1 / 7

File System and Full Volume Encryption

File System and Full Volume Encryption. Sachin Patel CSE 590TU 3/9/2006. Encrypting File System. Protects sensitive data on computers and laptops from physical theft. Encryption at a lower level that all applications can use. EFS introduced in Windows 2000 Tied to the NTFS file system

nuala
Download Presentation

File System and Full Volume Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006

  2. Encrypting File System • Protects sensitive data on computers and laptops from physical theft. • Encryption at a lower level that all applications can use. • EFS introduced in Windows 2000 • Tied to the NTFS file system • Encrypt individual files or folders

  3. Encrypting File System • Data encrypted with symmetric file encryption key (FEK) • DESX, 3DES, AES • Cipher block chaining • FEK encrypted with user’s public key (RSA) • Multiple users • Recovery Agent in case user private key lost Key Entry:

  4. EFS Security Issues • On standalone system, all keys that protect the private key potentially on hard disk • EFS Private key  Master key  Password key  Syskey • Recommend removing syskey from system with floppy or password • Smartcard support planned for Vista • Can’t encrypt system files, registry, file name, or page file • Allows attacker to boot system • File names can reveal information • Page file might accidentally store sensitive data

  5. Full Volume Encryption • Encryption at the block driver level underneath file system. • Everything in the volume is encrypted. • BitLocker in Vista • BitLocker takes advantage of Trusted Platform Module (TPM) • Top level root key sealed in TPM • Root key encrypts disk encryption key, which encrypts sector data

  6. BitLocker • Secure Startup • Ensures boot integrity of the Windows volume before unsealing root key. • Verifies none of the boot code or critical system files have been tampered with offline. • Taking measurements of critical information at each step of the boot process. • Compare hash of measurements to hash of known secure system. • Recovery mechanism – removable storage or password • BitLocker and EFS not mutually exclusive • BitLocker can protect system volume and root keys. • EFS can provide file granularity and multiple user control.

  7. Questions?

More Related