FACTOID # 12: It's not the government they hate: Washington DC has the highest number of hate crimes per capita in the US.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Full disk encryption

Full disk encryption (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk. The term "full disk encryption" is often used to signify that everything on a disk including the operating system is encrypted. There are also programs capable of encrypting an entire disk fully but cannot directly encrypt the system partition or boot partition of the operating system (e.g. TrueCrypt, which can fully encrypt, for example, an entire secondary hard disk). Image File history File links Please see the file description page for further information. ... On-the-fly encryption (OTFE) is a term often used when referring to disk encryption software. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ... // In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. ... An operating system (OS) is a computer program that manages the hardware and software resources of a computer. ... It has been suggested that this article or section be merged into Booting. ... TrueCrypt is a free open source on-the-fly encryption (OTFE) program for Microsoft Windows XP/2000/2003 and Linux. ...


Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption:

  1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data.
  2. With full disk encryption, the decision of which files to encrypt is not left up to users.
  3. Support for pre-boot authentication.
  4. Immediate data destruction, as simply destroying the cryptography keys renders the contained data useless. However, if security towards future attacks is a concern, file wiping or physical destruction is advised.

Contents

Swap space is the term used to describe an area of disk (e. ... A temporary file is a computer file used to store information for a short time; the file is then deleted after its use. ... Authentication (Greek: αυθεντικός = real or genuine, from authentes = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ... To meet Wikipedias quality standards, this article or section may require cleanup. ...

The boot key problem

Full disk encryption for the boot disk has the issue that you have to decrypt the blocks where the operating system is stored before you boot the OS - meaning that the key has to be available before there is a user interface to ask for a password. This also means that an attacker may be able to use the same mechanism to recover the key, rendering the encryption software useless.


Solutions include:

  • Using a TPM to do decryption, making the key inaccessible to normal software
  • Using a dongle to store the key, assuming that the user will not allow the dongle to be stolen with the laptop
  • Using a boot-time driver that can ask for a password from the user
  • Using a network interchange to recover the key, for instance as part of a PXE boot
  • Store the key in an obscure place and hope for the best

All these possibilities have varying degrees of security, but all are better than an unencrypted disk. In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification. ... A dongle is a small hardware device that connects to a computer to authenticate some piece of software. ... The PXE (Preboot eXecution Environment) as described in the specification (v2. ...


Full disk encryption vs. filesystem-level encryption

Full disk encryption does not replace filesystem-level encryption (file or directory encryption) in all situations. Because full disk encryption uses the same key for encrypting the whole disk, all data is decryptable for the operating system when it is powered on. If an attacker has physical access to the computer and it does not have any hardware protection, they can circumvent the encryption. Filesystem-level encryption, however, typically allows the use of different keys to encrypt different files, and thus an attacker cannot discover the key when the files are not in use. For this reason, full disk encryption is sometimes used in conjunction with filesystem-level encryption. Filesystem-level encryption, is a form of disk encryption where individual files or directories are encrypted by the file system, in contrast to full disk encryption where the entire partition or disk, where the file system resides, is encrypted. ... A key is a piece of information that controls the operation of a cryptography algorithm. ...


Unlike full disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata, such as the directory structure, file names, modification timestamps or sizes. Metadata (Greek meta after and Latin data information) are data that describe other data. ...


Full disk encryption and Trusted Platform Module

Trusted Platform Module is a hardware chip embedded on the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system. In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification. ...


A limited number of full disk encryption solutions have support for Trusted Platform Module (TPM). These implementations can wrap the decryption key using the TPM, thus tying the HDD to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail even if the attacker has the decryption password or token. In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification. ...


Implementations

There are multiple tools available in the market that allow for full disk encryption. However they vary greatly. They are divided into two main categories – hardware based and software based. The hardware based full disk encryption solutions are considerably faster than the software based solutions, and usually produce no overhead for the CPU or the HDD. The software based solutions, while inexpensive, create considerable overhead for the CPU depending on the type of encryption used. Wikipedia does not have an article with this exact name. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ... Wikipedia does not have an article with this exact name. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ...


A limited number of full disk encryption solutions also support TPM to tie to encrypted data to a particular platform. While the solutions that ship with HP and Dell laptops do not provide TPM enabled full disk encryption, Secude’s Secure Notebook, a software product, and Seagate Technology’s Momentus FDE.2 HDD, a hardware solution, provide TPM enabled full disk encryption. In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification. ... Seagate Technology NYSE: STX is a major manufacturer of hard drives, founded in 1979 and based in Scotts Valley, California. ...


Microsoft Windows Vista will include a form of full disk encryption by the name of BitLocker Drive Encryption. It can utilize TPM. However key recovery capabilities are limited. Windows Vista is the name of the latest release of Microsoft Windows, a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, and media centers. ... BitLockerâ„¢ Drive Encryption is a data protection feature integrated into Windows Vistaâ„¢ that provides encryption for the entire O/S volume. ...


Wave Systems, a maker of a range of trusted computing solutions, announced an agreement with Dell on December 8th to market a plug-in for the Seagate FDE drive that handles TPM key management and recovery and is interoperable with all TPMs.


Password/data recovery mechanism

Secure and safe recovery mechanism is essential to the large-scale deployment of the any FDE solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password.


Challenge/response password recovery mechanism

Challenge/Response password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of FDE solutions.


Some benefits of challenge/response password recovery:

  1. No need for the user to carry a disc with recovery encryption key.
  2. No secret data is exchanged during the recovery process.
  3. No information can be sniffed.
  4. Does not require a network connection. i.e. it works for users that are at a remote location.

External links


 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m