Full disk encryption

Full disk encryption (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk or disk volume. The term "full disk encryption" is often used to signify that everything on a disk, including the programs that can encrypt bootable operating system partitions, but they must still leave the MBR, and thus part of the disk, unencrypted. There are, however, hardware-based full disk encryption systems that can truly encrypt the entire boot disk, including the MBR.

Benefits

Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption:

# Nearly everything including the swap space and the temporary files is encrypted. Encrypting these files is important, as they can reveal important confidential data. With a software implementation, the bootstrapping code cannot be encrypted however. (For example, Bitlocker leaves an unencrypted volume to boot from, while the volume containing the operating system is fully encrypted.)
# With full disk encryption, the decision of which individual files to encrypt is not left up to users' discretion. This is important for situations in which users might not want or might forget to encrypt sensitive files.
# Support for pre-boot authentication.
# Immediate data destruction, as simply destroying the cryptography keys renders the contained data useless. However, if security towards future attacks is a concern, purging or physical destruction is advised.

Full disk encryption vs filesystem-level encryption

Full disk encryption does not replace file or directory encryption in all situations. Disk encryption is sometimes used in conjunction with filesystem-level encryption with the intention of providing a more secure implementation. Since disk encryption generally uses the same key for encrypting the whole volume, all data are decryptable when the system runs. However, some FDE solutions uses multiple keys for encrypting different partitions. If an attacker gains access to the computer at run-time, he has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.

Unlike full disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata, such as the directory structure, file names, modification timestamps or sizes.

Full disk encryption and Trusted Platform Module

Trusted Platform Module (TPM) is a secure cryptoprocessor embedded in the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.

A limited number of full disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying the hard disk drive (HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will in theory fail even if the attacker has the decryption password or token.

Although this has the advantage that the disk cannot be removed from the device, it might create a single point of failure in the encryption. For example, if something happens to the TPM or the motherboard, you might not be able to access your data simply by connecting the hard drive to another computer, unless you also have a separate recovery key.

Implementations

There are multiple tools available in the market that allow for full disk encryption. However they vary greatly in features and security. They are divided into two main categories: hardware-based and software-based. The Hardware-based Full Disk Encryption solutions are considerably faster than the software-based solutions, and usually produce no overhead for the CPU or the hard disk drive. Hardware-based Full Disk Encryption without some form of user authentication provides absolutely no protection of data. Currently there are two solutions providing Pre-Boot Authentication for Hardware-based Full Disk Encryption and a BIOS or ATA password can provide basic access control.

A limited number of full disk encryption solutions also support TPM to tie to encrypted data to a particular platform.

Microsoft Windows Vista and Windows Server 2008 include a form of full disk encryption by the name of BitLocker Drive Encryption that can utilize TPM.

Password/data recovery mechanism

Secure and safe recovery mechanisms are essential to the large-scale deployment of any FDE solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password.

Challenge/response password recovery mechanism

Challenge/Response password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of FDE solutions.

Some benefits of challenge/response password recovery:

# No need for the user to carry a disc with recovery encryption key.
# No secret data is exchanged during the recovery process.
# No information can be sniffed.
# Does not require a network connection, i.e. it works for users that are at a remote location.

Emergency Recovery Information (ERI) file password recovery mechanism

An Emergency Recovery Information (ERI) file provides an alternative for recovery if a challenge response mechanism is unfeasible due to the cost of helpdesk operatives for small companies or implementation challenges.

Some benefits of ERI file recovery:

# Small companies can use it without implementation difficulties
# No secret data is exchanged during the recovery process.
# No information can be sniffed.
# Does not require a network connection, i.e. it works for users that are at a remote location.

ecurity Concerns

Most full disk encryption schemes are vulnerable to a cold boot attack, whereby encryption keys can be stolen by cold-booting a machine already running an operating system, then dumping the contents of memory before the data disappears. The attack relies on the data remanence property of computer memory, whereby data bits can take up to several minutes to degrade after power has been removed.cite paper|url=http://citp.princeton.edu/memory/|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten|publisher=Princeton University|date=2008-02-21|accessdate=2008-02-22] [cite paper|url=http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm|title=Don't Panic - Cold Boot Reality Check|publisher=Secude|date=2008-02-21|accessdate=2008-02-22] Even a Trusted Platform Module (TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.

The boot key problem

One issue to address in full disk encryption is that the blocks where the operating system is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is a user interface to ask for a password. Most Full Disk Encryption solutions utilize Pre-Boot Authentication by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such as BitLocker Drive Encryption can make use of hardware such as a Trusted Platform Module to ensure the integrity of the boot environment This ensures that authentication can take place in a controlled environment without the possibility of a known operating system vulnerability being used to bypass the encryption.

With a Pre-Boot Authentication environment, the key used to encrypt the data is not decrypted until an external key is input into the system.

Solutions for storing the external key include:

* Username / password
* Using a smartcard in combination with a PIN
* Using a biometric authentication method such as a fingerprint
* Using a dongle to store the key, assuming that the user will not allow the dongle to be stolen with the laptop or that the dongle is encrypted as well.
* Using a boot-time driver that can ask for a password from the user
* Using a network interchange to recover the key, for instance as part of a PXE boot
* Using a TPM to store the decryption key, preventing unauthorized access of the decryption key
* Use a combination of the above

All these possibilities have varying degrees of security, however most are better than an unencrypted disk.

ee also

*Disk encryption hardware
*Disk encryption software
*Digital forensics
*Single sign-on
*"United States v. Boucher"

References

Further reading

*cite journal |last=Casey |first=Eoghan |authorlink= |coauthors=Stellatos, Gerasimos J. |year=2008 |month= |title=The impact of full disk encryption on digital forensics |journal=Operating Systems Review |volume=42 |issue=3 |pages=93–98 |doi=10.1145/1368506.1368519 |url= |accessdate= |quote=

External links

* [http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf Presidential Mandate requiring data encryption on US government agency laptops]
* [http://www.full-disk-encryption.net/Full_Disc_Encryption.html List of full disk encryption products]
* [http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250 Benchmark (performance impact) of various FDE Solutions]
* [http://security-basics.blogspot.com/2007/01/introduction-to-full-disk-encryption.html Introduction to Full Disk Encryption]
* [http://otfedb.sdean12.org/ On-The-Fly Encryption: A Comparison] - Reviews and lists the different features of many disk encryption systems