Encrypting stored data. Tuomas Aura T Information security technology

Save this PDF as:
Size: px
Start display at page:

Download "Encrypting stored data. Tuomas Aura T-110.4206 Information security technology"

Transcription

1 Encrypting stored data Tuomas Aura T Information security technology

2 Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications of cryptography Good examples of how difficult it is a build secure systems [Parts based on Microsoft material] 2

3 SCENARIOS

4 Lost and stolen laptops Laptops are easily lost and stolen airports, taxis, hotel rooms, restaurants, underground, national parks,... Laptops contain confidential data: business secrets confidential client data databases with customer personal information that may enable ID theft personal online banking information and passwords Laptops enable access to corporate intranets automatic and calendar access gets though network access control 4

5 Stolen and physically compromised servers Expensive server hardware is attractive to thieves Theft is not common but potential damage is high Underground market for personal data, social security numbers, credit card numbers, etc. Unauthorized insiders can physically compromise server machines Employees often have physical access to server Physical access gives attacker full control over the machine and data on its disks Can reboot to Linux from a CD / USB stick and use hacker tools to access raw data on disk 5

6 In the news Heathrow airport in London auctioned average 120 unclaimed laptops each month. * A Chicago taxi company collected 4,425 laptops in * University of California laptop with the data of 98,000 Berkeley graduates stolen in * Fidelity Investments laptop with data of 196,000 HP employees stolen in * George Mason University server containing PII of 30,000 students and employees stolen in U.S. Dept. of Veteran s Affairs lost hard drive containing personal information of veterans in * See also

7 Decommissioning hard disks Second-hand hard disks have been found to contain confidential data MIT study in 2003: only 10% of second-hand hard disks were properly sanitized * Secure decommissioning is expensive How to erase magnetic media, solid-state drives? Recycling of used computer hardware is a lowmargin business: no time for secure disk wipe Old PCs from the US are shipped to China for recycling 7

8 Cost of information loss Financial loss Legal and regulatory compliance SOX, HIPAA, GLBA FSA in UK fined Nationwide 980,000 for a stolen laptop that contained data on 11M customers * Image and credibility Organized crime ensures effective dissemination and use of the information among criminals See e.g. Team Cymru: The underground economy: priceless *

9 Data encryption Scenarios: lost and stolen laptop computers stolen servers decommissioning hard disks All can lead to disclosure of confidential data on hard disks The obvious computer security solution: encrypt data on disk But computer security is never quite so simple: Security often conflicts with usability Security often conflicts with reliability; plan for data recovery is needed System design mistakes or programming errors could compromise data 9

10 FILE ENCRYPTION

11 Simple file encryption 1. User enters passphrase 2. Passphrase hashed with a cryptographic hash function to produce a key 3. File encrypted with the key E.g. EAS in CBC mode Decryption with the same key Examples: crypt(1), GPG 1 ***** ** d70f3 619a2 09b15 SHA Our plan is. % gpg --output ciphertext.gpg --symmetric plaintext.doc Enter passphrase: 11

12 Limitations of file encryption Encrypting a file normally creates an encrypted copy; what happens to the old plaintext file? No guarantee that the plaintext is not left on the disk Word processors and other software create temporary files and backup copies Unencrypted versions and fragments of the file may be left in locations that the user does not even know about There are tools for deleting temporary files and for wiping free disk space, but none is completely reliable

13 Wiping files Deleting a file simply marks the space free but does not erase the contents Raw data is still on the disk and can be read Overwriting a file may erase the old contents but no guarantee File system may organize data in unexpected ways: backups, revision control, copy on write, journal, etc. Wiping all empty disk space by overwriting Deletes a lot of data but also no guarantee Disk drive behavior is not always controllable by the file system driver: bad blocks, write buffers in SSD Magnetic data remanence: magnetic medium may retain traces of previous contents even after overwritten 13

14 ENCRYPTING FILE SYSTEM

15 Windows encrypting file system (EFS) Encryption is a file attribute Can enable encryption for all files in a folder new files encrypted Files are readable only when the user is logged in Encryption and decryption transparent to applications Similar products exist for Unix but none in wire use 15

