Data Security – It’s Not Just For Secret Agents Anymore
The agent moves from the warehouse area to the offices in search of the target’s computer. He finally finds it in the last office. The machine is on and after gaining access to the computer, the agent starts scanning through files only to find them encrypted.
The agent calls back to the base looking for the computer expert. The expert remote controls the machine and tries some generic passwords—they do not work. The computer expert runs a password cracking program and in seconds, the files are accessible.
The bad guys are caught, the country’s security is maintained, and the world is saved—all in the course of an hour—excluding commercials of course!
Television and movies are becoming more and more high-tech. It’s enjoyable to watch a show with a good plot, cool technology, and a good ending, yet in real life, security concerns are at an all time high. Computer users are reminded to guard their company’s proprietary information, mobile/laptop users are warned constantly about the threat of theft, and home users have seen an increase of identity theft. It is the electronic files and documents that tie all of these concerns together.
When networked computing and peer-to-peer environments became the standard 20 years ago, protecting user files only required the user logon and password. Nowadays, there are so many administrator password breaking programs that data security goes beyond machine access—security must be at the data level. Encryption is the most effective way to achieve data security.
What is Data Encryption?
The idea behind concealing written information in a coded list of letters and then transmitting it to the intended recipient, without others being able to understand it, has been around for centuries. Historically, cryptography has been used by governments, empires, or the military to conceal or encode top secret information.
Perhaps the most widely known story of encryption is the WWII story of the German rotary encoding Enigma machine. This machine was used to encode specific instructions to units out in the field. When the Allies captured a Navy Enigma machine, they were able to decode military messages during the war. (See the References for more information about the Enigma machine.)
Modern cryptography is based on mathematical algorithms that scramble unencrypted written information, also known as “plaintext”, into an unintelligible mass of characters of encrypted data, known as “ciphertext.” A “Key” is used to change the plaintext into ciphertext. Since the plaintext is in electronic form, the encryption is done at a bit level (recall that 8 bits make one byte; one byte can represent an alphabetic or numeric character.)
The length of the key determines the encryption level, so the larger the key in bits, the more encrypted the plaintext will be. Another important aspect of cryptography is the type of key used. For instance, there are two types of key encoders, or ciphers - block ciphers and stream ciphers. Block ciphers take a group of bits from the plaintext and then mathematically apply the key. Stream ciphers convert the plaintext one bit at time.
There are many encryption schemes out there; here are the ones that U.S. National Institute of Standards and Technology has approved:
|
Examine the References on the subject of encryption at the end of this article. You’ll discover that there are many different encryption methods out there. How you or your clients implement encryption can become its own project. Make sure you do your own research into the options available! Be careful of choosing an encryption solution strictly on price—you may find that the data is not properly encrypted thereby making it easy to crack.
What are the methods available to encrypt data?
Options for Data Encryption
So now that we have a general idea behind encryption, how it can be done? What choices do you or your client have for data protection?
- Real-time hardware based encryption
- Hard drive controller with USB Key and/or password. (This is a printed circuit board that is attached “in-line” between your hard drive and the computer. Data to be saved is sent to the controller card and after being encrypted, the data is written to the hard drive. Decrypting data follows this method in reverse. Encryption schemes are chosen from the controller card’s ‘setup’ screen.)
- Software based encryption
- Hard drive encryption. (Software is loaded at boot-up and decrypts the drive. Usually the partition and volume is encrypted.)
- Virtual drive encryption. (The software creates a special file on the host system that is used as a virtual drive. Once the virtual drive is in place, it shows up as a drive letter.)
- Individual file encryption. (Individual files can be encrypted using the EFS feature within Microsoft Windows 2000 or XP. Commercial programs are available for Mac and Linux. There are open-source file encryption programs for Mac OS X and Unix/Linux systems. However, because of the nature of open-source programming, there is a chance of compromises to the encryption scheme. Always verify the source and programmer group for these types of programs.)
