Improving Full Disk Encryption

Disk encryption in Linux is based on userspace cryptsetup project, LUKS on-disk format, and kernel device-mapper dm-crypt driver. The primary focus of this project is also data integrity protection, either in combination with encryption (authentication encryption) or standalone using dm-integrity and dm-verity kernel driver.

This long-term project focuses not only on improvements based on research and state-of-the-art applied to real Linux distributions (our code is in the upstream repository and part of Red Hat products).

As research activity, we also provide an independent and open-source implementation of other disk encryption formats like TrueCrypt/VeraCrypt or BitLocker, implemented through native Linux dm-crypt. The project is a joint cooperation of Red Hat Czech and CRoCS laboratory at Faculty of informatics, Masaryk University.

We support students to join us, either as research interns or leading bachelor or diploma theses. Some successfully finished theses in project include:

• Bitlocker Disk Encryption in the Linux Environment – Master’s Thesis
• Argon2 function and hardware platform optimizations for OpenSSL – Bachelor’s thesis (Dean’s Award for an Outstanding Final Thesis)
• Argon2 security margin for disk encryption passwords – Master’s Thesis (Dean’s Award for an Outstanding Final Thesis)
• Forward error correction for storage applications – Bachelor’s thesis (Dean’s Award for an Outstanding Final Thesis)
• Optimizing authenticated encryption algorithms – Master’s Thesis (Dean’s Award for an Outstanding Final Thesis)
• Linux dm-crypt disk encryption in Windows environment – Bachelor’s thesis
• Operating system boot from fully encrypted device – Bachelor’s thesis
• User interface for storage encryption application – Bachelor’s thesis