16 EFS key 1 Windows User Username name: Password: ********* Log on to: Domain OK Cancel Shut Down... Options << management SHA-1 1. User logs in, enters password 2. Hashed to produce key (PUAPEK) 3. Used to decrypt User s Master Key 4. Used to decrypt User s Private EFS Key 5. Used to decrypt File Encryption Key (FEK) 6. Used to encrypt on write and decrypt on read Profile Profile $EFS alternate data stream Encrypted File d70f3 619a2 09b15 2 PUAPEK RSA 3 User s DPAPI Master Key 4 User s Private EFS Key AES or 3DES 5 FEK 6 Plaintext file Our plan is. 16

17 EFS limitations Encrypts contents of specific files User password or smartcard needed for decryption System has no access to encrypted files unless user logs in Cannot index files offline without the password Backups contain encrypted files, not the plaintext When encrypting plaintext files, the original file is not wiped, just deleted; the data remains on the disk User must remember to create the file in an encrypted folder Transparent decryption e.g. when copying to a file share over network or to a FAT partition Data that is not encrypted: folder and file names temp files, earlier unencrypted versions, printer spool registry, system files and logs, (usually) page file Hibernation file may contain decryption keys 17

18 EFS and password cracking EFS security depends on the secrecy of user password Password hashes are stored in a database on the disk Password are vulnerable to brute-force attacks NT hash and older LM hash use no salt and are therefore especially vulnerable. Rainbow tables (Hellman90, Oechslin03) Attacker can boot to another OS, extract the password hashes from the disk, and crack the user password Notes: Just resetting user or admin password will not recover encrypted data on a stolen laptop Physical access allows attacker to install a root kit, log passwords, etc.

19 Password cracking in practice Security accounts management database (SAM) in Registry stores cryptographic hashes of user passwords SAM is encrypted with a locally stored system key (SYSKEY) SYSKEY is obfuscated in Registry but possible to find Breaking EFS: 1. Boot from a CD or USB drive, mount the main disk 2. Find SYSKEY, read SAM, and decrypt password hashes 3. Crack user or local admin password (requires a brute-force search) 4. Use the password to decrypt user master key and so on Example of tools for Windows XP: BackTrack is a Linux boot disk with hacker tools (backtrack-linux.org); bkhive recovers syskey; samdump2 extracts the password hashes Rainbow Tables and SAMInside are examples of commercial password crackers (rainbowtables.net, insidepro.com)

20 Trojans, root kits etc. EFS data is vulnerable to Trojans, viruses and key loggers Attacker with access to hardware can compromise OS and install a root kit Note that these are different problems than laptop theft and loss Stolen laptops are usually not returned to owner after they are compromised

21 EFS summary Encrypts single files and folders; leaves a lot of information unencrypted Requires care from user User must understand what is encrypted and what else happens to the data User must backup keys or risk data loss System cannot access encrypted files for admin tasks like backup and indexing Hibernation breaks the security Apart from hibernation, EFS would be pretty good for encrypting all files on a data disk (D:) 21

22 FULL DISK ENCRYPTION 22

23 Full disk encryption Entire disk encrypted: Protects all information on disk Easier to use correctly than EFS Products are available from various hardware and software vendors including hard disk manufacturers Password, key or physical token required to boot or to mount disk, thereafter transparent Usability and reliability issues No unsupervised reboot or wakeup In software-based products: Password must be strong enough to resist brute-force guessing Hibernation is problem need a hardware solution 23

24 Trusted platform module Trusted hardware enables some things that otherwise would be impossible Trusted platform module (TPM) is a smart-like module on the computer motherboard Holds crypto keys and platform measurements in platform configuration registers (PCR) Useful TPM operations: TMP_Seal: encrypt data in any platform configuration TPM_Unseal: decrypt the data, but only if the platform configuration is the same as when sealing

25 Windows BitLocker Full-volume encryption in Windows Uses TPM for key management Optional PIN input and/or USB dongle at boot time System volume must be NTFS, data disks can also be FAT Sealing the entire system partition: Encrypt data with a symmetric key Seal the key; store sealed key on disk; unseal when booting TPM will check the OS integrity before unsealing the key Can boot to another OS but then cannot unseal the Windows partition cannot bypass OS access controls For a stolen laptop, forces the thief to hardware attack against TPM 25

26 BitLocker partitions Windows partition contains: Volume metadata with MAC Encrypted OS Encrypted page file Encrypted temp files Encrypted data Encrypted hibernation file Encrypted Windows partition 1.5 GB Boot partition Boot partition contains: MBR OS loader Boot utilities

27 Bitlocker keys 1 Storage Root Key (SRK) inside TPM Encrypted keys in volume metadata 2 Volume Master Key (VMK) 3 Full Volume Encryption Key (FVEK) 4 Plaintext data and bring milk Separate VMK/FVEK adds flexibility how?

