Encrypting Volumes Chapter
Total Page:16
File Type:pdf, Size:1020Kb
61417_CH09_Smith.fm Page 383 Tuesday, April 26, 2011 11:25 AM © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION ENCRYPTING VOLUMES CHAPTER © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR 9SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOTABOUT FOR SALE THIS ORCHAPTER DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In this chapter, we look at the problem of protecting an entire storage device, as opposed to protecting individual files. We look at the following: © Jones & Bartlett •Learning,Risks and policyLLC alternatives for protecting© Jones drive contents & Bartlett Learning, LLC NOT FOR SALE OR• DISTRIBUTIONBlock ciphers that achieve high securityNOT FOR SALE OR DISTRIBUTION • Block cipher encryption modes • Hardware for volume encryption • Software for volume encryption © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9.1 SecuringNOT FORa Volume SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION When we examined file systems in Section 5.1, Bob and Tina suspected that their survey report was leaked through file scavenging: Someone looked at the “hidden” places on © Jonesthe hard & Bartlettdrive. We canLearning, avoid such LLC attacks and protect everything© Jones on the hard& Bartlett drive, Learning, LLC NOTincluding FOR SALE the boot OR blocks, DISTRIBUTION directory entries, and free space, if weNOT encrypt FOR the SALE entire driveOR DISTRIBUTION volume. Note how we use the word volume here: It refers to a block of drive storage that con- tains its own file system. It may be an entire hard drive, a single drive partition, a remov- able USB drive, or any other mass storage device. If the system “sees” the volume as a © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC single random-access storage device, then we can protect it all by encrypting it all. We NOT FOR SALE ORsometimes DISTRIBUTION call this full-disk encryption (FDE)NOT because FOR we SALE often apply OR itDISTRIBUTION to hard drives, but it applies to any mass storage volume (Figure 9.1). File encryption lets us protect individual files from a strong threat. If we encrypt a particular file, then attackers aren’t likely to retrieve its contents, except in two cases. First, there is© file-scavengingJones & Bartlett problem Learning, noted previously. LLC Second, people often forget© Jones & Bartlett Learning, LLC things, and NOTfile encryption FOR SALE is a forgettable OR DISTRIBUTION task. NOT FOR SALE OR DISTRIBUTION In many cases, sensitive data is vulnerable simply because nobody bothered to encrypt it. Even when users encrypt some of their data files, it’s not likely that they have © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 383 © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 3723 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 61417_CH09_Smith.fm Page 384 Tuesday, April 26, 2011 11:25 AM © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 384 CHAPTER 9 | Encrypting Volumes © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Decrypt Encrypted Volume Encrypt © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Secret key © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTIONFigure 9.1 NOT FOR SALE OR DISTRIBUTION A hard drive volume with full-disk encryption (FDE). encrypted© Jones all of& theirBartlett sensitive Learning, files. It is challengingLLC to identify the files© atJones risk and & to Bartlett Learning, LLC rememberNOT FOR which SALE ones to OR encrypt. DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The principal benefit of encrypting a whole volume is that the encryption takes place automatically. When we plug in a removable encrypted drive or we start up the operat- ing system, the drive encryption system retrieves the volume’s encryption keys and mounts the volume. If the keys aren’t available, then the volume can’t be used. Once the © Jones & volumeBartlett is mounted,Learning, the dataLLC is encrypted and decrypted© Jones automatically. & Bartlett The user Learning, doesn’t LLC NOT FOR SALEneed to OR decide DISTRIBUTION which files to encrypt. In fact, the userNOT doesn’t FOR even SALE have the OR choice DISTRIBUTION of saving a plaintext file; everything on the volume is encrypted, including the directories and free space. Volume encryption is convenient but it does not solve every security problem. For © Jones & Bartlett Learning,example, LLC it protects Bob if the attacker© Jones physically & opensBartlett up his Learning, tower computer LLC and NOT FOR SALE OR DISTRIBUTIONconnects directly to his hard drive. DiskNOT encryption FOR SALE does notOR protect DISTRIBUTION Bob from a Trojan program that copies files to a separate, unencrypted storage device, like a USB stick. To put volume encryption in context with other security measures, we look at risks and policy trade-offs. First, we will look at risks facing an unencrypted volume. Next, we look at policy trade-offs between volume encryption, file encryption, and file-based access© Jones control. & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9.1.1 Risks To Volumes There are three general risks we address with volume encryption: © Jones & Bartlett1. Losing Learning, the storage LLC device © Jones & Bartlett Learning, LLC NOT FOR SALE2. An OR eavesdropper DISTRIBUTION that looks at the volume withoutNOT the FOR operating SALE system OR inDISTRIBUTION place 3. Discarding a hard drive or other device without wiping it © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 3723 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 61417_CH09_Smith.fm Page 385 Tuesday, April 26, 2011 11:25 AM © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9 9.1 Securing a Volume 385 Encrypting Volumes The first ©risk Jones is everyones’ & Bartlett worst-case Learning, scenario: LLCOur computer is stolen. Laptops© Jones espe- & Bartlett Learning, LLC cially seem likelyNOT toFOR “sprout SALE legs ORand walkDISTRIBUTION away.” While our first worry mightNOT be the FOR SALE OR DISTRIBUTION cost of replacing the laptop, many people also worry about identity theft. Some thieves exploit the data stored on the hard drive to masquerade as the laptop’s owner. Identity theft is a booming business, and personal computers often contain extensive financial records and lists of online passwords. © JonesThe & theft Bartlett risk poses Learning, even greater LLC problems for large organizations.© Jones A stolen & Bartlett laptop Learning, LLC NOTmay FOR contain SALE large OR databases DISTRIBUTION of sensitive information about customers.NOT FOR According SALE to OR sta- DISTRIBUTION tistics collected for the first half of 2009, there were 10 incidents in the United States where a misplaced or stolen laptop placed databases at risk. The incidents involved pri- vate companies, schools, hospitals, and government agencies at all levels. The smallest © Jones & Bartlettdata Learning, loss involved LLC 50 personal records, while© one Jones incident & involvedBartlett over Learning, a million LLC NOT FOR SALE ORrecords. DISTRIBUTION NOT FOR SALE OR DISTRIBUTION If a stolen computer contains a customer database, many companies are required legally to contact all affected customers and warn them that their customer information may have been stolen. If the database includes credit card numbers or Social Security numbers, then the company may need to provide some defense against possible identity theft. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION EAVESDROPPING The eavesdropping problem arises if we can’t always keep our drive physically safe, or under appropriate software protection. When Bob and Alice started using file encryp- tion, they decided to keep the encrypted file on a shared USB drive. Because the file was © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC encrypted, they assumed it was safe from eavesdropping. For convenience, they left it on NOTthe FOR bulletin SALE board OR in theirDISTRIBUTION suite. NOT FOR SALE OR DISTRIBUTION We still may risk eavesdropping even if we don’t share a drive on a bulletin board. If we back up the data to a separate drive, we need to physically protect the backup drive. If attackers have physical access to our computer, then we can try to protect our data by © Jones & Bartlettprotecting Learning, our Chain LLC of Control; we can disable© Jones booting &of Bartlettother drives Learning, and enable LLC file NOT FOR SALE ORprotections. DISTRIBUTION However, these defenses don’t protectNOT usFOR if the SALE attacker OR cracks DISTRIBUTION open the computer’s case. An attacker can bypass any BIOS or operating system by connecting the hard drive to a different motherboard. DISCARDED HARD DRIVES When we upgrade© Jones a computer, & Bartlett we often Learning, trade up toLLC a larger hard drive.