Disk encryption software
Encyclopedia
To protect confidentiality of the data stored on a computer disk a computer security
technique called disk encryption
is used. This article discusses software that is used to implement the technique (for cryptographic aspects of the problem see disk encryption
). Compared to access restrictions commonly enforced by an OS
, this technique allows data be to be protected even when the OS is not active, for example, if data are read directly from the hardware.
Such software encrypts
data stored on a computer's mass storage
and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a password
or passphrase
at the beginning of a session) is required. Some also provide plausible deniability
with deniable encryption
techniques.
The volume
-level encryption is particularly suited to portable devices such as laptop computers and thumb drives. If used properly, someone finding a lost device will have access only to inaccessible encrypted files. A strong passphrase (e.g. five or more diceware
words) is essential for full security.
Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software that encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software that can be used for file encryption are special-purpose software (e.g., GNU Privacy Guard
and PGP
), file archiver
s, and even some text editor
s (e.g., emacs
or vi
)
Once a hidden volume has been created inside another volume, the user will store important-looking information (but which the user does not actually mind revealing) on the outer volume, whereas sensitive information is stored within the hidden volume.
In the event the hidden volume user is forced to reveal their password, they can divulge the password to the outer volume (not disclosing the fact that they actually have a hidden volume within), and sensitive data within the hidden volume are not compromised; provided certain additional precautions are taken in overwriting the free areas of the "host" disk.
without knowing the key
, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher. This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume.
A file hosted volume (as opposed to partitions) may look out of place in some cases since it will be entirely random data placed in a file intentionally. However, a partition or device hosted volume will look no different than a partition or device that has been wiped with a common disk wiping tool such as Darik's Boot and Nuke
. One can plausibly claim that such a device or partition has been wiped to clear personal data.
Portable or "traveller mode" means the encryption software can be run without installation to the system hard drive. In this mode, the software typically installs a temporary driver from the portable media. Since it is installing a driver (albeit temporarily), administrative privileges are still required.
s" to achieve this.
Restoring the backup copy of these data may reset the volume's password to what it was when the backup was taken.
in dynamic random access memory
(DRAM), again with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to demonstrate a cold boot attack
to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
technique called disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
is used. This article discusses software that is used to implement the technique (for cryptographic aspects of the problem see disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
). Compared to access restrictions commonly enforced by an OS
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, this technique allows data be to be protected even when the OS is not active, for example, if data are read directly from the hardware.
Such software encrypts
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
data stored on a computer's mass storage
Mass storage
In computing, mass storage refers to the storage of large amounts of data in a persisting and machine-readable fashion. Devices and/or systems that have been described as mass storage include tape libraries, RAID systems, hard disk drives, magnetic tape drives, optical disc drives, magneto-optical...
and transparently decrypts the information when an authorized user requests it: no special action by the user (except supplying a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
or passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
at the beginning of a session) is required. Some also provide plausible deniability
Plausible deniability
Plausible deniability is, at root, credible ability to deny a fact or allegation, or to deny previous knowledge of a fact. The term most often refers to the denial of blame in chains of command, where upper rungs quarantine the blame to the lower rungs, and the lower rungs are often inaccessible,...
with deniable encryption
Deniable encryption
In cryptography and steganography, deniable encryption is encryption that allows its users to convincingly deny that the data is encrypted, or that they are able to decrypt it. Such convincing denials may or may not be genuine. For example, although suspicions might exist that the data is...
techniques.
The volume
Volume (computing)
In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
-level encryption is particularly suited to portable devices such as laptop computers and thumb drives. If used properly, someone finding a lost device will have access only to inaccessible encrypted files. A strong passphrase (e.g. five or more diceware
Diceware
Diceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g....
words) is essential for full security.
Although disk encryption software can transparently operate on an entire disk volume, a directory, or even a single file, it is important to differentiate it with (non-transparent) file encryption software that encrypts or decrypts only individual files and always the whole file (the decrypted file is stored in a temporary file in an unencrypted form). Examples of software that can be used for file encryption are special-purpose software (e.g., GNU Privacy Guard
GNU Privacy Guard
GNU Privacy Guard is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP...
and PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
), file archiver
File archiver
A file archiver is a computer program that combines a number of files together into one archive file, or a series of archive files, for easier transportation or storage...
s, and even some text editor
Text editor
A text editor is a type of program used for editing plain text files.Text editors are often provided with operating systems or software development packages, and can be used to change configuration files and programming language source code....
s (e.g., emacs
Emacs
Emacs is a class of text editors, usually characterized by their extensibility. GNU Emacs has over 1,000 commands. It also allows the user to combine these commands into macros to automate work.Development began in the mid-1970s and continues actively...
or vi
Vi
vi is a screen-oriented text editor originally created for the Unix operating system. The portable subset of the behavior of vi and programs based on it, and the ex editor language supported within these programs, is described by the Single Unix Specification and POSIX.The original code for vi...