28 Algorithms and key sizes Storage root key (SRK) is a 2048-bit RSA key Volume master key (VMK) is a 256-bit symmetric key Full volume encrypt key (FVEK) is a 128- or 256-bit symmetric key The disk in encrypted with AES-CBC Initialization vector (IV) derived from sector number No integrity check MAC would cause data length to expand Disk sectors are pre-processed with a proprietary diffuser Makes attacks against integrity more difficult; the whole sector is encrypted as if one cipher block ( bytes)

29 Software authentication with TPM Measuring platform configuration: Module n computes hash of module n+1 and extends the hash into a platform configuration register (PCR) in TPM Module n transfers control to module n+1 At any point, PCRs contain a cumulative fingerprint (hashes) of all software loaded up to that point Sealing and unsealing data: TPM binds selected PCR values to the sealed secrets TPM unseals secrets only if these PCR values have not changed If attacker tampers with the OS, the OS cannot unseal the data Originally a DRM feature: Decrypt music only for untampered OS and media player 29

30 Secure boot with TPM Pre-OS Static OS Dynamic OS CRTM BIOS measure and load MBR load volume metadata, unseal VMK, verify MAC 1 on metadata, decrypt FVEK NTFS boot sector NTFS boot block Boot manager decrypt, verify signature and load PCRs on TPM OS loader 2 Windows 1 MAC keyed with VMK. 2 Different loaders for boot, resume etc.

31 Which PCR values are used? *PCR 00: CRTM, BIOS and Platform Extensions (PCR 01: Platform and Motherboard Configuration and Data) *PCR 02: Option ROM Code (PCR 03: Option ROM Configuration and Data) *PCR 04: Master Boot Record (MBR) Code (PCR 05: Master Boot Record (MBR) Partition Table) (PCR 06: State Transitions and Wake Events) (PCR 07: Computer-Manufacturer Specific) *PCR 08: NTFS Boot Sector *PCR 09: NTFS Boot Block *PCR 10: Boot Manager *PCR 11: BitLocker Critical Components If any of the *orange values has changed, the decryption key will not be unlocked and a recovery password is needed BitLocker keys will be unlocked during OS upgrade

32 BitLocker modes TPM only: Unsupervised boot (VMK unsealed if the PCR values correct) Attacker can boot stolen laptop but not log in security depends on OS access controls New, very attractive mode of operation enabled by TPM but see next slide! TPM and PIN: TPM requires a PIN during the secure boot TMP will be locked after a small number of incorrect PINs Attacker must break the TPM hardware TPM (and PIN) and USB dongle: Secure boot and strong keys on a physical token high security USB dongle without TPM Traditional software-based full-disk encryption; no secure boot 32

33 Secure path issues Attacker who can modify or replace the computer could spoof the PIN input, e.g. by replacing the BIOS, and capture the PIN Similarly, can capture the keys on the USB dongle This requires the attacker to have access to the computer twice: first to install the Trojan, then to use the captured PIN Inside attacker, e.g. IT support Not a problem for lost and stolen laptops and disks 33

34 Cold boot attack Laptop memory is designed for low power consumption slow refresh rate data stays in memory for seconds after power loss Data remanence in DRAM: Pull out memory from a running computer and plug it into a reader Some bits will be random but some will retain their values still helps to recover crypto keys Use cold spray or liquid nitrogen to reduce data loss Cold boot attack: Reboot into minimal hacker OS from USB stick or CD Memory power lost only for a fraction of a second during reboot memory contents almost unchanged Lessons: Breaks full-disk encryption if attacker has access to the running computer Sleeping laptop = running laptop most laptops vulnerable Breaks BitLocker in TPM-only mode even if it is powered down OS access controls, e.g. screen lock, do not stop a physical attacker 34

35 DATA REVOCERY

36 Data recovery If the decryption key is lost, encrypted files will be lost EFS: password reset tools, profile cleaning tools deleting private keys BitLocker: installing Linux boot loader, replacing the motherboard, TPM boot PIN forgotten or mistyped, moving disk to another computer good idea to backup keys

37 Data recovery in EFS Administrator or Group Policy can define a data recovery agent (DRA) FEK encrypted also with DRA public key In a domain, Domain Admin is the default DRA Standalone machine has no default DRA Backup user private key by exporting the user s EFS certificate (including the private key) Local Admin can configure a DRA on the local machine (see cipher.exe) Questions: In Win 2000, local Admin was the default DRA; why was this not a good idea? Local Admin cannot read other users encrypted files because the user password is needed to decrypt them; how can the Admin get around this? 37