There are special systems for email encryption, internal network encryption (where network traffic is encrypted), and also procedures for encrypting web XML pages.
With all of this conversion of data going on, what happens if the hard drive fails, or if the data becomes corrupted? What are the chances of a recovery?
Encrypted Data and Data Loss
Implementing a data security scheme can make it easy to think that once the data is secure you are protected. So what happens if the hard drive fails? Is all lost?
The type and level of damage is what can affect the success of the recovery. If the hard drive has sustained physical media damage, such as in the case of a head crash, then the clean room engineer will work around the physical damage and will read the good areas of the drive. It’s important to know that just because data is encrypted, that doesn’t make it any more or less recoverable. Regardless of encrypted data, the goal is to retrieve all readable data that is on the drive. Any recovered data will then be copied to a new location to either be read directly or decrypted by the client.
In some cases where the entire drive is encrypted, Ontrack works with the client in getting the password or key to decrypt the drive. When approached with requests for recoveries where the keys have been lost or a password has been forgotten, we typically do not attempt these types of recoveries and refer back to the software provider.
Ontrack’s goal is to recover the client’s data as quickly as possible. Redirecting our energy towards recovery and not focusing on ‘cracking’ or forcing a decryption of the data by using a brute-force method helps in our reaching this goal. Especially given the probability the data has been encrypted by means of one of the above advanced algorithms, directing the client work directly with the company that designed the software is in the best interest of the client.
For example, a user was implementing strong file encryption on some files when the software stopped working during the encryption process. The file was encrypted but since the operation did not complete, the file was unusable. When the user called the software company for help they told him that there was nothing that could be done. The user asked if there was a ‘back-door’ or a master password to get to the file and the company responded that by providing such a mechanism, they could not guarantee the security of the file and that would defeat the purpose of their software.
The lesson here is that using encryption on files requires that the key used to encrypt the data is kept safe, perhaps stored somewhere else. If something happens during the encryption process and the decryption key is not produced or is lost, then the data that was encrypted may be completely unusable.
Corrupted data falls into a different category. This is where the hard drive is fine, but for some reason the encrypted data is not written correctly to drive. This can happen with hardware or software encryption methods. The best way to ensure the validity of the data that you or your clients are encrypting is to have a regular backup scheme.
Ontrack specialises in recovering data from all types of storage media and has successfully completed a number of recoveries where the data was encrypted. If the data is encrypted, we work with the end user to either return the recovered data on a new drive or will use the end user’s password to decrypt the data and copy it out.
Whatever you or your client’s data loss situation is, call Ontrack Data Recovery for a consultation. Even in situations where data has been encrypted, Ontrack will work to get back your valuable information. If you have a technical client or situation, you can request an engineer to be present on the consultation call. Ontrack has had excellent results in dealing with all sorts of data loss situations. When you or your clients need the experts, call Ontrack.
References
More about Cryptography: http://www.rsasecurity.com/rsalabs/node.asp?id=2155
Topics in Cryptography: http://en.wikipedia.org/wiki/Topics_in_cryptography
Rotary Encoding Enigma Machine: http://cnm.open.ac.uk/projects/stationx/enigma/
Enigma machine story: http://en.wikipedia.org/wiki/Enigma_cipher
NIST Computer Security Home Page: http://csrc.nist.gov/
NIST Approved Encryption Schemes: http://csrc.nist.gov/cryptval/des.htm
PGP-Encryption Overview: http://www.pgp.com/library/whitepapers/index.html#cryptography
PGP-Backdoor: http://www.philzimmermann.com/EN/faq/index.html
Skipjack Overview: http://www.cs.georgetown.edu/~denning/crypto/clipper/SKIPJACK.txt
Bitpipe Data Encryption – Vendor White Papers: http://www.bitpipe.com/rlist/term/Data-Encryption.html
Bitpipe Data Encryption – Vendor Product Review: http://www.bitpipe.com/plist/term/Data-Encryption-Software.html
