http://wiki.cas.mcmaster.ca/index.php?feed=atom&target=Shellya&title=Special%3AContributionsComputing and Software Wiki - User contributions [en]2026-04-06T05:01:49ZFrom Computing and Software WikiMediaWiki 1.15.1http://wiki.cas.mcmaster.ca/index.php/User:ShellyaUser:Shellya2009-04-11T01:01:27Z<p>Shellya: New page: Coolest guy in the world, bar none.</p>
<hr />
<div>Coolest guy in the world, bar none.</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:55:36Z<p>Shellya: final edit i hope so</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
:''Main article: [http://en.wikipedia.org/wiki/Encryption Encryption]''<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://en.wikipedia.org/wiki/TrueCrypt TrueCrypt] and [http://en.wikipedia.org/wiki/FreeOTFE FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison of Implementations ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Corporate Security and IT Policies]]<br />
* [[Cryptography in Information Security]]<br />
* [[Information security awareness|Information Security Awareness]]<br />
* [[Personal Data Protection and Privacy]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 20:55, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:47:44Z<p>Shellya: /* Software Implementation */ changed the truecrypt and freeotfe links to point to wikipedia. i have the official sites in the external links section.</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
:''Main article: [http://en.wikipedia.org/wiki/Encryption Encryption]''<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://en.wikipedia.org/wiki/TrueCrypt TrueCrypt] and [http://en.wikipedia.org/wiki/FreeOTFE FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison of Implementations ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Corporate Security and IT Policies]]<br />
* [[Cryptography in Information Security]]<br />
* [[Information security awareness|Information Security Awareness]]<br />
* [[Personal Data Protection and Privacy]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:45:56Z<p>Shellya: /* Comparison */</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
:''Main article: [http://en.wikipedia.org/wiki/Encryption Encryption]''<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison of Implementations ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Corporate Security and IT Policies]]<br />
* [[Cryptography in Information Security]]<br />
* [[Information security awareness|Information Security Awareness]]<br />
* [[Personal Data Protection and Privacy]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:41:54Z<p>Shellya: /* Data Encryption */ added a main article link</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
:''Main article: [http://en.wikipedia.org/wiki/Encryption Encryption]''<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Corporate Security and IT Policies]]<br />
* [[Cryptography in Information Security]]<br />
* [[Information security awareness|Information Security Awareness]]<br />
* [[Personal Data Protection and Privacy]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:36:25Z<p>Shellya: /* See Also */ added some more links</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Corporate Security and IT Policies]]<br />
* [[Cryptography in Information Security]]<br />
* [[Information security awareness|Information Security Awareness]]<br />
* [[Personal Data Protection and Privacy]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:33:04Z<p>Shellya: /* Disadvantages */</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given. This weakens the case for plausible deniability of encrypted data.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:32:25Z<p>Shellya: /* Advantages */ added another one</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
* A combination of both implementations can be used to preserve plausible deniability on a device that encrypts the data itself. Since the hardware encrypts all data written to it, there is no way to deny that there is encrypted data on the drive. The software can be used to implement the security techniques discussed above to preserve plausible deniability.<br />
<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:29:12Z<p>Shellya: /* Disadvantages */ added another disadvantage</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
* Hardware implementations encrypt the entire disk, no option is given.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:25:41Z<p>Shellya: now am i finished?</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[6]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[7]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
[7] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:22:13Z<p>Shellya: </p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data.]]<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:hdd_external_input.jpg|frame|A hard disk drive that requires the user to unlock the encryption key before use.]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[6]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/File:Hdd_external_input.jpgFile:Hdd external input.jpg2009-04-11T00:17:51Z<p>Shellya: </p>
<hr />
<div></div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-11T00:08:52Z<p>Shellya: finished?</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive. The key can be physically inputted to the housing in the case of a portable storage device (if such input is allowed), or simply entered when the volume is mounted.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in the MAC OS and Windows Vista operating systems<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE ('''Free''' '''O'''n '''T'''he '''F'''ly '''E'''ncryption)] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software to keep data secure.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
== Comparison ==<br />
=== Advantages ===<br />
* Having the encryption technology on the actual device removes the requirement of having the CPU perform the calculations for the encryption process.<br />
* The software implementation allows for flexibility in the way volumes, entire disks, or single files may be encrypted.<br />
