Full disk encryption
Encyclopedia
Disk encryption uses disk encryption software
or hardware
to encrypt
every bit
of data that goes on a disk
or disk volume
. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" (or whole disk encryption) is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable
operating system
partitions
. But they must still leave the master boot record
(MBR), and thus part of the disk, unencrypted. There are, however, hardware-based full disk encryption
systems that can truly encrypt the entire boot disk, including the MBR.
with the intention of providing a more secure implementation. Since disk encryption generally uses the same key
for encrypting the whole volume, all data is decryptable when the system runs. However, some disk encryption solutions use multiple keys for encrypting different partitions. If an attacker gains access to the computer at run-time, the attacker has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.
Unlike disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata
, such as the directory structure, file names, modification timestamps or sizes.
(TPM) is a secure cryptoprocessor
embedded in the motherboard
that can be used to authenticate
a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.
A limited number of disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying the hard disk drive (HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail. Recovery is possible with the decryption password
or token
.
Although this has the advantage that the disk cannot be removed from the device, it might create a single point of failure
in the encryption. For example, if something happens to the TPM or the motherboard
, a user would not be able to access the data by connecting the hard drive to another computer, unless that user has a separate recovery key.
-based within the storage device, and hardware
-based elsewhere (such as CPU or host bus adaptor). Hardware-based Full Disk Encryption
within the storage device are called self-encrypting drives and have no impact on performance whatsoever. Furthermore the media-encryption key never leaves the device itself and is therefore not available to any virus in the operating system. The Trusted Computing Group
Opal drive provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions although CPU versions may still have a performance impact, and the media encyption keys are not as well protected. All solutions for the boot drive require a Pre-Boot Authentication
component which is available for all types of solutions from a number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since the symmetric cryptography is usually strong.
password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of disk encryption solutions.
Some benefits of challenge/response password recovery:
Some benefits of ERI file recovery:
, whereby encryption keys
can be stolen by cold-booting
a machine already running an operating system
, then dumping the contents of memory
before the data disappears. The attack relies on the data remanence
property of computer memory, whereby data bit
s can take up to several minutes to degrade after power has been removed. Even a Trusted Platform Module
(TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.
All software-based encryption systems are vulnerable to various side channel attack
s such as acoustic cryptanalysis
and hardware keylogger
s.
is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is a user interface to ask for a password. Most Full Disk Encryption solutions utilize Pre-Boot Authentication
by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such as BitLocker Drive Encryption
can make use of hardware such as a Trusted Platform Module
to ensure the integrity of the boot environment, and thereby frustrate attacks that target the boot loader by replacing it with a modified version. This ensures that authentication
can take place in a controlled environment without the possibility of a bootkit being used to subvert the pre-boot decryption.
With a Pre-Boot Authentication
environment, the key used to encrypt the data is not decrypted until an external key is input into the system.
Solutions for storing the external key include:
All these possibilities have varying degrees of security, however most are better than an unencrypted disk.
Disk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
or hardware
Disk encryption hardware
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses hardware which is used to implement the technique...
to encrypt
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
every bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
of data that goes on a disk
Disk storage
Disk storage or disc storage is a general category of storage mechanisms, in which data are digitally recorded by various electronic, magnetic, optical, or mechanical methods on a surface layer deposited of one or more planar, round and rotating disks...
or disk volume
Volume (computing)
In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" (or whole disk encryption) is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
partitions
Disk partitioning
Disk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
. But they must still leave the master boot record
Master boot record
A master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
(MBR), and thus part of the disk, unencrypted. There are, however, hardware-based full disk encryption
Hardware-based full disk encryption
Hardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
systems that can truly encrypt the entire boot disk, including the MBR.
Disk encryption vs. filesystem-level encryption
Disk encryption does not replace file or directory encryption in all situations. Disk encryption is sometimes used in conjunction with filesystem-level encryptionFilesystem-level encryption
Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself...
with the intention of providing a more secure implementation. Since disk encryption generally uses the same key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
for encrypting the whole volume, all data is decryptable when the system runs. However, some disk encryption solutions use multiple keys for encrypting different partitions. If an attacker gains access to the computer at run-time, the attacker has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.
