Efficient disk encryption and verification through trusted nonce

Approach that integrates encryption and verification is proposed to protect hard disk data. For each data sector, MAC is calculated and the (data sector, MAC) pair is encrypted through the encryption key deduced from the secret root key and a unique nonce. By assuring the nonce to be trusted or untampered through hash tree, data can then be properly decrypted and authenticated. To achieve satisfiable performance, it applies stream cipher to offload the encryption cost, and adopts special structure hash tree with hot-access-windows to fulfill nonce checking efficiently. Ultimately, it can provide data protection with characteristics like solid resistance against any attacks, online working mode, low-level protecting, and high performance. Related model, approaches and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to build secure disk.