The virtual safe: A user-focused approach to data encryption



Similar documents
Kaspersky Lab s Full Disk Encryption Technology

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

10 steps to better secure your Mac laptop from physical data theft

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker

White Paper: Whole Disk Encryption

Enterprise Information Security Procedures

ABERDARE COMMUNITY SCHOOL

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Encrypted File Systems. Don Porter CSE 506

Aegis Padlock for business

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Encryption Buyers Guide

Using Mac OS X 10.7 Filevault with Centrify DirectControl

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

A practical guide to IT security

Disk Encryption. Aaron Howard IT Security Office

How to enable Disk Encryption on a laptop

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Secure Storage. Lost Laptops

USB Portable Storage Device: Security Problem Definition Summary

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

How Drive Encryption Works

Managing BitLocker Encryption

How Endpoint Encryption Works

Management of Hardware Passwords in Think PCs.

10 Quick Tips to Mobile Security

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

Introduction to BitLocker FVE

SecureAge SecureDs Data Breach Prevention Solution

HP ProtectTools User Guide

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

ScoMIS Encryption Service

The True Story of Data-At-Rest Encryption & the Cloud

ENISA s ten security awareness good practices July 09

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Managing BitLocker With SafeGuard Enterprise

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Nine Steps to Smart Security for Small Businesses

IT Security. Muscat 15+ ABOUT US IN A GLANCE

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Desktop and Laptop Security Policy

Enova X-Wall LX Frequently Asked Questions

Samsung SED Security in Collaboration with Wave Systems

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Secure USB Flash Drive. Biometric & Professional Drives

Data Access Request Service

Computer Backup Strategies

USB Portable Storage Device: Security Problem Definition Summary

Navigating Endpoint Encryption Technologies

Certified Secure Computer User

C6 Easy Imaging Total Computer Backup. Frequently Asked Questions

Guideline to Back Up Your Computer And Important Files

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

BitLocker Encryption for non-tpm laptops

McAfee Endpoint Encryption (SafeBoot) User Documentation

FDE Performance Comparison. Hardware Versus Software Full Drive Encryption

Spring Hill State Bank Mobile Banking FAQs

Certified Secure Computer User

endpoint Antivirus Application Control Removable Device Encryption enjoy Data protection

DATA AND PAYMENT SECURITY PART 1

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

SafeGuard Enterprise User help. Product version: 7

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

Comodo Disk Encryption

HP ProtectTools Windows Mobile

Sticky Password 7. Sticky Password 7 is the latest, most advanced, portable, cross platform version of the powerful yet

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

Guidelines on use of encryption to protect person identifiable and sensitive information

How-To Guide: Cyber Security. Content Provided by

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Keeping Data Safe. Patients, Research Subjects, and You

Installing ModelRisk on Macintosh A quick start guide. Vose Software

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

ICTN Enterprise Database Security Issues and Solutions

PGP Whole Disk Encryption Training

USER MANUAL. v Windows Client January

Information Security

MAXIMUM PROTECTION, MINIMUM DOWNTIME

Transcription:

The virtual safe: A user-focused approach to data encryption Steganos GmbH, 2008 1