Unlike disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata
Metadata
The term metadata is an ambiguous term which is used for two fundamentally different concepts . Although the expression "data about data" is often used, it does not apply to both in the same way. Structural metadata, the design and specification of data structures, cannot be about data, because at...
, such as the directory structure, file names, modification timestamps or sizes.
Disk encryption and Trusted Platform Module
Trusted Platform ModuleTrusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
(TPM) is a secure cryptoprocessor
Secure cryptoprocessor
A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance....
embedded in the motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...
that can be used to authenticate
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.
A limited number of disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying the hard disk drive (HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail. Recovery is possible with the decryption password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
or token
Security token
A security token may be a physical device that an authorized user of computer services is given to ease authentication...
.
Although this has the advantage that the disk cannot be removed from the device, it might create a single point of failure
Single point of failure
A single point of failure is a part of a system that, if it fails, will stop the entire system from working. They are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.-Overview:Systems can be made...
in the encryption. For example, if something happens to the TPM or the motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...
, a user would not be able to access the data by connecting the hard drive to another computer, unless that user has a separate recovery key.
Implementations
There are multiple tools available in the market that allow for disk encryption. However, they vary greatly in features and security. They are divided into three main categories: software-based, hardwareHardware
Hardware is a general term for equipment such as keys, locks, hinges, latches, handles, wire, chains, plumbing supplies, tools, utensils, cutlery and machine parts. Household hardware is typically sold in hardware stores....
-based within the storage device, and hardware
Hardware
Hardware is a general term for equipment such as keys, locks, hinges, latches, handles, wire, chains, plumbing supplies, tools, utensils, cutlery and machine parts. Household hardware is typically sold in hardware stores....
-based elsewhere (such as CPU or host bus adaptor). Hardware-based Full Disk Encryption
Hardware-based full disk encryption
Hardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
within the storage device are called self-encrypting drives and have no impact on performance whatsoever. Furthermore the media-encryption key never leaves the device itself and is therefore not available to any virus in the operating system. The Trusted Computing Group
Trusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
Opal drive provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions although CPU versions may still have a performance impact, and the media encyption keys are not as well protected. All solutions for the boot drive require a Pre-Boot Authentication
Pre-boot authentication
Pre-Boot Authentication or Power-On Authentication serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer...
component which is available for all types of solutions from a number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since the symmetric cryptography is usually strong.
Password/data recovery mechanism
Secure and safe recovery mechanisms are essential to the large-scale deployment of any disk encryption solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password.Challenge/response password recovery mechanism
Challenge/ResponseChallenge-response authentication
In computer security, challenge-response authentication is a family of protocols in which one party presents a question and another party must provide a valid answer to be authenticated....
password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of disk encryption solutions.
Some benefits of challenge/response password recovery:
- No need for the user to carry a disc with recovery encryption key.
- No secret data is exchanged during the recovery process.
- No information can be sniffed.
- Does not require a network connection, i.e. it works for users that are at a remote location.
Emergency Recovery Information (ERI) file password recovery mechanism
An Emergency Recovery Information (ERI) file provides an alternative for recovery if a challenge response mechanism is unfeasible due to the cost of helpdesk operatives for small companies or implementation challenges.Some benefits of ERI file recovery:
- Small companies can use it without implementation difficulties
- No secret data is exchanged during the recovery process.
- No information can be sniffed.
- Does not require a network connection, i.e. it works for users that are at a remote location.
Security concerns
Most full disk encryption schemes are vulnerable to a cold boot attackCold boot attack
In cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
, whereby encryption keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
can be stolen by cold-booting
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
a machine already running an operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, then dumping the contents of memory
Static random access memory
Static random-access memory is a type of semiconductor memory where the word static indicates that, unlike dynamic RAM , it does not need to be periodically refreshed, as SRAM uses bistable latching circuitry to store each bit...
before the data disappears. The attack relies on the data remanence
Data remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
property of computer memory, whereby data bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s can take up to several minutes to degrade after power has been removed. Even a Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
(TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.
