Techniques and Solutions for Storage Encryption

Vittorio Giovara February 20, 2008

Contents
1 Introduction 1.1 Overview . . . . . . . . . . 1.2 Basics of File Storage . . . . 1.2.1 Files and Filesystem 1.2.2 Disk partition . . . . 1.2.3 Master Boot Record 1.2.4 Loop Device . . . . 1.3 Solutions . . . . . . . . . . Modern Techniques 2.1 Full Disk Encryption . 2.2 Virtual Disk Encryption 2.3 Volume Encryption . . 2.4 File/Folder Encryption 2.5 Other Solutions . . . . 3 3 3 3 4 4 4 4 5 5 6 6 6 6 8 8 8 9 10 10 11 11 11 11 11 12 12 12 12 12 13 13 13 14 15 17 20 21

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

2

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

3

Solution Analisys 3.1 Possible Problems . . . . . . . . . . . . . . . 3.1.1 Advantages/Disadvantages Summary 3.2 Cryptoghaphic Concerns and Management . . 3.3 Authentication Issues . . . . . . . . . . . . . 3.4 Selection Aspects . . . . . . . . . . . . . . . Current Implementations and Benchmarks 4.1 TrueCrypt 5.0 . . . . . . . . . . . . . . 4.1.1 TrueCrypt for Linux . . . . . . 4.1.2 TrueCrypt for Windows . . . . 4.1.3 TrueCrypt for Mac OS X . . . . 4.2 BestCrypt . . . . . . . . . . . . . . . . 4.2.1 BestCrypt for Linux . . . . . . 4.2.2 BestCrypt for Windows . . . . . 4.3 Operating System Integrated Solutions . 4.3.1 Linux - dm-crypt . . . . . . . . 4.3.2 Windows - EFS . . . . . . . . . 4.3.3 Mac OS X - FileVault . . . . . 4.4 Final Benchmarks . . . . . . . . . . . . 4.4.1 Volume Encryption . . . . . . . 4.4.2 Virtual Disk Encryption . . . . 4.4.3 Full Disk Encryption . . . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

4

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

Bibliography A Test script

1

List of Tables
4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 4.12 4.13 4.14 4.15 4.16 4.17 4.18 4.19 Volume Encryption perfomance test #1 (one file from single bytes). . . . . . . . . . . Volume Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . . . . Volume Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . . . . Volume Encryption perfomance test #4 (multiple files from single bytes). . . . . . . . Volume Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). . . . Volume Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). . . . Virtual Disk Encryption perfomance test #1 (one file from single bytes). . . . . . . . . Virtual Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . Virtual Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . Virtual Disk Encryption perfomance test #4 (multiple files from single bytes). . . . . . Virtual Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). Virtual Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). Full Disk Encryption boot time test. . . . . . . . . . . . . . . . . . . . . . . . . . . . Full Disk Encryption perfomance test #1 (one file from single bytes). . . . . . . . . . . Full Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . . . Full Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . . . Full Disk Encryption perfomance test #4 (multiple files from single bytes). . . . . . . . Full Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). . . Full Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 14 14 15 15 15 16 16 16 16 17 17 17 17 18 18 18 18 19

2

Chapter 1

Introduction
focus on the current theories and actual implementations of the storage encryption technology. A brief introduction to the problem of securing data on hardware devices will be provided, along with some basics about file storage techniques, in order to fully understand the main issues. Afterwards this document will present the main solutions analizing the advantages and disadvantages of each one, taking in consideration encryption and authentication concerns. Finally some related open source programs.currently available will be showed, testing the performance impact of each adopted solution.

T

HIS DOCUMENT WILL

1.1

Overview

Due to the pervasive presence of computer systems in every aspect of modern life, there has been mayor concern regarding the protection and confidenciality of data and information stored in hardware devices, such as hard disks, USB drives, portable CD/DVD and memory cards. Malicious actions can be performed in order to obtain access to sensitive data and commit identity theft, industrial secrets disclosure, fraud and privacy violation in general. To avoid unauthorized access to private information it has been suggested to adopt symmetric encryption (quickier than asymmetric encryption for large quantities of data) on such devices, making impossibile to dispose of such data without proper authentication and proper access rights. This way data is protected from unauthorized read even in case of loss of device. Encryption is very effective, as it can be applied to single files (granularly) or to the whole volume, but its introduction can cause some disadvantages, like backup problems, recovery of lost keys, operating system integration, performance impact and centralized management drawbacks.

1.2

Basics of File Storage

In order to understand how the technologies for storage encryption work, it is important to have some basic knowledge about how files are stored on disk and how the operating system interacts with the filesystem. Here is presented a brief description of some of the recurring aspects in the solutions later discussed..

1.2.1

Files and Filesystem

The computer stores data into an abstract data type, called file, that allows to organize and access information according to the operating system implementation. Files are usually stored on non volatile devices for preserving their state even withouth power supply; such devices can be magnetic disks (very common) or flash memory (like memory cards and USB pendrives). The operating system can access files only if the disk is formatted with a filesystem; this means that the device is organized under known patterns as reported by the filesystem. It the filesystem that manages and stores file accordingly onto the device, respecting the address data of clusters and blocks of the disk, and that works as a driver for the operating system when dealing with file attributes, file types, access permission and available operations.

