Monday, 28 December 2015

Confidential Data Storage and Deletion

Abstract

With the decrease in cost of electronic storage media, more and more sensitive data gets stored in those media. Laptop computers regularly go missing, either because they are lost or because they are stolen.These laptops contain confidential information, in the form of documents, presentations, emails, cached data, and network access credentials. This confidential information is typically far more valuable than the laptop hardware, if it reaches right people. 
There are two major aspects to safeguard the privacy of data on these storage media/laptops: 
  • First, data must be stored in a confidential manner. 
  • Second, we must make sure that confidential data once deleted can no longer be restored.
Various methods exist to store confidential data such as encryption programs, encryption file system etc. Microsoft BitLocker Drive Encryption provides encryption for hard disk volume and is available with Windows Vista Ultimate and Enterprise editions. This blog describes the most commonly used encryption algorithm, Advanced Encryption System (AES) which is used for many of the confidential data storage methods. This seminar also describes some of the confidential data erasure methods such as physical destruction, data overwriting methods and Key erasure.
Traditional methods for protecting confidential information rely on upholding system integrity. If a computer is safe from hackers and malicious software (malware), then so is its data. Ensuring integrity in today’s interconnected world, however, is exceedingly difficult. 
There are two major components to safeguard the privacy of data on electronic storage media:
  •  First, the data must be stored confidentially without incurring much inconvenience during normal use. 
  • Second, data must be removed from the storage medium in an irrecoverable manner, at the time of disposal.

Introduction

The general concept of secure handling of data is composed of three aspects:
  •  Confidentiality 
  •  Integrity
  •  Availability
Confidentiality involves ensuring that information is not read by unauthorized persons. Using encryption to store data or authenticating valid users are examples of means by which confidentiality is achieved. 
Integrity ensures that the information is not altered by unauthorized persons. Storing a message authentication code or a digital signature computed on encrypted data is a way to verify integrity. Availability ensures that data is accessible when needed. Having multiple servers withstand a malicious shutdown of a server is one way to improve availability.
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The unreadable text created is known as cipher text.The reverse process is known as decryption. 
There are two basic techniques for encrypting information: 
  • symmetric encryption (also called secret key encryption)
  •  Asymmetric encryption (also called public key encryption).
 Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys-a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key. Here, we do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.

Advanced Encryption Standard (AES):

In cryptography, the Advanced Encryption Standard (AES) is a symmetrickey encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analysed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26. There are three versions of AES with 10, 12 and 14 rounds. The key size can be 128, 12 or 256 bits depending on the number of rounds. General design of an AES encryption cipher.
AES uses five units of measurements to refer to data: bits, bytes, words, blocks and stateBit is a binary digit with a value of 0 or 1.Byte is a group of 8 bits that can be treated as a single entity, a row matrix (1 x 8) of 8 bits. A word is a group of 32 bits that can be treated as a single entity, a row matrix of 4 bytes. A block is a group of 128 bits. AES encrypts and decrypts data blocks. AES uses several rounds in which each round is made of several stages. Data block is transformed from one stage to another. At the beginning and end of the cipher, AES uses the term data block; before and after each stage, the data block is referred to as a state.

Sub Bytes

The first transformation, Sub Bytes is used at the encryption site. To substitute a byte, we interpret the byte as two hexadecimal digits. The left digit defines the row and the right digit defines the column of the substitution table. The two hexadecimal digits at the junction of the row and the column are the new byte. In the Sub Byte transformation a state is treated as a 4 x 4 matrix of bytes. Transformation is done one byte at a time. The content of each byte is changed, but the arrangement of bytes in the matrix remains the same. Fig 4. shows this idea.
Microsoft Bit Locker is not a software-only technology. Every software-only solution is vulnerable to software-only attacks. BitLocker makes use of the TPM security chip which will be incorporated in most PCs in the near future. The TPM is a tamper-resistant chip mounted on the motherboard. Though the TPM has many functions, BitLocker uses only a few basic ones. The TPM keeps several Platform Configuration Registers, or PCRs. At power-up the PCRs are set to zero. PCRs are only modified by the extend function which sets a PCR to the hash of its old value and a supplied data string. We can think of a PCR as a hash over all the data strings provided in extend function calls for that PCR. There is no other way to set the value of a PCR, so if a PCR has value x after a sequence of extends, then the only way to reach the value x again is to perform the exact same sequence of extends after a power-up.

No comments:

Post a Comment