The hard disk: a snapshot of our lives The personal computer has never been more personal. We routinely trust it with private correspondence, diary entries, emails, all sorts of addresses, the household budget and holiday photographs. We use it to shop, seek health advice, and manage our savings, while the more creative among us use it to write poetry, compose music or paint pictures. It could be said that our hard drive provides a unique portrait of our most private personal lives. And when computers are lost or stolen, people feel that privacy has been violated. Insurance companies can recompense people for the loss of their hardware, but nothing can be done to ease the worry about who is reading our personal information. And as identity theft competes to become Europe s fastest-growing crime, the loss of such data can have serious financial implications far outweighing any embarrassment caused by last year s holiday photos. Of course, businesses face stiff penalties for losing customer data. Far worse than any fines imposed, however, is the damage to a company s reputation if it cannot adequately protect the information that customers entrust to it. Business today requires data to move, sometimes on laptops or USB keys between buildings, but by using encryption companies can ensure data remains secure, wherever it goes. Encryption: an impenetrable defence against data loss Encryption is more than password protection: it means that the data itself is scrambled and can only be deciphered by an authorised user who has the correct encryption key (either a password or a physical device). If encrypted data falls into the wrong hands, that data will still be protected as long as the encryption key remains secret. The US Department of Defense considers the Advanced Encryption Standard (AES) with 256-bit keys to be good enough to protect Top Secret data, and AES is now available to everyone through a range of affordable off-the-shelf products. Full-disk encryption Some businesses have responded to the threat of data leakage by introducing full-disk encryption. This protects all files on a specified drive, automatically decrypting data as is it loaded from the drive and encrypting it as it is saved. Products that enable full-disk encryption include BitLocker, incorporated in some versions of Windows Vista, and FileVault, a feature of Apple s Mac OS X operating system. However, recent research 1 has found that full-disk encryption systems are flawed. Researchers have managed to recover encryption keys from memory by powering the machine off and on again, and 1 Lest We Remember: Cold Boot Attacks on Encryption Keys, by J. Alex Halderman et al, 21 February 2008. See http://citp.princeton.edu/memory Steganos GmbH, 2008 2

booting software that copies the memory before it is overwritten. Researchers have also shown that DRAM chips can be chilled to increase the length of time they store data after the power is switched off. This enables the chips to be removed to another machine, where the temporary data held in them - including encryption keys - can be recovered. Computers are particularly vulnerable when the screens are locked or the computer is asleep, because they are likely to be unattended and the encryption key will be stored in memory. The researchers note that BitLocker loads encryption keys into RAM when the machine is booted, making them potentially vulnerable even before the user has been authenticated using a user ID and password. Another problem is that, as the name suggests, full-disk encryption encrypts the entire disk, so it slows down the computer s operation. All disk access must go through the encryption routine, including the reading and writing of any temporary and operating system files. This can result in a frustrating user experience, and could have a significant impact on productivity if deployed across an entire business. Full-disk encryption depends on two false assumptions: firstly, that all data on a computer should enjoy the same level of encryption and that users are prepared to trade PC performance for this; and secondly, that somebody with legitimate access to a computer is authorised to access all data on it. The approach is focused on hardware, instead of on data or the user. File-based encryption Instead of encrypting the whole disk, a more selective approach is required. File-based encryption software enables users to choose exactly which files should be encrypted, so no time is lost needlessly scrambling trivial data. The computer performs at full speed, and the encryption operation is separated from the process of creating and editing files. File- and folder-based encryption software can be used with other targeted tools to remove traces of work or web activity, such as temporary files and website cookies. Dedicated software can be used to encrypt browser favourites and email, ensuring that comprehensive protection is available for sensitive data without every disk access needing to be encrypted. By securing data at the file level, it is easier to determine different access privileges for users. People can share the same machine without having equal access to all the data on it - particularly valuable in a small business or family environment where computers are shared and sensitive data needs to be restricted (whether that is payroll data at work or Christmas shopping lists at home). File-based encryption is device-independent too, which means any backup of the data will also be encrypted without the need for additional hardware or software. Any copies of the data in transit - for example, on USB keys - will be as well protected in the event of loss as the master file on the PC. Research shows that when users are prompted to enter a password to access specific data, they are more likely to understand and respect the confidentiality of that data. While disk-based encryption works invisibly in the background, file- based encryption prompts users to provide the encryption key when data is accessed that requires higher security. As a result, users can more easily understand Steganos GmbH, 2008 3