3

1.3 Solutions

4

1.2.2

Disk partition

A disk can be formatted only if it has been properly partioned, that is, it has been logically divided in one or multiple indipendent drives. A partition is the logical container of the filesystem; if no filesystem is present the partition is “raw”and can’t be accessed by the operating system (with some exception, like the swap-space in UNIX systems). In IBM PC-compatible disks, the list of the partition is stored in the Partition Table, a 16 bytes field in the Master Boot Record; these kind of disks can hold only four primary partitions, but it’s also possibile to create one extended partition capable of holding up to 128 different partitions. The type of partition is defined in the first byte of the partition table entry (which can also contain inforrmation about the filesystem installed).

1.2.3

Master Boot Record

The Master Boot Record is the first sector (512 bytes) of a partitioned data storage device, often called “Sector 0”, and contains important information of the structure of the partitioned disk. In IBM-PC convention, the Master Boot Record holds the primary partition table, four 16 bytes entries, and the bootstrapping code, the code to be executed when the BIOS identifies the first active primaray disk, usually a bootloader, such as LILO or GRUB, or some operating system bootstrap instructions..

1.2.4

Loop Device

Loop devices are pseudo-devices that make files accessible as if they were actual physical disks. They can be mounted and formatted like any other storage device, with the difference that the files reside above another filesystem; normally perfomance of loop devices is slower than standard hardware devices.

1.3

Solutions

As reported by [1], the most commonly found solutions for storage encryption are: • Full Disk Encryption • Virtual Disk/Volume Encryption • File/Folder Encryption Ii is possible to implement nested solution or use other available systems. The following chapter (§2) will describe the operational behaviour of each system alogn with other possibile solutions, while for a more detailed analisys, please consult §3. Sometimes Virtual Disk/Volume Encryption is referred as on-the-fly encryption because files are immediately accessibile after authentication and the virtual disk is mounted with physical drive emulation.

Chapter 2

Modern Techniques

T
2.1

HIS CHAPTER WILL

present the available technologies created for implementing storage enctryption in various environment, showing the main purposes and limitations of each method.

Full Disk Encryption

Full Disk Encryprion is a software based technique that ciphers the whole content of the disk, all files (including the system ones) present on the device, with a symmetric encryption algorithm (usually the Advanced Encryprion Standard). This method works by redirecting the Master Boot Record code to a Pre Boot Environment instead of the primary operating system; in the Pre Boot Environment the system loads basic drivers for Input/Output and asks the user for authentication (Pre Boot Authentication). After this passage, the computer loads and it decrypts all the files needed during bootstrap; when the operating system is loaded, the user is no more asked for authentication and every file is transparently encrypted or decrypted when it is written or read on disk respectively.

Figure 2.1: Boot sequence for Full Disk Encryption (orginal image at [1]) Full disk encryption is very effective when the device is lost or when the computer is off, as there is no way for data to be disclosed without proper user authentication, but it is very weak in respect to other storage encryption solutions because when the computer is on and the operating system is loaded it doesn’t offer any kind of security or confidenciality at all. On the other hand, this method is very well supported by operating systems, since the encryption is trasparent to them, even if modifying the Master Boot Record can generate trouble in dual or multi boot systems (a computer with two operating systems or more). The Master Boot Record is usually checked for integrity at the Pre Boot Environment, so it is not possibile to modify it without proper tools. There are some hardware implementations that, thanks to additional unremovable disk controllers for key and password storage, preserve the Master Boot Record; however they have received poor interest from the market as they cannot be managed centrally and require physical presence for any operation.. The delay and overhead brought by the encryption/decryprion process is tangible only at boot time and when dealing with very large files.

5

2.2 Virtual Disk Encryption

6

2.2

Virtual Disk Encryption

Virtual Disk Encryption is used for encryption of single or multiple files. The files which need protection are store in a special container, as if it were a folder, and it is afterwards encrypted. A separate software is needed to obtain access to the files saved in the container and all read and write are managed to that software only after authentication. Sometimes it is also possibile to install such software as a kernel module in order to reduce the delay time. If the operating system support single sign-on, it is possibile to configure this solution to automatically authenticate the user through the operating system authentication; in this way it woud be enough for the user using a single password for accesing the operating system and the encrypted file. Even if this can prove to be more functional, it severly lowers the security of the system, so it should be used with caution, The Virtual Disk Encryption method is very portable as it doen’t involve filesystem metadata (path, timestamps, etc.) nor the operating system support (everything is performed throught the bundled software). Often when the container is copied or moved from the disk to a portable device, also the necessary executable is inserted, making the container accessible from other computes. Thanks to this ease of portability this method is also preferred for making quick backups of the encrypted file.

