One of the most important tools in the protection of data security is encryption. Data encryption is a key technology in preventing unauthorized disclosure of information as well as preventing corruption or intentional integrity changes. However, encryption is not foolproof and does not protect against everything. For example, encryption does not provide protection for availability. This tutorial addresses the uses and applications of data encryption in relation to data security. Keep in mind that although the focus is on data security, many of these issues apply to servers, mobile devices, and many other systems and situations. This tutorial does not focus on the algorithms of encryption or the actual implementation and management of cryptography.
Encryption is the technology that converts or transforms original data into a chaotic and seemingly random, and thus unintelligible, form. In cryptographic terms, the original usable data is called plaintext or cleartext. It is important to realize that this does not mean to simply that all data is text, but rather that it is in its original, usable form. The secured form of data is known as ciphertext. The process of converting or transforming from plaintext to ciphertext is encryption. The process of reverting back to plaintext from ciphertext is decryption.
The processes of encryption and decryption are managed by a complex set of mathematical operations known as an algorithm. Most modern algorithms use a random initial value and a key. The random initial value is known formally as the initialization vector (IV). The IV is a random number incorporated into the plaintext just before the actual encryption process starts. The key is the secret number used to lock the ciphertext so that only the intended recipient is able to decrypt the data back into plaintext. Both a key and an IV are needed by the recipient to perform decryption. It is essential that the key and IV be exchanged securely so that no unauthorized third parties have access to those values. All real-world data encryption solutions address these concerns and implement them around a specific individual algorithm or a set of algorithms.
Data encryption is used to provide security protection for data. Primarily, data encryption provides protection for the confidentiality of data. Because only those in possession of the correct key and IV for a specific ciphertext can decrypt it into plaintext, the content of the data is protected against unauthorized disclosure-assuming a reasonably strong algorithm, a reasonably difficult-to-guess key, and the use of reasonable security for key exchange.
Cryptography is an excellent security tool, but only for the purposes for which it is effective. Cryptography protects confidentiality. However, that protection is not guaranteed, only reasonably assured. The issue is that encryption is like a lock. If someone is skilled at lock picking, that person might eventually get lucky and figure out the key. Cryptography is constantly being pushed forward as attacks get better. More complicated algorithms and longer keys help cryptographic efforts stay in front of hackers' attempts to breach the protection. But because attacks are always getting better, the great encryption of today will eventually be the poor security of yesterday.
Within the realm of cryptography is another concept known as hashing. Hashing is used to detect violations of integrity-in other words, changes to data. Hashing works by creating a representative number from data. When a hash value is created, it marks the identity of data at that specific instant in time. At some future time, the data can be hashed again. If the second hash value matches the initial hash value, the data did not change during the interim time period, and thus its integrity was maintained. However, if the two hashes are not exactly the same value, then integrity was violated because something about the data changed during the interim time period. Thus, hashing detects integrity violations but does not prevent them.
Hashing has another benefit: it provides protection simply because of how hashing algorithms work. Hashing algorithms are one-way functions. This means that they can be calculated or run in a forward direction, but it is not possible to reverse them. Thus, after a hash value is calculated, it is not possible to decrypt or reverse the hash back into the original data. This is because hashing algorithms are based around lossy mathematical operations. A lossy mathematical operation is one that discards or drops data as it performs calculations. A common example of a lossy mathematical operation is that of modulo or mod. Modulo is a division function that keeps the remainder but discards the quotient. This one-way nature of hashing prevents data re-creation by reversing the hashing function.
A great way to think of hashing is to equate it with taking a photograph. By taking a snapshot of someone, you now have an image of them that you can use to recognize them in the future. However, with that image you are unable to create a clone of that person, because the photo does not include enough data about them, such as their DNA.
But wait, isn't there a big issue with password hashes being cracked to steal passwords? Yes, there is, but it is not decrypting the hash that is the problem here. The problem is that passwords are relatively short (most are fewer than 10 characters) and are created from common characters (such as lowercase letters only, or the standard options on a typical keyboard, such as uppercase or lowercase characters, numbers, and symbols). Hackers can crack passwords by either guessing or crafting potential passwords (input data) and then creating a hash from the result. Each potential password is then compared to the target in hopes of finding a match. If a match is found, then the crack has revealed the original password. Again, this is not decrypting the hash value, it is instead guessing the original password characters. A good defense against password cracking for end users is to use longer and more complex passwords, thus making it much less likely that a quick password crack will be successful.
Most data encryption tools use a combination of encryption processes and hashing processes to provide a complete security service for the data being protected. It is important to prevent data from falling into the wrong hands, and it is important to make sure that data is not changed or modified.