which files are restricted. By focusing on the data, file-based encryption enables greater control over which files are protected and which are not. That in turn allows users to strike the optimal balance between security and computer performance. It does, however, require a considerable amount of manual intervention in the encry ption process from users who will often have higher priorities, particularly in the work environment. The Virtual Safe: A user-focused approach to comprehensive encryption The virtual safe, as used in the Steganos Safe suite of encryption utilities, combines the best of diskbased and file-based encryption, without demanding any of the compromises. It is focused on what users require: an easy way to encrypt all data relating to specific activities or jobs, without the consequences of the poor performance associated with encrypting everything unnecessarily. The virtual safe uses the familiar metaphor of a bank vault: once files have been placed in the safe, they are protected from unauthorised access. Users can work on their files within the safe, however, with files being automatically decrypted when required and re-encrypted again when the user has finished working with them. Temporary files, from which remnants of a document might otherwise be salvaged, are also encrypted. Once the user has opened the safe, he or she can work on the files within it without having to repeatedly enter security credentials for each file. As with a physical safe or bank vault, users can use a physical key to unlock a virtual safe. Rather than having to remember a password, users can store the encryption key on a USB stick, ActiveSync-enabled SmartPhone, PDA, memory card, digital camera, or ipod. This gives users confidence that they can use strong encryption keys, which might otherwise prove difficult to remember. The benefits of encryption are undermined when users pick easily guessable passwords to protect data. The vulnerabilities associated with full-disk encryption are not present in Steganos Safe. The key is not stored on the machine until it is entered by the user. If a safe or the Steganos Safe application is closed manually or automatically, the keys are erased and overwritten in memory. To avoid passwords being extracted when the PC is locked, sleeping or hibernating, Steganos Safe includes an option to automatically close the safe if any of those events occur. Legitimate access to the machine does not imply the user is authorised to access the safe contents. Users are required to enter the key whenever they want to access data in a safe, so the safe provides an additional layer of security beyond using an ID and password to log on. The protection of data stored in a safe is not limited to a particular device: backups will be as well protected as the source data, without any need for special backup or additional encryption software. Users who share the same machine can share access to a safe, or set up separate encrypted safes on the drive for protecting their work. Steganos Safe includes Steganos Portable Safe for transporting data securely on USB keys. While many file-based encryption products will require the full encryption software application to be installed on any machine where the data is to be decrypted, Steganos Portable Safe stores all software necessary for extracting data on the USB key. Steganos GmbH, 2008 4

For sensitive environments, such as the accounts department at a small business, it is possible to use Steganos Application Safe to encrypt all data created by a specific application, including temporary files. This provides a compromise between full-disk encryption and file-based encryption, which ensures all files of a specific type are automatically protected. While some files will inevitably end up being unnecessarily encrypted, they will be limited to potentially sensitive applications and will not include trivial operating system elements. Conclusion Encryption is an essential tool for protecting privacy in an age when so much of our lives is stored digitally - and when the storage medium could fall into the wrong hands at any time. The virtual safe provides the ease of use of full-disk encryption without any of the accompanying security or data portability flaws, but with the speed and flexibility of file-based encryption. Steganos provides a full range of PC security and encryption software, ranging from the freeware Steganos Safe One, through the consumer application Steganos Safe, to the business suites Steganos Safe Professional and Steganos ApplicationSafe. For more information on all these encryption products, and free trial versions, visit www.steganos.com. About Steganos Since 1996, Steganos has been providing highly secure and user friendly solutions that secure static data and online communications. More than two million users worldwide already depend on Steganos software. Innovations such as the world s first commercial steganography software (which hides data in pictures and music), or the first encryption software to use the Advanced Encryption Standard (AES), have made Steganos one of the market leaders for consumer encryption software. Steganos products are regularly recognized with national and international press awards and the Steganos brand is synonymous with protecting sensitive data. Steganos GmbH Wildunger Straße 6 60487 Frankfurt Germany Phone: +49 (69) 71 91 82-0 Fax: +49 (69) 71 91 82-11 E-mail: info@steganos.com Web: www.steganos.com Steganos GmbH, 2008 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information