2.3

Volume Encryption

Volume Encryption adopts the container technology used in Virtual Disk Encryption for protecting a whole disk partition, like in Full Disk Encryption. So it inherits all the properties of both methods, easy and quick backups, external software for accessing the container, transparent for the user as it protects all files in the volume and portability. Moreover it is possibile to mount this volume container, just like any other disk device, and use it directly without the software (which is alwasy needed for authentication). On the other hand this solution offers lower encryption capabilities than Full Disk Encryption, since it cannot cipher the primary disk where the operating system is installed and so it cannot even protect the memory or the swap file.

2.4

File/Folder Encryption

File/Folder Encryption is very similar to the Virtual Disk Encryption solution, basically it’s its transparent implementation: the software is directly integrated in the operating system and the container is just a filesystem folder. This method is very performant, as it is possible to encrypt/decrypt single files, instead of the whole container, and since it is directly supported by the filesystem the directory structure and datapath are preserved, without having to move the files in the container. Moreover its integration with the operating system allows some automatic encryption of files written by selected applications, files with a certain extension and files from particular users. Also in this solution it is possible to adopt single sign-on for rapid access to files. One of the main drawbacks of this solution is that external information of files, such as filename, size, type and path, are not (and can’t) be protected, reducing the the level of confidenciality offered.

2.5

Other Solutions

Full Disk Encryption, Virtual Disk/Volume Encrytpion and File/Folder Encryption are not the only available solutions, but are certainly the most adopted. Other methods are less supported by the existing environment and/or require additional actions from the user. One solution involves modification of the application level in order to cipher only the important pieces of information; for example in a database application it is possible to encrypt only the sensitive fields of certain tables, like customers’ private data. Obviously this metodology can be applied in limited occurences and so is rarely applied. Another solution is to let access of important data only through a virtual machine disconnected form the network which is encrypted when not in use. This solution is very similar to the Virtual Disk Encryption but

2.5 Other Solutions

7

offers additional security as it is possible to nest different protection measures and tell apart the important data from the user data; since virtual machine are single files it is very easy to make backups. One final solution consists in forbidding the storage of sensitive information on any device. This is performed in several ways: • No copies on mobile devices, like PDAs, memory cards or USB drives; • No copies on CD or DVD if data has not been encrypted; • Adopting a terminal/client environment, so data can be secured directly on the mainframe and accessed only after user authentication; • Accessing sensitive data only through secure applications, for example using a web portal to gather and manipulate data over a secure SSL channel (in which it’d be convenient to authenticate both the server and the client).

Chapter 3

Solution Analisys

H
3.1

AVING PRESENTED THE MAIN choices of Storage Encryption techniques, in this chapter will be presented

a detailed analisys of general problems in adopting a solution and the theoretical and practical aspects of the encryption process and authentication metodology.

Possible Problems

After having set up a Storage Encryption environment, many implementation aspects are often not taken care of. For example there is no solution that protects the empty space disk. When deleting a file often its content is not totally deleted, but its pointer is just deferenced; so using forensic analisys over the empty space it is possibile to restore part or the whole of the file. Another weak point of the current solutions is that after authentication data is decrypted right away and stored in primary memory with no protection and unauthorized software could fetch sensitive data directly from it. Simirarly there are almost no systems that preseve encryption over copied or moved data. Moreover many software based solutsions keep authentication information like keys and password on the device they are protecting, making it easy prey of malware and malicious attacks. Finally all systems are susceptible to keyloggers, hardware or software devices that keep track of what has been typed on the keyboard, in order to obtain passwords or directly important data itself. On the other hand modern technologies are very compatibile with each other and so it is possible to use several protection systems for the same resource even with different keys each. Moreover the same resource can be shared by multiple users still in encrypted form and decrypted with several different keys; see §3.3 for further details.

3.1.1

Advantages/Disadvantages Summary

Here is a brief summary of the advantages and disadvantages of each of the main solutions. Please see §2 for a more detailed description. Full Disk Encryption + All data on disk is protected and the user hasn’t got to choose which files to protect; + Immediate data destruction, it is just needed to destroy the keys and data will be unreadable; - Offers no protection whatsoever when the operating system is loaded; - Limited protection to swap and hibernation files. Virtual Disk/Volume Encryption + Only selected content protected; + Very portable and easy backup;

8

3.2 Cryptoghaphic Concerns and Management

9

+ Possibile single sign-on for automatic access to encrypted files; - No protection to swap file and primary memory. File/Folder Encryption + Integrates perfectly with the operating system and the filesytem; + Possibile single sign-on for automatic access to encrypted files; - Needs filesystem support for preserving encryption; - Less confidenciality offered.