* By having the encryption technology as part of the housing for a portable storage device, the actual physical hard drive within is a regular hard drive and can be switched for other compatible hard drives.<br />
* Some implementations completely wipe all encrypted data after a certain number of failed attempts to unlock the information. This is useful when dealing with highly sensitive data.<br />
=== Disadvantages ===<br />
* The cost of storage devices that encrypt data themselves is higher than storage devices that do not. This may be an issue for home/casual use.<br />
* Proper benchmarking has not been performed yet on hard drives that take care of the encryption process<sup>[6]</sup>.<br />
* If the user loses their key to the data, the data is lost.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T23:50:24Z<p>Shellya: /* Identifying Marks */ added in words.</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in MAC OSX and Windows Vista<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
<br />
===== Identifying Features =====<br />
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.<br />
<br />
=== Advantages ===<br />
* Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.<br />
=== Disadvantages ===<br />
* The cost of these storage devices is significantly higher than storage devices that do not perform encryption.<br />
* Proper benchmarking has not been performed yet<sup>[6]</sup>.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T23:44:45Z<p>Shellya: /* Hidden Volumes */ added a single sentence</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in MAC OSX and Windows Vista<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
This is a feature that adds to the security of plausible deniability. A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
<br />
===== Identifying Marks =====<br />
=== Advantages ===<br />
* Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.<br />
=== Disadvantages ===<br />
* The cost of these storage devices is significantly higher than storage devices that do not perform encryption.<br />
* Proper benchmarking has not been performed yet<sup>[6]</sup>.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T23:40:24Z<p>Shellya: /* Data Encryption */ edit of some english.</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in MAC OSX and Windows Vista<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Marks =====<br />
=== Advantages ===<br />
* Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.<br />
=== Disadvantages ===<br />
* The cost of these storage devices is significantly higher than storage devices that do not perform encryption.<br />
* Proper benchmarking has not been performed yet<sup>[6]</sup>.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T23:39:35Z<p>Shellya: </p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data was encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The standards were established by the [https://www.trustedcomputinggroup.org/groups/storage Trusted Computing Group (TCG)] and are outlined as follows<sup>[5]</sup>:<br />
* The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.<br />
* The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.<br />
* The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.<br />
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.<br />
=== Software Implementation ===<br />
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in MAC OSX and Windows Vista<sup>[7]</sup>. Additionally, free implementations are available, [http://www.truecrypt.org TrueCrypt] and [http://www.freeotfe.org FreeOTFE] are two examples of this.<br />
==== Security Techniques ====<br />
Some or all of the following techniques may be employed by encryption software.<br />
===== Plausible Deniability =====<br />
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. [http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography Plausible deniability] may even be extended to further levels for added security.<br />
===== Hidden Volumes =====<br />
A hidden volume is a [[Steganography and Digital Watermarking|steganographic]] feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.<br />
===== Identifying Marks =====<br />
=== Advantages ===<br />
* Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.<br />
=== Disadvantages ===<br />
* The cost of these storage devices is significantly higher than storage devices that do not perform encryption.<br />
* Proper benchmarking has not been performed yet<sup>[6]</sup>.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Cryptography in Information Security]]<br />
* [[Security and Storage Mediums]]<br />
* [[Steganography and Digital Watermarking]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
* [https://www.trustedcomputinggroup.org/groups/storage/ Trusted Computing Group]<br />
* [http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125.html ''Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested '']<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T22:52:15Z<p>Shellya: </p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data was encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or different software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>. The location of technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.<br />
==== Advantages ====<br />
* Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.<br />
* <br />
==== Disadvantages ====<br />
* The cost of these storage devices is significantly higher than storage devices that do not perform encryption.<br />
* Proper benchmarking has not been performed yet<sup>[6]</sup>.<br />
=== Software Implementation ===<br />
Software encryption is offered natively in MAC OSX and Windows Vista<sup>[7]</sup>. <br />
==== Advantages ====<br />
Obviously.<br />
==== Disadvantages ====<br />
Obviously.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Security and Storage Mediums]]<br />
* [[Cryptography in Information Security]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/158775/encrypted_drives.html ''Encrypted Drives Keep Your Files Safe'']<br />