When you are selecting a data encryption solution, it is important to consider some of the features, options, or specifications of the available products before making a purchase and implementing the solution:
- Consider only products that offer strong algorithms, such as those vetted for use by the US federal government under FIPS (Federal Information Processing Standard) 140-2. If the product features only older algorithms, look for something more current.
- Be sure the solution includes integrity checking.
- Be sure the product offers options for the longest keys available for the algorithms supported.
- Favor products that ask for user input or activity to assist in the generation of random encryption key values.
- Select products that indicate that they use secure storage of keys, credentials, and other elements of identification and access.
Data encryption can be implemented to provide protection for a wide variety of data management situations, including full-disk, database, individual file, removable media, and mobile device encryption. All of these implementation scenarios are discussed in the following sections.
Full-disk encryption is the application of data encryption technology to an entire storage device. Though most full-disk encryption is focused on encrypting the standard or traditional spinning internal hard disk, it can also be used to encrypt solid-state disks, external disks, and removable disks.
Full-disk encryption can be provided natively by the operating system or through an installed third-party product. In addition to software solutions, there are also hardware devices that can provide encryption for entire storage devices; these include special versions of the storage devices themselves as well as some controller cards.
Full-disk encryption operates transparently to the end user after it is properly installed and configured. At least, it is transparent during normal activities. The user might be prompted upon startup to provide an additional set of credentials to unlock the encrypted storage device. Though multiple sets of credentials might be required for multiple configurations-for example, if an organization encrypts its data disks as well as its main operating system disk and external disks-the inconvenience is minimal and is not a significant burden to normal activities. After it is configured, full-disk encryption ensures that everything saved, copied, or moved to the storage device is automatically encrypted. Additionally, when the master unlock credentials are provided, all data on the disk is decrypted on the fly as it is read into memory by an application or any file management tool.
Full-disk encryption can be applied to the main operating system startup disk or to data disks. The encryption can be set to secure every disk in a system, or only disks containing sensitive information. Encrypted disks can be configured to be automatically unlocked upon startup or logon, or they can remain protected until a user specifically requests access to the secured disk. These are just some of the many options available with full-disk encryption.
Full-disk encryption offers several benefits over other forms of storage encryption, specifically when compared to file encryption. File encryption is discussed in detail in a later section. File encryption only encrypts individual files on a per-file request basis. The drawback to the file encryption approach is that metadata is not protected. When temporary copies of the file are made by applications or when some of the file's data located in RAM is paged off into the virtual memory swap file, those additional copies or versions of the data are not encrypted by the original file's encryption. All of the data on a storage device is encrypted when full-disk encryption is in use. Every file, all metadata, every temporary file, every swap file, everything on the storage device is protected with full-disk encryption.
A drawback to full-disk encryption is that a single master encryption key is used to encrypt the contents of the disk. If that one key is ever lost, corrupted, or stolen, it could be disastrous. A lost or corrupted key could result in legitimate users being blocked from gaining access to data on the protected storage device. A stolen key could allow someone to gain access to the data on the storage device. Thus, precautions should be taken to minimize these risks.
Full-disk encryption is never a substitute for a reliable backup system. Only backups are insurance against data loss or corruption. Full-disk encryption is potentially a protection against data loss or data leakage, but if the disk is damaged, lost, stolen, or otherwise becomes inaccessible, only with a backup can you regain access to the hosted data. Always back up all data, even if it is stored on a storage device hosting full-disk encryption.
Full-disk encryption will cause a significant delay in the startup process and can cause performance degradation for typical activities. And though this could be an issue, it rarely is one with relatively modern equipment. Most CPUs are now equipped with an onboard dedicated encryption chip that offloads the complex work of encryption from the main processor. This not only speeds up encryption operations but also relieves the CPU to use all of its computation cycles for other work. Thus, on most modern systems, full-disk encryption will not cause any noticeable delay in startup or reductions in performance or responsiveness. But do keep in mind that the full-disk encryption to be a performance sink.
Implementing full-disk encryption
The process of implementing full-disk encryption is not usually overly complex, but neither is it a completely obvious or simple process. It is important to remember that the act of converting a disk from standard or normal plaintext form into an encrypted form can render the hosted data unusable if anything goes wrong during the process. Always make a backup of all files on a storage device before attempting to implement full-disk encryption.
The first step is to determine whether you are using the native full-disk encryption feature of your operating system (such as BitLocker for Windows) or a third-party add-on product (such as TrueCrypt). If you are using the native operating system feature, you will work from the configuration app provided by the operating system. If you are installing a third-party product, follow the instructions to install the software, and then access the full-disk encryption software's configuration tools.
Second, determine which disk is to be converted into a full-disk encryption device. Be sure that everything on the disk is protected in a backup. If you are not sure about whether or not you have a recent backup, go ahead and make another backup now! The process of setting up full-disk encryption can take a significant amount of time, especially if data is already resident on the target device. It is usually possible to encrypt data in place without any consequences other than that it might take much longer. When possible, consider converting a blank storage device to a full-disk encryption device, then copy your data onto the now-encrypted disk. This is almost always the faster operation.
