Disk encryption software: Difference between revisions

Content deleted Content added

Inline

Revision as of 09:10, 7 September 2011

Template:Wikify is deprecated. Please use a more specific cleanup template as listed in the documentation.

To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique (for cryptographic aspects of the problem see disk encryption). Compared to access restrictions commonly enforced by an OS, this technique allows data be to be protected even when the OS is not active, for example, if data are read directly from the hardware.

Such software encrypts data stored on a computer's mass storage and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a password or passphrase at the beginning of a session) is required. Some also provide plausible deniability with deniable encryption techniques.

The volume-level encryption is particularly suited to portable devices such as laptop computers and thumb drives. If used properly, someone finding a lost device will have access only to inaccessible encrypted files. A strong passphrase (e.g. five or more diceware words) is essential for full security.

Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software that encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software that can be used for file encryption are special-purpose software (e.g., GNU Privacy Guard and PGP), file archivers, and even some text editors (e.g., emacs or vi)

Common features

This section lists features commonly found in disk encryption software, though not all functions may be provided in any given system.

Plausible deniability

Some disk encryption systems offer two levels of Plausible Deniability, which might be useful in case a user is required to reveal the password of an encrypted volume.

Hidden volumes

Hidden volumes are a steganographic feature that allows a second, "hidden", volume to be created within the free space of another "container" volume. The hidden volume can have its own separate file system and uses a different password, encryption algorithm and encryption key from that of the host volume, referred to as the "outer" volume. Which volume is actually mounted depends on the password provided; if the password to the outer volume is provided, the outer volume is mounted, and likewise for the inner volume.

Once a hidden volume has been created inside another volume, the user will store important-looking information (but which the user does not actually mind revealing) on the outer volume, whereas sensitive information is stored within the hidden volume.

In the event the hidden volume user is forced to reveal their password, they can divulge the password to the outer volume (not disclosing the fact that they actually have a hidden volume within), and sensitive data within the hidden volume are not compromised; provided certain additional precautions are taken in overwriting the free areas of the "host" disk.^[1]

No identifying features

Volumes, be they stored in a file or a device/partition, may intentionally not contain any discernible "signatures" or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a pseudorandom permutation without knowing the key, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher.^[2] This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume.

A file hosted volume (as opposed to partitions) may look out of place in some cases since it will be entirely random data placed in a file intentionally. However, a partition or device hosted volume will look no different than a partition or device that has been wiped with a common disk wiping tool such as Darik's Boot and Nuke. One can plausibly claim that such a device or partition has been wiped to clear personal data.

Portable or "traveller mode" means the encryption software can be run without installation to the system hard drive. In this mode, the software typically installs a temporary driver from the portable media. Since it is installing a driver (albeit temporarily), administrative privileges are still required.

Resizable volumes

Some disk encryption software allows encrypted volumes to be resized. Not many systems implement this fully, and resort to using "sparse files" to achieve this.^{[citation needed]}

Backups

Encrypted volumes contain "header" (or "CDB") data, which may be backed up. Overwriting these data will destroy the volume, so the ability to back them up is useful.

Restoring the backup copy of these data may reset the volume's password to what it was when the backup was taken.

Recovery of keys from computer memory

A 2008 study found data remanence in dynamic random access memory (DRAM), again with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature; longest by dumping computer to liquid helium. The study authors were able to demonstrate a cold boot attack to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.^[3]

References

^ Plausible Deniability - FreeOTFE instructions for initializing an encrypted disk such that the presence of a hidden disk cannot be detected
^ This is a design criterion of modern ciphers; in other words, ciphers are considered broken if their output is discernible from random.
Mihir Bellare, Phillip Rogaway (2005-09-20). "Chapter 3: Pseudorandom functions". Introduction to Modern Cryptography. p. 7. Retrieved 2007-09-30.
^ J. Alex Halderman; et al. (February 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys" (PDF). {{cite journal}}: Cite journal requires |journal= (help); Explicit use of et al. in: |author= (help)

External links

Hard Disk Encryption at Curlie
Detailed wiki-style article on disk encryption at infoanarchy.org
Inside NetBSDs CGD
Encrypting filesystems under Linux - HOWTO
On-The-Fly Encryption: A Comparison - Reviews and lists the different features of many disk encryption systems

[1] Plausible Deniability - FreeOTFE instructions for initializing an encrypted disk such that the presence of a hidden disk cannot be detected

[2] This is a design criterion of modern ciphers; in other words, ciphers are considered broken if their output is discernible from random.
Mihir Bellare, Phillip Rogaway (2005-09-20). "Chapter 3: Pseudorandom functions". Introduction to Modern Cryptography. p. 7. Retrieved 2007-09-30.

[3] J. Alex Halderman; et al. (February 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys" (PDF). {{cite journal}}: Cite journal requires |journal= (help); Explicit use of et al. in: |author= (help)

[1]

[2]

[3]

@@ Line 43: / Line 43: @@
 ==Recovery of keys from computer memory==
-A 2008 study found [[data remanence]] in [[dynamic random access memory]] (DRAM), again with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to demonstrate a [[cold boot attack]] to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.<ref>{{cite journal|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=J. Alex Halderman, et al.|date=February 2008|url=http://citp.princeton.edu.nyud.net/pub/coldboot.pdf}}</ref>
+A 2008 study found [[data remanence]] in [[dynamic random access memory]] (DRAM), again with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature; longest by dumping computer to [[liquid helium]]. The study authors were able to demonstrate a [[cold boot attack]] to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.<ref>{{cite journal|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=J. Alex Halderman, et al.|date=February 2008|url=http://citp.princeton.edu.nyud.net/pub/coldboot.pdf}}</ref>
 ==See also==