3.2

Cryptoghaphic Concerns and Management

Storage Encryption offers some intersting challenges from the point of view of cryptographic analisys. As a matter of fact a great number of parameters is implementation dependant, like the number and the types of keys used in the cipher, the encryption algorithm and the storage of the hashes of the authentication details (as username and password mustn’t be kept in cleartext). Generally, according to [1], the preferred algorithm for security and performance reasons is the Advanced Encryption Standard (AES) with integrity checking through either HMAC-SHA or Cipher-Based Message Authentication Code (CMAC), or Counter with Cipher Block Chaining-Message Authentication Code (CCM), Please see [1] for additional details. There are two very aspects that affect the classical encryption process. The first one is that there are encrypted files that have to be shared across multiple users. Clearly it is impossible to reuse the same key, because it would be too greatly reduce the security level of the key (and the associated password). So it must be used a triky solution: each single key is used to decrypt another file which contains the single key used to decrypt the actual encrypted data. This procedure is described in more details in §3.3. The other peculiar factor is that since a single loss of a key can make the whole encrypted data unreadable, just as if it would be completely destroyed, there must be some kind of recovery system. This is implemented in several ways like using a special recovery key in addition to the users’ keys. Very often however keys are kept secure in a centralized server that is used for management. As a matter of fact all the described solutions are set up to be controlled and managed remotely from a centrilized computer which is in head for handling many management aspects. Moreover with a centrally managed system it is possible to perfom frequent and easy backup of the sensitive encrypted data and/or of the computer setting. Here is a list of the advantages of a centrally managed environment: Updates and deploying One of the key factor for a secure storage environment is to keep software updated and be able to deliver to the final users quickly; Configuration As said before, there are many parameters to be configured, not only the algorithms and key, but also some authentication settings (like files accesibile from differnt groups of users, admistrators and single user); Logs Many programs help to keep track of file access or password modification and having a centralized managent system is necessary for fetching and saving such information; Recovery Recovery keys when the main key is lost or damaged are stored on the centralized system in order to always keep a safe copy for quick action. Sometimes it is possible to store backups of encrypted data too; Routine system management Just some control and checks over the running systems.

3.3 Authentication Issues

10

3.3

Authentication Issues

Authentication is another important aspect of a Storage Encryption environment. All the solutions presented are based on a successful authentication for allowing access to encrypted files. This is achieved with any of the following authenticators (in order of effectiveness against security): single sign-on Access granted via the credentials provided by the operating system; unique password or PIN A normal password-based authentication; token-code Single use codes, obtained from additional hardware, providing one time passwords; token-code with unique password or PIN The union of the two previous factors. It is possible to use either one-factor authentication or two-factor authentication systems; with the former the authenticator usually grants access to the key used in actual decrypting while with the latter tipically one factor gives access to another factor which is the one used in decrypting information; as [1] reports, a password can be used to retrieve a key from a smart card and use that key to decrypt the storage encryption key. Clearly two-factor authentication is much more secure and the acquisition of either factor doen’t cause the disclosure of the encrypted data. Another interesting aspect of the authentication process is when dealing with encrypted files accessible from different multiple users. This seems to break the conventional rules of encryption algorithms, but actually the implementation is very simple. The data is encrypted with just a single key which is put in a container or a clear file; in either ways, the key is repetidely encrypted with as many keys as users. So when a user uses his own password or key to access the data, that password is used to decrypt the ciphered key used in for real access to data. This can prove to be delicate when the key needs updated, but thanks to centrally managed system the process requires very little time for encrypting the main key several times and depoying the secondaray key to the users.

3.4

Selection Aspects

The choice of the Storage Encryption technology should be based on several factor and should not be limited to a single solution. The main aspect on which perform the selection are: • what needs protection • what are the authenticators supported • how does the operating system support the solution • how is the system managed • interoperability between different operating systems • which is the performance impact of the solution • how are recovery and backups performed

Chapter 4

Current Implementations and Benchmarks

I

it will be shown a set of the modern opensource implementations for storage encryption systems; a compehensive list of all the storage encryption software is located at [6]. The analisys will provide a description of the main features and some actual performance tests about the performance impact.
N THIS FINAL CHAPTER

4.1

TrueCrypt 5.0

TrueCrypt is one of the most portable solution as it is available for Windows, Mac OS X and Linux systems and its sources are freely available. It offers lots of cryprographic algorithms too, like AES (default), Blowfish, Serpent, 3DES, Twofish and combination of them; it secures the passwords with RIPEMD-160, SHA-1 or Whirlpool hashes. This tool also gives the possibility to create hidden volumes that are more difficult to identify. Given its portability, every disk image created with TrueCrypt is readable by any version of the software on any operating system; on the othe hand, the disk image format is not standard and can’t be mounted by normal system tools but requires the presence of the software to access the containers.

4.1.1

TrueCrypt for Linux

The version for Linux systems installs a command line program that implements only the Virtual Disk/Volume Encryption solution. With the option truecrypt -c it is possible to map a virtual container or a partition as an encrypted volume. Then the user is prompted for selecting the volume size, the cipher, the hash and the filesystem; as standard UNIX tools, it is possible to pass these parameters as command line arguments. After the volume creation it is possible to mount like any other device to a folder, but not with the mount command: it is necessary to mount the container always with the truecrypt program, which will need the correct volume password in order to access it. Now it is possible to use the encrypted volume (or file) like a stardard storage device. The only available filesystem for the container is FAT.