The third step in implementing full-disk encryption is to select the encryption algorithm, define the key, and make other configuration setting selections. Always read the documentation and instructions for your product before proceeding. It is not really possible to give specific recommendations on what you should do or select here. However, some general recommendations are:
- Select a modern encryption algorithm, such as AES (Advanced Encryption Standard), over older options.
- Select longer keys over shorter encryption keys-although longer keys could cause performance lag.
- Encryption keys should never be shorter than 128 bits for general or personal data, and at least 192 bits for corporate or organizational data.
- Consider multiple algorithms or multiple passes of encryption, but realize that these will cause noticeable performance delays on most systems.
- Always select an integrity checking method. SHA (Secure Hash Algorithm) options are preferred over MD5 (Message Digest).
- If prompted to provide user input to increase the entropy of the random number creation, provide as much as possible (some systems automatically terminate the request session after they get enough) or continue providing input long after you think it is enough (that is, spend 3 minutes instead of just 10 seconds).
- Define a long and complex master unlock password or passphrase. Be sure it is one you can remember and reproduce. If not, you will be locking yourself out of your own data.
- Consider auto-unlock and multifactor credential options if they are offered (we'll talk more about this soon).
After the setup or configuration process for applying full-disk encryption to a disk is complete, you will then need to wait until the conversion or encryption process is done before you can perform any other action. It is usually a good idea to leave the system alone until the process is complete. Attempting to use the computer for other tasks, including surfing the web, reading email, accessing documents, or playing back audio or video content, could at best delay the conversion or at worst interfere with the operation. If you happen to open a file that is in the process of being encrypted, it could cause a corruption. If you need to use the system soon, then plan on performing the full-disk encryption implementation process at a later time when you can leave the system alone for hours.
Decommissioning an encrypted device
Another important issue to keep in mind in relation to full-disk encryption is the chance that your specific encryption product might not offer a deconversion or decommissioning process. If you need to convert from a full-disk encryption device back to a plaintext device, the process might be easy or it might be complicated. The easy process would be if your encryption solution offered a decryption process. It will simply decrypt the disk with data in place, returning it to a nonencrypted state without any data loss or corruption. However, many encryption products do not offer a seamless or simple decommissioning procedure. Instead, you will have to perform your own manual reversion. Manually reverting back to a plaintext disk requires that you back up or make a copy of every file on the encrypted device to another storage device, delete the partition or volume on the encrypted device, create a new volume, format the new volume, and then copy all the data back onto the now plaintext device.
Decrypting an encrypted device
Full-disk encryption is a security technology designed to prevent unauthorized access to electronically stored data. However, that security is dependent upon the management software used, the selected algorithm, the key in use, and most importantly, the master set of credentials used to gain access to the encrypted data. Most encryption products allow the use of a password or passphrase to be used directly (or indirectly) to decrypt a disk. However, there are potentially several other options, including the use of a TPM (Trusted Platform Module, which is covered in a later discussion), a USB device, and combinations of these.
From the user's perspective, the potential means of unlocking a storage device hosting full-disk encryption can range from automatic and transparent to complex, multifactor, and multistep. The methods could include (but would not necessarily be limited to) the combinations listed here, in order from least to greatest user inconvenience:
- TPM only
- User password with TPM
- USB only
- USB with TPM
- User password with USB and TPM
The following list explores these options in depth.
- TPM only:
The easiest option from the users' perspective is to allow the system itself to automatically unlock encrypted disks upon system startup This is made possible if the computer has a motherboard that includes a TPM chip. The TPM (Trusted Platform Module) is a special chip designed for use by encryption solutions as a secure and tamper-proof storage location for encryption keys. If a full-disk encryption system is configured to use the TPM, the disk's master encryption key will be stored in the TPM. Upon startup, the TPM provides the master key to the encryption software and the disk is automatically unlocked for the user. This configuration is fully transparent to the user; however, it provides no protection in the event that the system is accessed by an unauthorized person. The only protection provided by this configuration is if the hard disk itself is the only item stolen by a hacker. Without the TPM, the disk will not be able to be unlocked by reasonable means.
The TPM is a chip that is located on a system's motherboard. However, this is not a chip found on every motherboard. It is most often found on portable devices, such as notebooks. More and more motherboards are featuring the TPM chip, so it might be found on tablets, desktops, smart phones, and servers. However, if you plan on using the TPM, be sure to consult your systems specifications to ensure that the TPM chip is actually present.
