Techniques and Solutions for Storage Encryption Vittorio Giovara February 20, 2008 Contents 1 Introduction 3 1.1 Overview . 3 1.2 Basics of File Storage . 3 1.2.1 Files and Filesystem . 3 1.2.2 Disk partition . 4 1.2.3 Master Boot Record . 4 1.2.4 Loop Device . 4 1.3 Solutions . 4 2 Modern Techniques 5 2.1 Full Disk Encryption . 5 2.2 Virtual Disk Encryption . 6 2.3 Volume Encryption . 6 2.4 File/Folder Encryption . 6 2.5 Other Solutions . 6 3 Solution Analisys 8 3.1 Possible Problems . 8 3.1.1 Advantages/Disadvantages Summary . 8 3.2 Cryptoghaphic Concerns and Management . 9 3.3 Authentication Issues . 10 3.4 Selection Aspects . 10 4 Current Implementations and Benchmarks 11 4.1 TrueCrypt 5.0 . 11 4.1.1 TrueCrypt for Linux . 11 4.1.2 TrueCrypt for Windows . 11 4.1.3 TrueCrypt for Mac OS X . 11 4.2 BestCrypt . 12 4.2.1 BestCrypt for Linux . 12 4.2.2 BestCrypt for Windows . 12 4.3 Operating System Integrated Solutions . 12 4.3.1 Linux - dm-crypt . 12 4.3.2 Windows - EFS . 13 4.3.3 Mac OS X - FileVault . 13 4.4 Final Benchmarks . 13 4.4.1 Volume Encryption . 14 4.4.2 Virtual Disk Encryption . 15 4.4.3 Full Disk Encryption . 17 Bibliography 20 A Test script 21 1 List of Tables 4.1 Volume Encryption perfomance test #1 (one file from single bytes). 14 4.2 Volume Encryption perfomance test #2 (one file from blocks of 1024 bytes). 14 4.3 Volume Encryption perfomance test #3 (one file from blocks of 4096 bytes). 14 4.4 Volume Encryption perfomance test #4 (multiple files from single bytes). 15 4.5 Volume Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). 15 4.6 Volume Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). 15 4.7 Virtual Disk Encryption perfomance test #1 (one file from single bytes). 16 4.8 Virtual Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). 16 4.9 Virtual Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). 16 4.10 Virtual Disk Encryption perfomance test #4 (multiple files from single bytes). 16 4.11 Virtual Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). 17 4.12 Virtual Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). 17 4.13 Full Disk Encryption boot time test. 17 4.14 Full Disk Encryption perfomance test #1 (one file from single bytes). 17 4.15 Full Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). 18 4.16 Full Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). 18 4.17 Full Disk Encryption perfomance test #4 (multiple files from single bytes). 18 4.18 Full Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). 18 4.19 Full Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). 19 2 Chapter 1 Introduction HIS DOCUMENT WILL focus on the current theories and actual implementations of the storage encryption T technology. A brief introduction to the problem of securing data on hardware devices will be provided, along with some basics about file storage techniques, in order to fully understand the main issues. Afterwards this document will present the main solutions analizing the advantages and disadvantages of each one, taking in consideration encryption and authentication concerns. Finally some related open source programs.currently available will be showed, testing the performance impact of each adopted solution. 1.1 Overview Due to the pervasive presence of computer systems in every aspect of modern life, there has been mayor concern regarding the protection and confidenciality of data and information stored in hardware devices, such as hard disks, USB drives, portable CD/DVD and memory cards. Malicious actions can be performed in order to obtain access to sensitive data and commit identity theft, industrial secrets disclosure, fraud and privacy violation in general. To avoid unauthorized access to private information it has been suggested to adopt symmetric encryption (quickier than asymmetric encryption for large quantities of data) on such devices, making impossibile to dispose of such data without proper authentication and proper access rights. This way data is protected from unauthorized read even in case of loss of device. Encryption is very effective, as it can be applied to single files (granularly) or to the whole volume, but its introduction can cause some disadvantages, like backup problems, recovery of lost keys, operating system integration, performance impact and centralized management drawbacks. 1.2 Basics of File Storage In order to understand how the technologies for storage encryption work, it is important to have some basic knowledge about how files are stored on disk and how the operating system interacts with the filesystem. Here is presented a brief description of some of the recurring aspects in the solutions later discussed.. 