4.1.2

TrueCrypt for Windows

The version for Windows offers the Full Disk Encryption and Virtual Disk/Volume Encryption as well. The program has a graphical user interface with the same options of the Linux counterpart: same algorithms, same hashes, possibility to mount the container as a normal volume and so on. The user just needs to follow a graphical wizard where each parameter is somewhat described. For mounting volumes the user has to browse for the image file and a select drive letter; now it is possible to access the container like a normal drive from My Computer folder. This volume can be formatted in FAT or NTFS filesystems.

4.1.3

TrueCrypt for Mac OS X

The version for Mac OS X has the same graphical user interface of the Windows version, but doesn’t offer the Full Disk Encryption implementation. There are the usual encryption algorithms and hashes and it is possible to mount volumes only with the program itself. 11

4.2 BestCrypt

12

Also in this version the only available filesystem is FAT.

4.2

BestCrypt

BestCrypt is one of the most used tools for storage encryption and one of the oldest program available (started in 1993). The sources are open for review, but the program is not free: there is a 30-day tryout before purchasing a licence. This software has more parameters of choice with respect to TrueCrypt as it has more encryption algorithms, (like IDEA, CAST and GOST), more hashes for password (like MD5) and supports as many filesystems as the operating system can (FAT, EXT2/3 and ReiserFS on Linux, FAT and NTFS on Windows). Another interesting feature is that images created by different version of this program are compatible with each other.

4.2.1

BestCrypt for Linux

The Linux version offers only Virtual Disk/Volume Encryption implementation. Actually it is more difficult to install than Truecrypt, beacuse it requires some proprietary modules to be loaded into the kernel, and once installed there is no tutorial or wizard for creating volume files, but needs direct command line arguments from the user. The program bctool requires an action to perform. The most used are: • new to create a virtual disk or a block volume, with the -a option for selecting the cipher; • format to format the container with the FAT filesystem (you can select others with the -t option); • mount to mount the container like any other device.

4.2.2

BestCrypt for Windows

Similarly to TrueCrypt this version of BestCrypt support Virtual Disk/Volume Encryption and Full Disk Encryption. It offers even more parameters for virtual disks like authentication method (password based, public key or shared secret) and hash functions (most notably SHA-256). Also in this version there is a graphical user interface with a control panel listing all the mounted volumes and the disk images that are possible to be mounted.

4.3

Operating System Integrated Solutions

Here is a presentation of the main security features for storage devices already present in current operating systems.

4.3.1

Linux - dm-crypt

Linux world shifts continuosly and new features regarding cryptography are added to the kernel very often. However there is one standard tool to manage the encrypted devices: dm-crypt which stands for Device Mapper for (en)Cryption. It is a kernel tool that maps encrypted disk to standard device files and while authentication and encryption is performed externally by tools like cryptsetup. The format in which the container or the volume is encrypted is standardized by the LUKS project (Linux Unified Key Setup). In this way the container can be created, mounted, managed by different software, even on different operating system; for example FreeOTFE for Windows is capable of handling virtual disks created in Linux and the disks created by FreeOTFE can be mounted in Linux systems. cryptsetup is capable of creating Volume Encryption devices and with Virtual Containers even if the latter requires a loop device already available (operation usually done with losetup; for more information see §1.2.4 or consult [3]). Since it works with dm-crypt which is close to the kernel, it can create encrypted root systems with the Pre-Boot Authentication. This is usually done by editing the bootloader and creating (or modifying if existing) and the initrd.img file; at start up initrd.img is loaded before the kernel and

4.4 Final Benchmarks

13

it generates a subsystem for user authentication, aftet which the system is dynamically decoded and loaded. Regarding this process there is very detailed guide at [7]. The syntax for cryptsetup is a little more complicated with respect to other solutions and there is practically no wizard at all. When dealing with Volume Encryption in general it is necessary to add the prefix luks to standard operation (open, mount, create) and to define the hash and cipher from command line (default AES, RIPEMD-160). The filesystem supported are the same supported by the operating system in which the container is created.

4.3.2

Windows - EFS

On Windows system the main file system is NTFS (New Technology File System) and it does support encryption through EFS (Encrypted File System); on top of a NTFS filesystem the metadata of the file (or folder) is changed and the content associated is encrypted with AES-256 (optionally with 3DES or DESX). This feature has been introduced since Windows 2000 and improved in later versions of the system. The latest version supports multiple shared encrypted files, authentication with publc certificate and with smart card and encryption of the swap file. From the point of view of the security, this system is quite laking as the file can still be modified externally (for example renamed) and the file name can still be read (possibly disclosing its content). On the other hand, from the point of view of simplicity, this system is very easy to use, as the steps for encrypting a file are just three: right-click on the file to encrypt. click on Advanced and then check Encrytpt contents to secure data.

