital broadcast.

In this paper, we present a novel Disk Encompression (i.e., encryption with compression) with Tweaked Code Book mode (DETCB). DETCB is Xor-Encrypt-Xor based Tweaked Code Book mode with CipherText Stealing. The objective is to present an efficient disk encryption which is faster, memory saving and is better resistant to the attacks. The proposed design is characterized by its high throughput compared to the current solutions. II. Disk Encryption Disk encryption is normally encoded all the data on the disk. The whole hard disk is encrypted with a single/multiple key(s) and encryption / decryption are done without user interference. The encryption is on the block level that means each block should be encrypted separately. A. Encryption with Compression and Error control