38 Data recovery in EFS File encryption key (FEK) is encrypted with one or more recovery agents public keys The same mechanism is used for sharing encrypted files between users Recovery Agent s Private EFS Key User s Private EFS Key Plaintext file Our plan is. FEK File attribute Encrypted File d70f3 619a2 09b15 FEK Plaintext file Our plan is. 38

39 Data recovery in BitLocker Recovery password: User can print a 48-digit recovery password or store it on a USB stick, CD or remote disk; it is actually a 128-bit key BitLocker encrypts the VMK with the recovery password and stores it with the volume metadata (in the same way as the TMP-sealed VMK) Multiple backups of volume metadata are stored in the volume Organizational recovery policy: Windows Domain Admin can require the recovery password or keys to be uploaded to the Active Directory Installing another OS for dual boot will trigger recovery User can accept the new boot configuration after entering the recovery password

40 Exercises What secure methods are there for erasing magnetic hard drives and tapes USB stick or solid-state drives paper documents How to delete a specific file from a computer without erasing the whole disk? What security properties does GPG file encryption EFS provide that full-disk encryption does not? Why do EFS and BitLocker have so many levels of keys? Are some unnecessary? Compare the security of software-based full-disk encryption and the TPM approach against brute-force password guessing How to mitigate the risk of cold-boot attacks (both against BitLocker and more generally)? Transparent operation improves usability of data encryption, but are there risks associated with the transparency? 40

41 Online: Related reading Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys. Stallings and Brown: Computer security, principles and practice, 2008, chapter

Secure Storage. Lost Laptops

Secure Storage. Lost Laptops Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Introduction to BitLocker FVE

Introduction to BitLocker FVE Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk

More information

Disk Encryption. Aaron Howard IT Security Office

Disk Encryption. Aaron Howard IT Security Office Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

Penetration Testing Windows Vista TM BitLocker TM

Penetration Testing Windows Vista TM BitLocker TM Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy

More information

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Do standard tools meet your needs when it comes to providing security for mobile PCs and data media? Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00

More information

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live. Protect Sensitive Data Using Encryption Technologies Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored? Q: Where is the biggest

More information

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft.

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft. Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new

More information

How to Encrypt your Windows 7 SDS Machine with Bitlocker

How to Encrypt your Windows 7 SDS Machine with Bitlocker How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly

More information

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified

More information

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 I. File Encryption Basics A. Encryption replaces data within a file with ciphertext which resembles random data

More information

Mobile Device Security and Encryption Standard and Guidelines

Mobile Device Security and Encryption Standard and Guidelines Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile

More information

An Improved Trusted Full Disk Encryption Model

An Improved Trusted Full Disk Encryption Model An Improved Trusted Full Disk Encryption Model Prasenjit Das and Nirmalya Kar Department of Computer Sc. & Engineering, National Institute of Technology Agartala, India. e-mail: pj.cstech@gmail.com; nirmalya@nita.ac.in

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...

More information

Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker

Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker With kind support from David Huemer V 1.0, 2009-08-13 Benjamin Böck Security Research Lab Secure Business Austria bboeck@securityresearch.at

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

Disk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com

Disk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com Disk encryption... (not only) in Linux Milan Brož mbroz@redhat.com FDE - Full Disk Encryption FDE (Full Disk Encryption) whole disk FVE (Full Volume Encryption) just some volumes (dis)advantages? + for

More information

Windows BitLocker Drive Encryption Step-by-Step Guide

Windows BitLocker Drive Encryption Step-by-Step Guide Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

Windows 7 BitLocker Drive Encryption Security Policy For FIPS 140-2 Validation

Windows 7 BitLocker Drive Encryption Security Policy For FIPS 140-2 Validation Windows 7 BitLocker Security Policy Page 1 of 16 Windows 7 BitLocker Drive Encryption Security Policy For FIPS 140-2 Validation For Windows 7 Document version 1.0 08/31/2011 1. Table of Contents 1. TABLE

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Fall 2011 Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Table of Contents Abstract... 3 File System Encryption... 3 Windows EFS... 3 Apple FileVault... 4 Full Disk Encryption...