4.3.3

Mac OS X - FileVault

Machintosh systems offer data protection for the whole home folder of the user; this is generally good, since the user doen’t have to select which files to protect. However one of its main drawbacks is that solely the home folder is protected, while the rest of the operating system is unprotected; so there is no Full Disk Encryption support and preservation of the encryption of data on external devices is impossible. The adopted algorithm is the Advanced Encryption Standard with a 128 bit key derived directly from the users’ password; when the user is logged on the system, there is no need for insertion of a password, making this solution very transparent. It is also possible to set up a master password for unlocking or restoring a FireVault account, very usefult for recovery. The system implements a Virtual Disk Encyption method as it creates a container of expandable dimensions, moves the contents of the home folder there, encrypts the container and mounts it where the home folder was previously located. This solution is easy to enable, in System Setting, click Security and then Activate FileVault. Latest versions of this software were addressing the performance impact which has been drastically reduced over time. For more information please consult [8].

4.4

Final Benchmarks

In order to understand the performance impact of the different solutions, several tests were run over the encrypted file systems; more precisely the time was recorded to perform the following operations: 1. write 1 file of dimension 1B, 1kB, 10kB, 100kB, 1MB, 10MB with sequences of 1 byte; 2. write 1 file of dimension 1kB, 10kB, 100kB, 1MB, 10MB, 100MB, 1GB, 4GB with blocks of 1024 bytes; 3. write 1 file of dimension 100kB, 1MB, 10MB, 100MB, 1GB, 4GB with blocks of 4096 bytes; 4. write 100 files of dimension 1B, 1kB, 10kB, 100kB, 1MB with sequences of 1 byte; 5. write 100 files of dimension 1kB, 10kB, 100kB, 1MB, 10MB, 100MB with blocks of 1024 bytes; 6. write 100 files of dimension 100kB, 1MB, 10MB, 100MB with blocks of 4096 bytes.

4.4 Final Benchmarks

14

The tests for Full Disk Encryption were run on a Windows XP machine, Intel Pentium 4 HT 3,8GHz with 2 GB of RAM, 10000rpm 40 GB SATA disk with NTFS. The tests for Virtual Disk/Volume Encryption were run on a Ubuntu Linux 7.10 machine, Intel Core 2 Duo 2,8GHz with 2 GB of RAM, 7200rpm 10 GB SATA disk. The filesystem adopeted for the tests was FAT so to mantain a layer of compatibility among the different solutions.

4.4.1

Volume Encryption

This test put in comparison the performance of physical volumes encrypted with TrueCrypt, BestCrypt and cryptsetup with the performance of a plain filesystem (FAT). Here is the result of the tests (time expressed in seconds), followed by some analysis:
XXX XXX Software XXX XX

File size 1B 1 kB 10 kB 100 kB 1 MB 10 MB

vfat 0,016 0,021 0,76 0,567 5,389 54,261

TrueCrypt 0,015 0,021 0,075 0,539 5,478 56,157

BestCrypt 0,015 0,025 0,074 0,542 5,291 5,473

cryptsetup 0,015 0,022 0,068 0,547 5,359 55,574

Table 4.1: Volume Encryption perfomance test #1 (one file from single bytes).
XXX X XX Software XXX XX

File size 1 kB 10 kB 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

vfat 0,015 0,015 0,02 0,03 0,131 1,2 19,005 48,899

TrueCrypt 0,015 0,015 0,016 0,28 0,135 1,4 41,96 156,476

BestCrypt 0,014 0,015 0,016 0,032 0,136 3,688 53,253 200,418

cryptsetup 0,016 0,016 0,018 0,034 0,137 5,168 77,42 421,747

Table 4.2: Volume Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XXX X

Software XXX XX File size XX 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

vfat 0,028 0,029 0,101 0,915 32,044 41,316

TrueCrypt 0,026 0,029 0,088 1,17 39,585 153,541

BestCrypt 0,015 0,022 0,104 3,328 39,592 161,019

cryptsetup 0,017 0,025 0,093 5,772 133,961 404,589

Table 4.3: Volume Encryption perfomance test #3 (one file from blocks of 4096 bytes).

4.4 Final Benchmarks

15

XXX

File size 1B 1 kB 10 kB 100 kB 1 MB

XXX Software XXX XX

vfat 0,715 1,354 6,800 55,231 210,284

TrueCrypt 0,715 1,559 6,668 54,039 562,170

BestCrypt 0,093 1,683 7,432 55,318 553,444

cryptsetup 0,774 1,324 6,631 60,418 543,940

Table 4.4: Volume Encryption perfomance test #4 (multiple files from single bytes).
XXX X