<br />
[7] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T22:16:39Z<p>Shellya: moving stuff around, got rid of the section on storage mediums because there's an entire page dedicated to that crap</p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data was encrypted before being written, the data is still protected unless the key is known. With the theft/loss of hard drive with personal data becoming an issue<sup>[3]</sup>, the encryption of storage devices becomes an attractive way to avoid such issues.<br />
<br />
== Implementations ==<br />
Data can be encrypted through encryption technology built into the storage medium, or different software that encrypts data before writing it.<br />
=== Hardware Implementation ===<br />
[[Image:usb_key.jpg|frame|A USB flash drive that encrypts and stores data]]<br />
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008<sup>[4]</sup> but an actual standard was agreed upon and established in January 2009<sup>[5]</sup>.<br />
==== Advantages ====<br />
Obviously.<br />
==== Disadvantages ====<br />
Obviously. <br />
=== Software Implementation ===<br />
Software encryption is offered natively in MAC OSX and Windows Vista<sup>[6]</sup> as well as commercial or free applications.<br />
==== Advantages ====<br />
Obviously.<br />
==== Disadvantages ====<br />
Obviously.<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Security and Storage Mediums]]<br />
* [[Cryptography in Information Security]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[3] [http://www.pcworld.com/article/131603/tsa_hard_drive_missing.html ''TSA Hard Drive Missing'']<br />
<br />
[4] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[5] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[6] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
* [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
----<br />
[[User:Shellya|Shellya]] 18:16, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T21:32:14Z<p>Shellya: </p>
<hr />
<div>'''Data Encryption for Storage Devices''' is a special case of ''data at rest''<sup>[1]</sup> protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.<br />
<br />
== Data Encryption ==<br />
Encryption is used in cryptography to transform plaintext to ciphertext<sup>[2]</sup>. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data was encrypted before being written, the data is still protected unless the key is known.<br />
<br />
== Implementations ==<br />
Data can be encrypted through the use of different software, or the storage device itself can encrypt the data.<br />
=== Hardware Implementation ===<br />
Encrypted hard disks have been available since April 2008<sup>[2]</sup> but an actual standard was agreed upon and established in January 2009<sup>[3]</sup>.<br />
=== Software Implementation ===<br />
Software encryption is offered natively in MAC OSX and Windows Vista<sup>[4]</sup> as well as commercial or free applications.<br />
<br />
== Storage Mediums ==<br />
Talk about hard drives and usb keys lol!<br />
[[Image:usb_key.jpg|frame|A USB flash drive that stores encrypted data]]<br />
=== Hard Disk Drives ===<br />
HDD yay!<br />
=== USB Keys ===<br />
Thumb drives!<br />
<br />
== See Also ==<br />
* [[Conventional Encryption Algorithms]]<br />
* [[Security and Storage Mediums]]<br />
<br />
== References ==<br />
[1] [http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci1143799,00.html Data at rest definition]<br />
<br />
[2] [http://en.wikipedia.org/wiki/Encryption Wikipedia:Encryption]<br />
<br />
[2] [http://www.pcworld.com/businesscenter/blogs/on_hardware/144919/fujitsu_ups_ante_on_integral_hard_disk_encryption.html ''Fujitsu Ups Ante on Integral Hard Disk Encryption'']<br />
<br />
[3] [http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9126869&taxonomyId=19&intsrc=kc_top ''Coming soon: Full-disk encryption for all computer drives'']<br />
<br />
[4] [http://www.pcworld.com/article/161519/whole_disk_encryption.html ''Protect Your Data With Whole-Disk Encryption'']<br />
<br />
== External Links ==<br />
* [https://siswg.net/ IEEE Security in Storage Working Group]<br />
* [http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Disk Encryption HowTo (Linux)]<br />
* [http://www.freeotfe.org/ Official FreeOTFE Website]<br />
* [http://www.truecrypt.org/ Official TrueCrypt Website]<br />
<br />
----<br />
[[User:Shellya|Shellya]] 17:32, 10 April 2009 (EDT)</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/File:Usb_key.jpgFile:Usb key.jpg2009-04-10T20:56:17Z<p>Shellya: </p>
<hr />
<div></div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T00:46:12Z<p>Shellya: </p>
<hr />
<div>Introduction material here.<br />
== Overview ==<br />
Some words here<br />
== Implementations ==<br />
=== Hardware Implementation ===<br />
More words here<br />
=== Software Implementation ===<br />
Even more words<br />
== See Also ==<br />
Other CASWiki pages here<br />
== External Links ==<br />
Self explanatory <br />
== References ==<br />
etc etc.</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-10T00:37:58Z<p>Shellya: </p>
<hr />
<div>Introduction material here.<br />
<br />
<br />
== Overview ==<br />
Some words here<br />
<br />
== Implementations ==<br />
=== Hardware Implementation ===<br />
More words here<br />
<br />
=== Software Implementation ===<br />
Even more words<br />
<br />
== See Also ==<br />
Other CASWiki pages here<br />
<br />
== External Links ==<br />
Self explanatory <br />
<br />
== References ==<br />
etc etc.</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-08T22:43:28Z<p>Shellya: setup blarg</p>
<hr />
<div>Introduction material here.<br />
<br />
<br />
== Overview ==<br />
Some words here<br />
<br />
== Implementations ==<br />
=== Hardware Implementation ===<br />
More words here<br />
<br />
=== Software Implementation ===<br />
Even more words<br />
<br />
== References ==<br />
etc etc.</div>Shellyahttp://wiki.cas.mcmaster.ca/index.php/Data_Encryption_for_Storage_DevicesData Encryption for Storage Devices2009-04-06T15:41:15Z<p>Shellya: New page: lol</p>
<hr />
<div>lol</div>Shellya