1.2.1 Files and Filesystem The computer stores data into an abstract data type, called file, that allows to organize and access information according to the operating system implementation. Files are usually stored on non volatile devices for pre- serving their state even withouth power supply; such devices can be magnetic disks (very common) or flash memory (like memory cards and USB pendrives). The operating system can access files only if the disk is formatted with a filesystem; this means that the device is organized under known patterns as reported by the filesystem. It the filesystem that manages and stores file accordingly onto the device, respecting the address data of clusters and blocks of the disk, and that works as a driver for the operating system when dealing with file attributes, file types, access permission and available operations. 3 1.3 Solutions 4 1.2.2 Disk partition A disk can be formatted only if it has been properly partioned, that is, it has been logically divided in one or multiple indipendent drives. A partition is the logical container of the filesystem; if no filesystem is present the partition is “raw”and can’t be accessed by the operating system (with some exception, like the swap-space in UNIX systems). In IBM PC-compatible disks, the list of the partition is stored in the Partition Table, a 16 bytes field in the Master Boot Record; these kind of disks can hold only four primary partitions, but it’s also possibile to create one extended partition capable of holding up to 128 different partitions. The type of partition is defined in the first byte of the partition table entry (which can also contain inforrmation about the filesystem installed). 1.2.3 Master Boot Record The Master Boot Record is the first sector (512 bytes) of a partitioned data storage device, often called “Sec- tor 0”, and contains important information of the structure of the partitioned disk. In IBM-PC convention, the Master Boot Record holds the primary partition table, four 16 bytes entries, and the bootstrapping code, the code to be executed when the BIOS identifies the first active primaray disk, usually a bootloader, such as LILO or GRUB, or some operating system bootstrap instructions.. 1.2.4 Loop Device Loop devices are pseudo-devices that make files accessible as if they were actual physical disks. They can be mounted and formatted like any other storage device, with the difference that the files reside above another filesystem; normally perfomance of loop devices is slower than standard hardware devices. 1.3 Solutions As reported by [1], the most commonly found solutions for storage encryption are: • Full Disk Encryption • Virtual Disk/Volume Encryption • File/Folder Encryption Ii is possible to implement nested solution or use other available systems. The following chapter (§2) will describe the operational behaviour of each system alogn with other possibile solutions, while for a more detailed analisys, please consult §3. Sometimes Virtual Disk/Volume Encryption is referred as on-the-fly encryption because files are immedi- ately accessibile after authentication and the virtual disk is mounted with physical drive emulation. Chapter 2 Modern Techniques HIS CHAPTER WILL present the available technologies created for implementing storage enctryption in T various environment, showing the main purposes and limitations of each method. 2.1 Full Disk Encryption Full Disk Encryprion is a software based technique that ciphers the whole content of the disk, all files (in- cluding the system ones) present on the device, with a symmetric encryption algorithm (usually the Advanced Encryprion Standard). This method works by redirecting the Master Boot Record code to a Pre Boot Environment instead of the primary operating system; in the Pre Boot Environment the system loads basic drivers for Input/Output and asks the user for authentication (Pre Boot Authentication). After this passage, the computer loads and it decrypts all the files needed during bootstrap; when the operating system is loaded, the user is no more asked for authentication and every file is transparently encrypted or decrypted when it is written or read on disk respectively. Figure 2.1: Boot sequence for Full Disk Encryption (orginal image at [1]) Full disk encryption is very effective when the device is lost or when the computer is off, as there is no way for data to be disclosed without proper user authentication, but it is very weak in respect to other storage encryption solutions because when the computer is on and the operating system is loaded it doesn’t offer any kind of security or confidenciality at all.