Cryptography Reference
In-Depth Information
FULL DISK ENCRYPTION
One option for a home user who is concerned about the security of files stored
on their desktop or laptop is to deploy
full disk encryption
, which encrypts every
bit of data contained on the computer system. Full disk encryption mechanisms
are available both in hardware and software, with hardware mechanisms typically
offering greater security and performance. Software mechanisms are easier to
centrally manage, so are often preferred in corporate environments.
Full disk encryption is particularly attractive for laptops, which are at risk of
becoming lost or stolen. The 'classical' physical attack on a stolen computer is
for an attacker to remove the disk and reinstall it on a computer for which the
attacker has administrator access.
There are two constraints which motivate the type of encryption deployed in
full disk encryption mechanisms:
Performance
. Encryption and decryption operations need to take place as fast as
possible, ideally without any apparent delay. Thus most full disk encryption
mechanisms encrypt each disk sector, which typically consist of around 512
bytes, independently.
Avoidance of storage overhead
. In order to use disk space efficiently, the
encryption operation should not result in significantly more data being stored
than would otherwise have been stored without full disk encryption.
The performance requirement means that usually only symmetric encryption
mechanisms are used. If we were to deploy a stream cipher for this purpose then
we would need to store a unique value for each disk sector in order to make
sure that the keystream used for each independent encryption was different (see
Section 4.2.2), which results in an unacceptable storage overhead. Thus block
ciphers are normally used.
Since sectors are encrypted independently and each sector is fairly small,
ECB mode is unsuitable for the reasons that we discussed in Section 4.6.1. The
other modes that we discussed in Section 4.6 all require additional sector-specific
information, such as an IV in CBC mode and a counter in CTR mode, in order
to guarantee that two identical sectors are not encrypted by the same key to the
same ciphertext. The only other option is to make this sector-specific information
predictable in some way, however, there are attacks known against some of our
previously discussed modes if this is the case. As a result, several modes of
operation of a block cipher, such as XTS mode, have been designed specifically for
applications such as disk encryption. These tend to use predictable information
such as the disk sector number and the position of a block of data within the
sector to vary the encryption process each time it is applied.
One example of a full disk encryption mechanism is
BitLocker
, which is a
feature provided by some versions of Microsoft operating systems. BitLocker
provides its security through both hardware and software mechanisms by
employing some of the functionality of the
Trusted Platform Module
(TPM) chip