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Comodo Disk Encryption

Comodo Disk Encryption Comodo Disk Encryption Version 2.0 User Guide Version 2.0.122010 Versi Comodo Security Solutions 525 Washington Blvd. Jersey City, NJ 07310 Table of Contents 1.Comodo Disk Encryption Introduction... 3

More information

introducing COMPUTER ANTI FORENSIC TECHNIQUES

introducing COMPUTER ANTI FORENSIC TECHNIQUES introducing COMPUTER ANTI FORENSIC TECHNIQUES COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Executive Summary Computer Forensics, a term that precisely identifies the discipline that

More information

Microsoft Windows Server 2008: Data Protection

Microsoft Windows Server 2008: Data Protection Chapter 5 Microsoft Windows Server 2008: Data Protection Solutions in this chapter: BitLocker Active Directory Rights Management Services Authorization Summary Solutions Fast Track Frequently Asked Questions

More information

Forensic Decryption of FAT BitLocker Volumes

Forensic Decryption of FAT BitLocker Volumes Forensic Decryption of FAT BitLocker Volumes P. Shabana Subair, C. Balan (&), S. Dija, and K.L. Thomas Centre for Development of Advanced Computing, PO Box 6520, Vellayambalam, Thiruvananthapuram 695033,

More information

Guidelines on use of encryption to protect person identifiable and sensitive information

Guidelines on use of encryption to protect person identifiable and sensitive information Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted

More information

Encrypted File Systems. Don Porter CSE 506

Encrypted File Systems. Don Porter CSE 506 Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue

More information

Guide to Securing Microsoft Windows 2000 Encrypting File System

Guide to Securing Microsoft Windows 2000 Encrypting File System Report Number: C4-006R-01 Guide to Securing Microsoft Windows 2000 Encrypting File System Systems and Network Attack Center (SNAC) Authors: Graham Bucholz Harley Parkes Updated: January 2001 Version 1.0

More information

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version 0.0.0.5 http://www.wave.com ERAS v 2.8 Wave Systems Corp. 2010 Contents Contents... 2

More information

Encrypting with BitLocker for disk volumes under Windows 7

Encrypting with BitLocker for disk volumes under Windows 7 Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1

More information

Industrial Flash Storage Trends in Software and Security

Industrial Flash Storage Trends in Software and Security January 22, 2013 Industrial Flash Storage Trends in Software and Security Many flash storage devices in embedded applications are used to save data but also function as disks for the OS. Most users are

More information

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

The virtual safe: A user-focused approach to data encryption

The virtual safe: A user-focused approach to data encryption The virtual safe: A user-focused approach to data encryption Steganos GmbH, 2008 1 The hard disk: a snapshot of our lives The personal computer has never been more personal. We routinely trust it with

More information

SAS Data Set Encryption Options

SAS Data Set Encryption Options Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2

More information

SafeGuard Enterprise User help. Product version: 6.1

SafeGuard Enterprise User help. Product version: 6.1 SafeGuard Enterprise User help Product version: 6.1 Document date: January 2014 Contents 1 About SafeGuard Enterprise 6.1...3 2 SafeGuard Enterprise on Windows endpoints...5 3 Security best practices...7

More information

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1 File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New

More information

Managing Applications, Services, Folders, and Libraries

Managing Applications, Services, Folders, and Libraries Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

TPM. (Trusted Platform Module) Installation Guide V2.1

TPM. (Trusted Platform Module) Installation Guide V2.1 TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

2007 Microsoft Office System Document Encryption

2007 Microsoft Office System Document Encryption 2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft

More information

Deploying EFS: Part 2

Deploying EFS: Part 2 Deploying EFS: Part 2 John Morello You can think of any Encrypting File System (EFS) deployment as having essentially two parts: the back-end design portion focusing on certificate management and recovery

More information

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

25. DECUS München e.v. Symposium 2002 2C02. EFS / Recovery

25. DECUS München e.v. Symposium 2002 2C02. EFS / Recovery 25. DECUS München e.v. Symposium 2002 2C02 EFS / Recovery Josef Beeking Compaq Computer GmbH Overview How EFS Works Recovery Basics Windows 2000 Standalone Scenarios Windows 2000 Domain Scenarios Windows.NET

More information

PGP Whole Disk Encryption Training

PGP Whole Disk Encryption Training PGP Whole Disk Encryption Training Agenda WDE Overview Licensing Universal Server & Client Basics Installation Password Recovery OS Maintenance Support Questions 2 Whole Disk Encryption Protects against:

More information

How to enable Disk Encryption on a laptop

How to enable Disk Encryption on a laptop How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data

More information

ICT Professional Optional Programmes

ICT Professional Optional Programmes ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications

More information

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016 ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows : Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With

More information

SafeGuard Enterprise Administrator help. Product version: 6.1

SafeGuard Enterprise Administrator help. Product version: 6.1 SafeGuard Enterprise Administrator help Product version: 6.1 Document date: January 2014 Contents 1 About SafeGuard Enterprise 6.1...4 2 Security best practices...6 3 About SafeGuard Management Center...9

More information

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2 Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.