- User password with TPM:
A variation on the TPM-only method is to require a password upon startup or user logon in order to unlock the TPM. Without the password, the TPM will not disclose the master encryption key for the storage device. This is an improvement on the TPM-only process, but only in the event that the system is encountered by an unauthorized person when it is turned off or in a locked state. If the storage devices have already been unlocked, then no protection is actually being provided against an at-the-keyboard attacker.
- USB only:
This credential option requires that the user insert a USB key or other USB device when prompted in order to unlock the secured storage device. The USB device contains a file hosting the encryption key. This encryption key is loaded by the encryption software from the USB drive, then used to unlock the local storage device. If the USB key is lost, access to the disk is prohibited. An additional level of protection is gained if the file hosted on the USB key requires a password to be opened.
- USB with TPM:
This credential option requires that the user insert a USB key when prompted in order to unlock the TPM. In this case, the storage device's master encryption key is stored in the protection of the TPM. The USB key simply hosts an unlock code that is used to access the contents of the TPM. This technique is considered a more secure option than using USB only because the encryption key is not stored on a USB drive where it might be more accessible and instead is stored in the tamper-resistant TPM vault.
- User password with USB and TPM:
This credential option requires the user to insert a USB key and type in a password to unlock the TPM, which in turn unlocks the encrypted hard disk. This option requires the most of a user-a physical device and a password-but it also provides the best protection against unauthorized access, especially when the system is turned off when it is encountered by an unauthorized person.
It is always important to consider all credential options before making a decision. This is a decision you should make before starting the plaintext-to-encrypted-storage conversion process. If you don't understand the credential options, then you will not be able to make an informed decision. The options listed here are just some of the more common examples of credential sets for full-disk encryption. Read the documentation for your specific encryption software to find out what it actually offers and make your selections based on that information.
Another important consideration to think about before selecting a full-disk encryption product is what recovery options are available. A recovery option gives you the ability to regain access to an encrypted disk if you forget your master password or lose your master USB key. Often a recovery procedure uses a recovery disk built at the time of disk encryption initialization. It is used to recreate an access key for the encrypted disk. Not all encryption products offer a recovery mechanism. And even if the feature is part of your encryption product, you might choose not to set up a recovery option. The recovery process can be performed by a hacker just as easily as by the authorized user, especially if the hacker is able to steal both the encrypted disk and the recovery disk. You might consider taking a no-hope-of-recovery perspective on full-disk encryption. For full-disk encryption, if you forget your master key, you should not be able to regain access. This will also help to ensure that full-disk encryption is not treated as a backup option. Disk encryption is not a substitute for backups. If you do not configure a recovery option, a backup will be the only means by which access to the data can be regained.
Full-disk encryption vulnerabilities
Full-disk encryption provides protection for data stored on the disk, but only in specific circumstances. If the encryption uses password-only credentials, then a hacker could steal just the hard disk and have the chance of brute-force guessing the key over time, although this form of attack is highly unlikely to succeed. If the encryption uses the TPM, then both the hard disk and the motherboard must be stolen to give the hackers a chance at gaining access. Similarly, if a USB drive is involved in the credentials, then the USB drive must also be obtained by the hackers to attempt to circumvent the encryption. In these situations, full-disk encryption is likely to provide reasonable protection.
However, there are circumstances in which full-disk encryption does not provide sufficient protection-specifically, if a hacker is able to access the physical system while the computer is active. An active computer is a fully started system with a user logged on with an open and accessible desktop; it could also be a system that is locked with a screen saver, requiring a password, as well as a system in sleep mode. Sleep mode is a low power-consumption mode in which process execution is suspended but in which the contents of memory stay in RAM. In each of these active computer situations, one flaw is always present. That flaw is the fact that full-disk encryption uses a single master symmetric encryption key to encode the stored data, and that single encryption key is stored in memory in plaintext form. Attacks that are able to access and read the specific area of RAM will be able to learn the encryption key. These include DMA (direct memory access) attacks over FireWire ports as well as attacks that restart the system from a USB drive and dump the memory contents to a disk. The RAM used in a typical computer does not instantly become empty; instead, the memory-resident data decays over time. On a typical system, it could take 45 seconds for all data in RAM to dissipate. If a system is just restarted, RAM will retain its contents, allowing for a memory dump to capture everything stored there, including a full-disk encryption key. If a system cannot be restarted from a USB device, then another approach called the cold boot attack might be possible. This attack requires the RAM chips to be supercooled to slow down the rate of data decay. Often, an upside-down can of compressed air can be used to quickly reduce the temperature. The cold RAM chips can be removed and placed into a memory reader to extract the contents.
A wide range of products are available to implement full-disk encryption. These include operating system-native tools such as Windows BitLocker, Apple's FileVault, and the Linux dm-crypt+LUKS. There are also many third-party options, such as Symantec's PGP Whole Disk Encryption (a commercial product) or TrueCrypt (an open source product).