)
Common features
This section lists features commonly found in disk encryption software, though not all functions may be provided in any given system.Plausible deniability
Some disk encryption systems offer two levels of Plausible Deniability, which might be useful in case a user is required to reveal the password of an encrypted volume.Hidden volumes
Hidden volumes are a steganographic feature that allows a second, "hidden", volume to be created within the free space of another "container" volume. The hidden volume can have its own separate file system and uses a different password, encryption algorithm and encryption key from that of the host volume, referred to as the "outer" volume. Which volume is actually mounted depends on the password provided; if the password to the outer volume is provided, the outer volume is mounted, and likewise for the inner volume.Once a hidden volume has been created inside another volume, the user will store important-looking information (but which the user does not actually mind revealing) on the outer volume, whereas sensitive information is stored within the hidden volume.
In the event the hidden volume user is forced to reveal their password, they can divulge the password to the outer volume (not disclosing the fact that they actually have a hidden volume within), and sensitive data within the hidden volume are not compromised; provided certain additional precautions are taken in overwriting the free areas of the "host" disk.
No identifying features
Volumes, be they stored in a file or a device/partition, may intentionally not contain any discernible "signatures" or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a pseudorandom permutationPseudorandom permutation
In cryptography, the term pseudorandom permutation, abbreviated PRP, refers to a function that cannot be distinguished from a random permutation with practical effort.A pseudorandom permutation family is a collection of pseudorandom permutations,...
without knowing the key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher. This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume.
A file hosted volume (as opposed to partitions) may look out of place in some cases since it will be entirely random data placed in a file intentionally. However, a partition or device hosted volume will look no different than a partition or device that has been wiped with a common disk wiping tool such as Darik's Boot and Nuke
Darik's Boot and Nuke
Darik's Boot and Nuke is an open source project hosted on SourceForge. The program is designed to securely erase a hard disk until data is permanently removed and no longer recoverable, which is achieved by overwriting the data with random numbers generated by Mersenne twister or ISAAC...
. One can plausibly claim that such a device or partition has been wiped to clear personal data.
Portable or "traveller mode" means the encryption software can be run without installation to the system hard drive. In this mode, the software typically installs a temporary driver from the portable media. Since it is installing a driver (albeit temporarily), administrative privileges are still required.
Resizable volumes
Some disk encryption software allows encrypted volumes to be resized. Not many systems implement this fully, and resort to using "sparse fileSparse file
In computer science, a sparse file is a type of computer file that attempts to use file system space more efficiently when blocks allocated to the file are mostly empty. This is achieved by writing brief information representing the empty blocks to disk instead of the actual "empty" space which...
s" to achieve this.
Backups
Encrypted volumes contain "header" (or "CDB") data, which may be backed up. Overwriting these data will destroy the volume, so the ability to back them up is useful.Restoring the backup copy of these data may reset the volume's password to what it was when the backup was taken.
Recovery of keys from computer memory
A 2008 study found data remanenceData remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
in dynamic random access memory
Dynamic random access memory
Dynamic random-access memory is a type of random-access memory that stores each bit of data in a separate capacitor within an integrated circuit. The capacitor can be either charged or discharged; these two states are taken to represent the two values of a bit, conventionally called 0 and 1...
(DRAM), again with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to demonstrate a cold boot attack
Cold boot attack
In cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.
See also
- Disk encryption hardwareDisk encryption hardwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses hardware which is used to implement the technique...
- Comparison of disk encryption softwareComparison of disk encryption software-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...
- Data remanenceData remanenceData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
- Disk & Full disk encryptionFull disk encryptionDisk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
- On-The-Fly EncryptionOTFEOn-the-fly encryption , also known as Real-time Encryption, is a method used by some encryption programs, for example, disk encryption software...
- Cold boot attackCold boot attackIn cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
- Single sign-onSingle sign-onSingle sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
- United States v. BoucherUnited States v. BoucherIn re Boucher, No. 2:06-mj-91, 2009 WL 424718, is a federal criminal case in Vermont, which was the first to address directly the question of whether a person can be compelled to reveal his or her encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against...
External links
- Detailed wiki-style article on disk encryption at infoanarchy.org
- Inside NetBSDs CGD
- Encrypting filesystems under Linux - HOWTO
- On-The-Fly Encryption: A Comparison - Reviews and lists the different features of many disk encryption systems