File size 1 kB 10 kB 100 kB 1 MB 10 MB 100 MB

Software XXX XXX X

vfat 0,396 0,398 0,545 2,485 24,901 158,549

TrueCrypt 0,829 0,731 0,825 3,090 34,569 694,73

BestCrypt 0,905 1,019 1,259 5,492 59,463 452,373

cryptsetup 0,765 0,831 0,957 5,757 126,050 1034,821

Table 4.5: Volume Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).
XXX X

File size 100 kB 1 MB 10 MB 100 MB

Software XXX XX XX

vfat 0,892 2,461 14,417 143,273

TrueCrypt 0,873 2,192 37,550 425,355

BestCrypt 0,959 6,560 62,043 391,263

cryptsetup 0,991 5,260 60,748 968,217

Table 4.6: Volume Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). Conclusions From the data of above it is possible to notice that the greatest overhead is tangible when dealing with files greater than 100 MB. Most of the the slowness is due to the old architecture of the targe file system (FAT), but for small files there actually no sensible performance loss. Instead for large files (over the gigabyte) the write time is as much as 10 times greater, but generally is only three or four time slower. Overall, the analized software performed quite well, sometimes even performing better than the plain filesystem, but every solution has problems with large files: cryptsetup is the wrost when dealing with large files, but on the other hand it performs slightly better than others for small files, especially sequential ones; TrueCrypt sustained perfectly all the tests for single files, but was outdo by BestCrypt for handling sequential files; moreover BestCrypt incredibly enhances the performance of file system for files generated by single bytes of considerable dimension (10MB) most likely thanks to heavy buffer usage.

4.4.2

Virtual Disk Encryption

This series of tests continues the analysis of presented programs (TrueCrypt, BestCrypt and cryptsetup) by checking the virual container imlpementation. This time there is an unevitable perfomance loss, because containers reside on top of another file system and every opeation must go through a virtual device and then to a physical one. The file system of the target containers is always FAT, guaranteeing coherent tests among the different software. In the following tables the first column describes again the perfomance of a standard FAT disk, in order to fully understand the differnt behaviour.

4.4 Final Benchmarks

16

XX

File size 1B 1 kB 10 kB 100 kB 1 MB 10 MB

XXX

Software
XX XXX X

vfat 0,016 0,021 0,076 0,567 5,389 54,261

TrueCrypt 0,019 0,021 0,074 0,554 5,610 45,882

BestCrypt 0,009 0,018 0,070 0,516 5,359 27,297

cryptsetup 0,015 0,022 0,069 0,563 5,229 30,505

Table 4.7: Virtual Disk Encryption perfomance test #1 (one file from single bytes).
XXX X

File size 1 kB 10 kB 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

Software XXX XX XX

vfat 0,015 0,015 0,020 0,030 0,131 1,200 19,005 48,999

TrueCrypt 0,016 0,016 0,017 0,034 0,134 4,541 60,163 256,588

BestCrypt 0,017 0,016 0,016 0,031 0,133 5,354 70,150 286,357

cryptsetup 0,015 0,017 0,018 0,028 0,129 9,605 131,113 504,603

Table 4.8: Virtual Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XX XX

File size 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

Software XXX XXX X

vfat 0,026 0,029 0,101 0,915 32,044 41,346

TrueCrypt 0,016 0,025 0,096 4,550 54,415 261,346

BestCrypt 0,017 0,023 0,099 5,514 66,656 264,723

cryptsetup 0,015 0,024 0,131 15,981 122,605 439,648

Table 4.9: Virtual Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes).
XXX X

Software XXX XX File size XX 1B 1 kB 10 kB 100 kB 1 MB

vfat 0,715 1,354 6,800 55,231 210,284

TrueCrypt 0,886 1,558 7,154 56,646 559,804

BestCrypt 1,071 1,511 7,226 56,108 559,919

cryptsetup 0,888 1,946 8,078 58,125 571,746

Table 4.10: Virtual Disk Encryption perfomance test #4 (multiple files from single bytes).

4.4 Final Benchmarks

17

XXX

File size 1 kB 10 kB 100 kB 1 MB 10 MB 100 MB

XXX Software XXX XX

vfat 0,396 0,398 0,545 2,485 24,901 158,549

TrueCrypt 0,843 0,805 1,057 8,366 69,124 694,730

BestCrypt 0,944 0,892 1,122 9,030 86,329 702,611

cryptsetup 0,830 0,902 1,156 13,320 118,151 2422,278

Table 4.11: Virtual Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).
XXX XXX Software XX XXX File size

vfat 0,892 2,461 14,417 143,273

TrueCrypt 0,872 7,871 61,775 681,704

BestCrypt 0,959 6,560 62,043 699,120

cryptsetup 0,861 11,762 86,259 1007,887

100 kB 1 MB 10 MB 100 MB

Table 4.12: Virtual Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). Conclusions As stated before, the perfomance is heavily decreased even for small files, expecally sequences. The file size threshold is again 100 MB, but this time the slowdown consists in 4 to 6 times for big files and up to 15 times for sequential files with respect to a standard filesystem. The charcteristics of the previous results are mantained: cryptsetup behaves better with small files but is almost unusable with large ones, BestCrypt is fantastic for files generated by single bytes, and TrueCrypt performs quite well in most cases.

