A Hard Disk Encryption And Secure Authentication System Based On Ukey And LiveOS

With the advent of the information era,computer is widely used,the data stored in hard disks has a geometric growth,Data storage security has become more and more important.Encryption is still the main trend and means to protect the data in hard disks.Current software encryption schemes for hard disk are not secure enough and have low performance;hardware encryption schemes,such as Encryption Card and FPGA,are secure enough but lack reliable identity authentication scheme and necessary secret key recovery mechanism;Authentication scheme based on BIOS is safe,but the disk can only work under the environment of customized BIOS,which results in low hard disk versatility.Under this background,aimming at personal computer like desktop and laptop,this paper put forward and realized a new hard disk encryption and secure authentication system,which is based on Ukey and LiveOS,and it's superior to the existing solutions in the overall security,performance,usability and versatility.On hardware scheme,a Solid State Disk(SSD)controller with hardware encryption engine is used to encrypt disk in real time,and the secret key is stored in Ukey,which is separate from encryption engine.the encrypted SSD can only be decrypted and boot by the only Ukey that was paired before.On software scheme,we make a custom linux-based LveOS through the Linux kernel cutting and compilation,the custom of the initrd file system and configuration of bootstrap,which provids a safe and universal environment for pairing,authentication and key delivery between SSD and Ukey.the pairing and authentication scheme is the core of the whole disk encryption and security authentication system,in this paper,we pair SSD and Ukey through the exchange of public key of SM2 algorithm,and PIN is set for Ukey.Authentication is based on challenge-response method and in cooperation with the SSD firmware,we eliminate the possibility of replay attacks.Finally we put forward a secure secret key recovery scheme with double factor authentication.According to the requirements of the entire security authentication scheme,we design APIs for Ukey and SSD,which is based on Linux SCSI protocol,finally,we combine the authentication program with LiveOS to realize disk encryption and secure authentication.Finally,we test the feasibility of the entire hard disk encryption and securityauthentication system on PC,and compare reading and writing performance of SSD.We analyse the system security in detail from three aspects:the firmware,the secret key,and the LiveOS.Generally speaking,the disk encryption and security authentication system based on Ukey and LiveOS achieves the expected effect,which can ensure performance and security and also has good versatility and usability.