More information

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

SafeGuard Enterprise User help. Product version: 7

SafeGuard Enterprise User help. Product version: 7 SafeGuard Enterprise User help Product version: 7 Document date: December 2014 Contents 1 About SafeGuard Enterprise 7.0...5 2 SafeGuard Enterprise on Windows endpoints...7 3 Security best practices...9

More information

Enova X-Wall XO Frequently Asked Questions--FAQs

Enova X-Wall XO Frequently Asked Questions--FAQs Enova X-Wall XO Frequently Asked Questions--FAQs Q: What is X-Wall XO? A: X-Wall XO is the fourth generation product that encrypts and decrypts the entire volume of the hard drive. The entire volume includes

More information

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk. Product version: 6.1 SafeGuard Enterprise Web Helpdesk Product version: 6.1 Document date: February 2014 Contents 1 SafeGuard web-based Challenge/Response...3 2 Scope of Web Helpdesk...4 3 Installation...5 4 Allow Web Helpdesk

More information

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012 SafeGuard Easy Administrator help Product version: 6 Document date: February 2012 Contents 1 About Sophos SafeGuard (SafeGuard Easy)...4 2 Getting started...9 3 Installation...16 4 Log on to SafeGuard

More information

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A Exam A Microsoft_70-680_v2011-06-22_Kat QUESTION 1 You have a computer that runs Windows 7. The computer has a single volume. You install 15 applications and customize the environment. You complete the

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Chapter 1 Scenario 1: Acme Corporation

Chapter 1 Scenario 1: Acme Corporation Chapter 1 Scenario 1: Acme Corporation In This Chapter Description of the Customer Environment page 18 Introduction to Deploying Pointsec PC page 20 Prepare for Deployment page 21 Install Pointsec PC page

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12

2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12 USER'S GUIDE Table of contents 1 Introduction...3 1.1 What is Acronis True Image 2015?... 3 1.2 New in this version... 3 1.3 System requirements... 4 1.4 Install, update or remove Acronis True Image 2015...

More information

FAQ for USB Flash Drive

FAQ for USB Flash Drive FAQ for USB Flash Drive 1. What is a USB Flash Drive? A USB Flash Drive consists of a flash memory data storage device integrated with a USB interface. USB Flash Drives are typically removable and rewritable.

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Vendor: Microsoft Exam Code: 70-687 Exam Name: Microsoft Configuring Windows 8 Exam Version: Demo QUESTION: 1 A company has an Active Directory

More information

Practical Methods for Dealing with Full Disk Encryption. Jesse Kornblum

Practical Methods for Dealing with Full Disk Encryption. Jesse Kornblum C Y B E R S E C T O R Practical Methods for Dealing with Full Disk Encryption Jesse Kornblum Outline Introduction Types of Targets Finding Keys Tool Marks Example - BitLocker BitLocker Weakness Conclusion

More information

White Paper: Whole Disk Encryption

White Paper: Whole Disk Encryption How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................

More information

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates Introduction and Summary Secure erase SE is defined in the ATA specification

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption OVERVIEW Data is one of the most important assets within organizations, second perhaps

More information

USB Bare Metal Restore: Getting Started

USB Bare Metal Restore: Getting Started USB Bare Metal Restore: Getting Started Prerequisites Requirements for the target hardware: Must be able to boot from USB Must be on the same network as the Datto device Must be 64 bit hardware Any OSs

More information

Using the TPM: Data Protection and Storage

Using the TPM: Data Protection and Storage Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons

More information

User Manual. Copyright Rogev LTD

User Manual. Copyright Rogev LTD User Manual Copyright Rogev LTD Introduction Thank you for choosing FIXER1. This User's Guide is provided to you to familiar yourself with the program. You can find a complete list of all the program's

More information

Data At Rest Protection

Data At Rest Protection Data At Rest Protection Dell Data Protection Encryption Full Volume Encryption Whitepaper October 2011 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information