Disk encryption software is
computer security software that protects the confidentiality of data stored on computer media (e.g., a hard disk, floppy disk, or USB device) by using
disk encryption.
Compared to access controls commonly enforced by an
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
(OS), encryption passively protects data confidentiality even when the OS is not active, for example, if data is read directly from the hardware or by a different OS. In addition crypto-shredding suppresses the need to erase the data at the end of the disk's lifecycle.
Disk encryption generally refers to wholesale encryption that operates on an entire
volume mostly transparently to the user, the system, and applications. This is generally distinguished from file-level encryption that operates by user invocation on a single file or group of files, and which requires the user to decide which specific files should be encrypted. Disk encryption usually includes all aspects of the disk, including directories, so that an adversary cannot determine content, name or size of any file. It is well suited to portable devices such as
laptop computers and
thumb drives which are particularly susceptible to being lost or stolen. If used properly, someone finding a lost device cannot penetrate actual data, or even know what files might be present.
Methods
The disk's data is protected using
symmetric cryptography
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...
with the key randomly generated when a disk's encryption is first established. This key is itself encrypted in some way using a password or pass-phrase known (ideally) only to the user. Thereafter, in order to access the disk's data, the user must supply the password to make the key available to the software. This must be done sometime after each operating system start-up before the encrypted data can be used.
Done in software,
encryption typically operates at a level between all applications and most system programs and the low-level
device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s by "transparently" (from a user's point of view) encrypting data after it is produced by a program but before it is physically written to the disk. Conversely, it decrypts data immediately after being read but before it is presented to a program. Properly done, programs are unaware of these cryptographic operations.
Some disk encryption software (e.g.,
TrueCrypt or
BestCrypt) provide features that generally cannot be accomplished with
disk hardware encryption: the ability to mount "container" files as encrypted logical disks with their own
file system
In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
; and encrypted logical "inner" volumes which are secretly hidden within the free space of the more obvious "outer" volumes. Such strategies provide
plausible deniability
Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to denial, deny knowledge of or responsibility for any damnable actions committed by members of their organizational hierarchy. Th ...
.
Well-known examples of disk encryption software include:
BitLocker for Windows;
FileVault for Apple OS/X;
LUKS a standard free software mainly for
Linux and
TrueCrypt, a non-commercial freeware application, for Windows, OS/X and Linux.
* A 2008 study found
data remanence in
dynamic random access memory
Dynamic random-access memory (dynamic RAM or DRAM) is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal-oxid ...
(DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to demonstrate a
cold boot attack
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) ...
to recover cryptographic keys for several popular disk encryption systems despite some memory degradation, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not under physical control by the computer's legitimate owner. This method of key recovery, however, is suited for controlled laboratory settings and is extremely impractical for "field" use due to the equipment and cooling systems required.
Other Features
Plausible deniability
Some disk encryption systems, such as
VeraCrypt,
CipherShed (active open source forks of the discontinued
TrueCrypt project),
BestCrypt (proprietary trialware), offers levels of
plausible deniability
Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge of or responsibility for any damnable actions committed by members of their organizational hierarchy. They may ...
, which might be useful if a user is compelled to reveal the password of an encrypted volume.
Hidden volumes
Hidden volumes are a
steganographic feature that allows a second, "hidden", volume to reside within the apparent free space of a visible "container" volume (sometimes known as "outer" volume). The hidden volume has its own separate file system, password, and encryption key distinct from the container volume.
The content of the hidden volume is encrypted and resides in the free space of the file system of the outer volume—space which would otherwise be filled with random values if the hidden volume did not exist. When the outer container is brought online thorough the disk encryption software, whether the inner or outer volume is
mounted
Mount is often used as part of the name of specific mountains, e.g. Mount Everest.
Mount or Mounts may also refer to:
Places
* Mount, Cornwall, a village in Warleggan parish, England
* Mount, Perranzabuloe, a hamlet in Perranzabuloe parish, ...
depends on the password provided. If the "normal" password/key of the outer volume proves valid, the outer volume is mounted; if the password/key of the hidden volume proves valid, then (and only then) can the existence of hidden volume even be detected, and it is mounted; otherwise if the password/key does not successfully decrypt either the inner or outer volume descriptors, then neither is mounted.
Once a hidden volume has been created inside the visible container volume, the user will store important-looking information (but which the user does not actually mind revealing) on the outer volume, whereas more sensitive information is stored within the hidden volume.
If the user is forced to reveal a password, the user can reveal the password to the outer volume, without disclosing the existence of the hidden volume. The hidden volume will not be compromised, if the user takes certain precautions in overwriting the free areas of the "host" disk.
No identifying features
Volumes, be they stored in a file or a device/partition, may intentionally not contain any discernible "signatures" or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a
pseudorandom permutation
In cryptography, a pseudorandom permutation (PRP) is a function that cannot be distinguished from a random permutation (that is, a permutation selected at random with uniform probability, from the family of all permutations on the function's domain ...
without knowing the
key, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher.
[This is a design criterion of modern ciphers; in other words, ciphers are considered broken if their output is discernible from random.]
This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume.
A file hosted volume (as opposed to partitions) may look out of place in some cases since it will be entirely random data placed in a file intentionally. However, a partition or device hosted volume will look no different from a partition or device that has been wiped with a common disk wiping tool such as
Darik's Boot and Nuke. One can plausibly claim that such a device or partition has been wiped to clear personal data.
Portable or "traveller mode" means the encryption software can be run without installation to the system hard drive. In this mode, the software typically installs a temporary
driver from the portable media. Since it is installing a driver (albeit temporarily), administrative privileges are still required.
Resizable volumes
Some disk encryption software allows encrypted volumes to be resized. Not many systems implement this fully, and resort to using "
sparse files" to achieve this.
Backups
Encrypted volumes contain "header" (or "CDB") data, which may be backed up. Overwriting these data will destroy the volume, so the ability to back them up is useful.
Restoring the backup copy of these data may reset the volume's password to what it was when the backup was taken.
See also
*
Disk encryption theory
*
Disk encryption hardware
*
Comparison of disk encryption software
*
Data remanence
Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting o ...
*
Disk encryption
Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that ...
*
On-the-fly encryption
*
Cold boot attack
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) ...
*
Single sign-on
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
True single sign-on allows the user to log in once and access services without re-enterin ...
*''
United States v. Boucher''
References
External links
*
Detailed wiki-style article on disk encryption at infoanarchy.orgInside NetBSDs CGD
- Overview of full-disk encryption, how it works, and how it differs from file-level encryption—plus an overview of leading full-disk encryption software.
{{DEFAULTSORT:Disk encryption software
Cryptographic software
Disk encryption