4.4.3

Full Disk Encryption

Another feature of the described programs is that they can encrypt the drive where the operating system is installed on, implementing a Full Disk Encyrption solution. The measures checked the performance impact at system boostrap and under normal workload by running the tests of above (§4.4).
PP

Software PP PP Test PP P

no encryption 32,670

TrueCrypt 38,014

BestCrypt 37,017

Boot time

Table 4.13: Full Disk Encryption boot time test.
XXX XXX Software XXX XX

File size 1B 1 kB 10 kB 100 kB 1 MB

NTFS 0,068 0,111 0,467 4,028 39,745

TrueCrypt 0,070 0,110 0,466 4,107 43,150

BestCrypt 0,070 0,110 0,465 4,047 41,615

Table 4.14: Full Disk Encryption perfomance test #1 (one file from single bytes).

4.4 Final Benchmarks

18

XXX

File size 1 kB 10 kB 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

XXX Software XXX XX

NTFS 0,069 0,068 0,074 0,115 0,540 6,113 60,042 302,336

TrueCrypt 0,070 0,071 0,076 0,120 0,560 7,630 61,478 293,174

BestCrypt 0,068 0,069 0,073 0,116 0,551 7,239 60,621 281,187

Table 4.15: Full Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XXX XX

Software
XXX XXX

File size 100 kB 1 MB 10 MB 100 MB 1 GB 4 GB

NTFS 0,070 0,088 0,296 6,369 49,240 192,774

TrueCrypt 0,068 0,093 0,422 6,340 76,514 300,575

BestCrypt 0,068 0,090 0,302 5,534 78,760 292,575

Table 4.16: Full Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes).
XXX XXX Software XXX XX

File size 1B 1kB 10kB 100kB

NTFS 3,165 6,976 41,742 390,910

TrueCrypt 3,310 6,875 42,013 391,540

BestCrypt 3,216 6,853 41,870 389,477

Table 4.17: Full Disk Encryption perfomance test #4 (multiple files from single bytes).
It was not possible to run the 1 MB files test due to the excessive metadata information stored in NTFS file systems when generating files from single bytes.

XX

File size 1kB 10kB 100kB 1MB 10MB 100MB

XXX

Software
XX XXX X

NTFS 2,938 2,973 4,971 7,730 53,159 704,645

TrueCrypt 3,100 2,735 3,504 7,947 55,867 737,143

BestCrypt 3,039 2,279 3,454 7,743 59,974 727,411

Table 4.18: Full Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).

4.4 Final Benchmarks

19

XXX

File size 100kB 1MB 10MB 100MB

XXX Software XXX XX

NTFS 3,191 5,291 32,397 684,864

TrueCrypt 3,258 5,679 33,947 728,103

BestCrypt 3,252 5,580 34,130 717,615

Table 4.19: Full Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). Conclusions It is possible to notice that the overall performance is not heavily chocked: small and big files don’t suffer at all from encryption, even sequential file write is not harmed, while only extremely large files are actually lightly jeopardized. BestCrypt performed really well in the tests and the operations for setting up the encrypted system were very basic. Moreover this software supports memory and swap encryption and suits well in dual boot environments, as it installs a bootloader of its own. Protection is very well performed and in addition, if someone types a wrong password at PBA it is reported that there has been an attempt to access the computer. On the other hand TrueCrypt performed a little worse than BestCrypt and during the set up process incompatibilies are likely to happen: for example there is no support for dual boot environments and the swap file is not encrypted. However it integrates well with operating system as it perform several checks over the hardware before starting the process and forces the user to create a rescue disk containing information about the backed up the master boot record.

Bibliography
[1] K. Scarfone, M. Souppaya, M. Sexton, Guide to Storage Encryption Technologies for End User Devices, NIST Special Pubblication 800-111, 2007 [2] A.Silberschatz, P. B. Galvin, G. Gagne, Operating Systems, Chapter 10-11, Pearson Addison-Wesley, VII Ed., 2006 [3] Wikipedia, the free encyclopedia, Loop device, http://en.wikipedia.org/wiki/Loop device [4] Wikipedia, the free encyclopedia, Full disk encryption, http://en.wikipedia.org/wiki/Full disk encryption [5] TrueCrypt, TrueCrypt Documentation, http://www.truecrypt.com/docs [6] Wikipedia, the free encyclopedia, Comparison of disk encryption software, http://en.wikipedia.org/wiki/Comparison of disk encryption software [7] Gentoo-Wiki, Security - System Encryption dm-crypt with LUKS, http://gentoo-wiki.com/SECURITY System Encryption DM-Crypt with LUKS [8] Mac OS X 10.4 Help, About FileVault http://docs.info.apple.com/article.html?path=Mac/10.4/2n/mh1877.html

20

Appendix A

Test script
The tool for running the test was this simple shell script algon with the time utility: #!/bin/bash for ((i=0;i<$1;i++)) do dd if=/dev/zero of=file.bin bs=$2 count=$3 done The script requires three parameters: the first for the number of files to generate, the second for the block size and the third for the final file size. During the tests the files generated were always deleted before timing, so not to deal with overwriting times. The program dd was used because it is very efficient for byte and block copy and /dev/zero was chosen as source because it is faster than other (randomized) virtual devices.

21

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.