Data Encryption for Storage Devices
From Computing and Software Wiki
Data Encryption for Storage Devices is a special case of data at rest[1] protection. Data can be encrypted through the use of software, or hardware itself can encrypt data as it is saved to the device.
| Contents | 
Data Encryption
Encryption is used in cryptography to transform plaintext to ciphertext[2]. In the case of storage devices, encrypted data that is stored can only be accessed with the proper authentication. Physical theft of the medium negates password protection since the data can simply be read from it. On the other hand, if the data is encrypted before being written, the data is still protected unless the key is known. With the theft of personal data becoming an issue[3], the encryption of storage devices becomes an attractive way to avoid such issues.
Implementations
Data can be encrypted through encryption technology built into the storage medium, or through the use of software that encrypts data before writing it.
Hardware Implementation
Hardware implementations include hard disk drives, portable storage drives, and USB flash drives. Encrypted hard disks have been available since April 2008[4] but an actual standard was agreed upon and established in January 2009[5]. The standards were established by the Trusted Computing Group (TCG) and are outlined as follows[5]:
- The Opal specification, which outlines minimum requirements for storage devices used in PCs and laptops.
- The Enterprise Security Subsystem Class Specification, which is aimed at drives in data centers and high-volume applications, where typically there is a minimum security configuration at installation.
- The Storage Interface Interactions Specification, which specifies how the TCG's existing Storage Core Specification and the other specifications interact with other standards for storage interfaces and connections. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI.
The location of the technology that encrypts the data depends on the type of storage medium. For an internal storage drive or USB drive, the technology is built into the device. In the case of portable storage drives, the technology may be built into the drive or into the housing for the drive.
Software Implementation
Software implementations are applications which allow a user to encrypt a portion or all of a storage device. Even single files can be individually encrypted. Some implementations provide techniques to prevent the data from being found. Software encryption is offered natively in MAC OSX and Windows Vista[7]. Additionally, free implementations are available, TrueCrypt and FreeOTFE are two examples of this.
Security Techniques
Some or all of the following techniques may be employed by encryption software.
Plausible Deniability
The purpose of encrypting data is to keep it secure. The software may encrypt the data in such a way that the existence of the encrypted data is unprovable. Plausible deniability may even be extended to further levels for added security.
Hidden Volumes
This is a feature that adds to the security of plausible deniability. A hidden volume is a steganographic feature that allows "hidden" volumes to be created within a "container" volume. The user will place important looking files within the container volume, but the sensitive data that the user is really trying to protect should be stored within the hidden volume. This method hides the data within what is thought to be hidden data. An attacker that obtains the key to the first volume would find the data that looks important, but would never see the data hidden within the second layer.
Identifying Features
Another feature that helps to ensure plausible deniability is the software technique of not leaving any signature or header that could lead to the existence of encrypted data being discovered. Data is encrypted in such a way to make it impossible to to tell from random data. This is done so that without knowing the key, encrypted data cannot be detected, and neither can hidden volumes.
Advantages
- Removes the requirement of having the CPU perform the calculations for the encryption process by performing the encryption itself.
Disadvantages
- The cost of these storage devices is significantly higher than storage devices that do not perform encryption.
- Proper benchmarking has not been performed yet[6].
See Also
- Conventional Encryption Algorithms
- Cryptography in Information Security
- Security and Storage Mediums
- Steganography and Digital Watermarking
References
[4] Fujitsu Ups Ante on Integral Hard Disk Encryption
[5] Coming soon: Full-disk encryption for all computer drives
[6] Encrypted Drives Keep Your Files Safe
[7] Protect Your Data With Whole-Disk Encryption
External Links
- IEEE Security in Storage Working Group
- Disk Encryption HowTo (Linux)
- Official FreeOTFE Website
- Official TrueCrypt Website
- Wikipedia:Encryption
- Trusted Computing Group
- Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested
Shellya 18:16, 10 April 2009 (EDT)