All software-based encryption systems are vulnerable to various side channel attack
Side channel attack
In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms...
s such as acoustic cryptanalysis
Acoustic cryptanalysis
Acoustic cryptanalysis is a side channel attack which exploits sounds emitted by computers or machines. Modern acoustic cryptanalysis mostly focuses on sounds emitted by computer keyboards and internal computer components, but historically it has also been applied to impact printers and...
and hardware keylogger
Hardware keylogger
Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including sensitive passwords. They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer...
s.
Benefits
Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of disk encryption:- Nearly everything including the swap space and the temporary fileTemporary fileTemporary files may be created by computer programs for a variety of purposes; principally when a program cannot allocate enough memory for its tasks, when the program is working on data bigger than the architecture's address space, or as a primitive form of inter-process communication.- Auxiliary...
s is encrypted. Encrypting these files is important, as they can reveal important confidential data. With a software implementation, the bootstrappingBootstrappingBootstrapping or booting refers to a group of metaphors that share a common meaning: a self-sustaining process that proceeds without external help....
code cannot be encrypted however. (For example, BitLocker Drive EncryptionBitLocker Drive EncryptionBitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...
leaves an unencrypted volumeVolume (computing)In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
to bootBootingIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
from, while the volume containing the operating system is fully encrypted.) - With full disk encryption, the decision of which individual files to encrypt is not left up to users' discretion. This is important for situations in which users might not want or might forget to encrypt sensitive files.
- Immediate data destruction, as simply destroying the cryptography keys renders the contained data useless. However, if security towards future attacks is a concern, purgingData remanenceData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
or physical destruction is advised.
The boot key problem
One issue to address in full disk encryption is that the blocks where the operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is a user interface to ask for a password. Most Full Disk Encryption solutions utilize Pre-Boot Authentication
Pre-boot authentication
Pre-Boot Authentication or Power-On Authentication serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer...
by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such as BitLocker Drive Encryption
BitLocker Drive Encryption
BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...
can make use of hardware such as a Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
to ensure the integrity of the boot environment, and thereby frustrate attacks that target the boot loader by replacing it with a modified version. This ensures that authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
can take place in a controlled environment without the possibility of a bootkit being used to subvert the pre-boot decryption.
With a Pre-Boot Authentication
Pre-boot authentication
Pre-Boot Authentication or Power-On Authentication serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer...
environment, the key used to encrypt the data is not decrypted until an external key is input into the system.
Solutions for storing the external key include:
- Username / password
- Using a smartcard in combination with a PIN
- Using a biometric authentication method such as a fingerprint
- Using a dongleDongleA software protection dongle is a small piece of hardware that plugs into an electrical connector on a computer and serves as an electronic "key" for a piece of software; the program will only run when the dongle is plugged in...
to store the key, assuming that the user will not allow the dongle to be stolen with the laptop or that the dongle is encrypted as well. - Using a boot-time driver that can ask for a password from the user
- Using a network interchange to recover the key, for instance as part of a PXEPreboot Execution EnvironmentThe Preboot eXecution Environment is an environment to boot computers using a network interface independently of data storage devices or installed operating systems.PXE was introduced as part of the Wired for Management framework by Intel and is described in the specification The Preboot...
boot - Using a TPMTrusted Platform ModuleIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
to store the decryption key, preventing unauthorized access of the decryption key or subversion of the boot loader. - Use a combination of the above
All these possibilities have varying degrees of security, however most are better than an unencrypted disk.
See also
- EncryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
- Disk encryption hardwareDisk encryption hardwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses hardware which is used to implement the technique...
- Hardware-based full disk encryptionHardware-based full disk encryptionHardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
- Disk encryption softwareDisk encryption softwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
- Disk encryption theory
- Digital forensicsDigital forensicsDigital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime...
- Single sign-onSingle sign-onSingle sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
- United States v. BoucherUnited States v. BoucherIn re Boucher, No. 2:06-mj-91, 2009 WL 424718, is a federal criminal case in Vermont, which was the first to address directly the question of whether a person can be compelled to reveal his or her encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against...
External links
- Presidential Mandate requiring data encryption on US government agency laptops
- On-The-Fly Encryption: A Comparison - Reviews and lists the different features of many disk encryption systems
- All about on-disk/full-disk encryption on one page - a page covering the use of dm-crypt/LUKS on Linux, starting with theory and ending with many practical examples about its usage.