Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption usesdisk encryption software orhardware toencrypt everybit ofdata that goes on adisk or diskvolume. It is used to prevent unauthorized access to data storage.[1]
The expressionfull disk encryption (FDE) (orwhole disk encryption) signifies that everything on the disk is encrypted, but themaster boot record (MBR), or similar area of a bootable disk, with code that starts theoperating system loading sequence, is not encrypted. Somehardware-based full disk encryption systems can truly encrypt an entireboot disk, including the MBR.
Transparent encryption, also known asreal-time encryption andon-the-fly encryption (OTFE), is a method used by somedisk encryption software. "Transparent" refers to the fact that data is automaticallyencrypted or decrypted as it is loaded or saved.
With transparent encryption, the files are accessible immediately after thekey is provided, and the entirevolume is typicallymounted as if it were a physical drive, making the files just as accessible as any unencrypted ones. No data stored on an encrypted volume can be read (decrypted) without using the correctpassword/keyfile(s) or correctencryption keys. The entirefile system within the volume is encrypted (including file names, folder names, file contents, and othermeta-data).[2]
To betransparent to the end-user, transparent encryption usually requires the use ofdevice drivers to enable theencryption process. Althoughadministrator access rights are normally required to install such drivers, encrypted volumes can typically be used by normal users without these rights.[3]
In general, every method in which data is seamlessly encrypted on write and decrypted on read, in such a way that the user and/orapplication software remains unaware of the process, can be called transparent encryption.
Disk encryption does not replace file encryption in all situations. Disk encryption is sometimes used in conjunction withfilesystem-level encryption with the intention of providing a more secure implementation. Since disk encryption generally uses the same key for encrypting the whole drive, all of the data can be decrypted when the system runs. However, some disk encryption solutions use multiple keys for encrypting different volumes. If an attacker gains access to the computer at run-time, the attacker has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.
Unlike disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata, such as the directory structure, file names, modificationtimestamps or sizes.
Trusted Platform Module (TPM) is asecure cryptoprocessor embedded in themotherboard that can be used toauthenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platformauthentication. It can be used to verify that the system seeking the access is the expected system.[4]
A limited number of disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying thehard disk drive (HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail. Recovery is possible with the decryptionpassword ortoken. The TPM can impose a limit on decryption attempts per unit time, making brute-forcing harder. The TPM itself is intended to be impossible to duplicate, so that the brute-force limit is not trivially bypassed.[5]
Although this has the advantage that the disk cannot be removed from the device, it might create asingle point of failure in the encryption. For example, if something happens to the TPM or themotherboard, a user would not be able to access the data by connecting the hard drive to another computer, unless that user has a separate recovery key.
There are multiple tools available in the market that allow for disk encryption. However, they vary greatly in features and security. They are divided into three main categories:software-based, hardware-based within the storage device, and hardware-based elsewhere (such asCPU orhost bus adaptor).Hardware-based full disk encryption within the storage device are called self-encrypting drives and have no impact on performance whatsoever. Furthermore, the media-encryption key never leaves the device itself and is therefore not available to any malware in the operating system.
TheTrusted Computing GroupOpal Storage Specification provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions, although CPU versions may still have a performance impact[clarification needed], and the media encryption keys are not as well protected.
There are other (non-TCGA/OPAL based) self-encrypted drives (SED) that don't have the known vulnerabilities of the TCG/OPAL based drives (see section below).[6] They are Host/OS and BIOS independent and don't rely on the TPM module or the motherboard BIOS, and their Encryption Key never leaves the crypto-boundary of the drive.
All solutions for the boot drive require apre-boot authentication component which is available for all types of solutions from a number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since thesymmetric cryptography is usually strong.[clarification needed]
Secure and safe recovery mechanisms are essential to the large-scale deployment of any disk encryption solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password.
Challenge–response password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of disk encryption solutions.
Some benefits of challenge–response password recovery:
An emergency recovery information (ERI) file provides an alternative for recovery if a challenge–response mechanism is unfeasible due to the cost of helpdesk operatives for small companies or implementation challenges.
Some benefits of ERI-file recovery:
Most full disk encryption schemes are vulnerable to acold boot attack, whereby encryptionkeys can be stolen bycold-booting a machine already running anoperating system, then dumping the contents ofmemory before the data disappears. The attack relies on thedata remanence property ofcomputer memory, whereby databits can take up to several minutes to degrade after power has been removed.[7] Even aTrusted Platform Module (TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.[7]
Full disk encryption is also vulnerable when a computer is stolen when suspended. As wake-up does not involve aBIOS boot sequence, it typically does not ask for the FDE password. Hibernation, in contrast goes via a BIOS boot sequence, and is safe.
All software-based encryption systems are vulnerable to variousside channel attacks such asacoustic cryptanalysis andhardware keyloggers. In contrast, self-encrypting drives are not vulnerable to these attacks since the hardware encryption key never leaves thedisk controller.
Also, most full disk encryption schemes don't protect from data tampering (or silentdata corruption, i.e.bitrot).[8] That means they only provide privacy, but not integrity.Block cipher-based encryption modes used for full disk encryption are notauthenticated encryption themselves because of concerns of the storage overhead needed for authentication tags. Thus, if data on the disk were tampered with, the data would be decrypted to garbled random data when read and hopefully errors may be indicated depending on which data is tampered with (for the case of OS metadata – by the file system; and for the case of file data – by the corresponding program that would process the file). One of the ways to mitigate these concerns, is to use file systems with fulldata integrity checks viachecksums (likeBtrfs orZFS) on top of full disk encryption. However,cryptsetup started experimentally to supportauthenticated encryption[9]
Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of disk encryption:
One issue to address in full disk encryption is that the blocks where theoperating system is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is auser interface to ask for a password. Most Full Disk Encryption solutions utilizePre-Boot Authentication by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such asBitLocker Drive Encryption can make use of hardware such as a Trusted Platform Module to ensure the integrity of the boot environment, and thereby frustrate attacks thattarget the boot loader by replacing it with a modified version. This ensures that authentication can take place in a controlled environment without the possibility of a bootkit being used to subvert the pre-boot decryption.
With apre-boot authentication environment, the key used to encrypt the data is not decrypted until an external key is input into the system.
Solutions for storing the external key include:
All these possibilities have varying degrees of security; however, most are better than an unencrypted disk.
{{cite web}}: CS1 maint: multiple names: authors list (link)