Thursday, October 26, 2006

Lock Up Your Valuables

If you're going to keep backups of your important information, it only makes sense to protect those backups. This is doubly true if you're storing your backups off site. If you have your backups on the internet, this is a no-brainer. The best way to do this is to put the data in some kind of container that is locked away digitally. No one can see through the container, and nobody can open it without the key. In the digital world, this is accomplished by encryption.

There are several types of stored data encryption software, from FOSS to Top Secret; from mobile phone software to hardened enterprise appliances; from file-by-file to whole disk. Each of these types has its place in the world of Information Security. I will attempt to treat the most relevant ones here. Hopefully by the end of this post you'll know what encryption is, why it's important to encrypt your valuable data, and what the best method is for you.

Encryption and cryptography are much too broad to cover in depth here, but if you'd like to learn more about its history, it's details, and its uses, I recommend you start with the Wikipedia page and with Bruce Schneier's best known books, Applied Cryptography and Practical Cryptography. I haven't read either of these, but I have a decent idea of the principle ideas behind cryptography and encryption. I have neither the aptitude nor the desire to learn more about these fields. Here is a very brief explanation and history of cryptography and encryption, which may or may not be technically accurate (but it's close enough).

Cryptography is the use of codes or ciphers to transmit information between two parties in clear view in order to make the meaning of the message incomprehensible. Both parties must have a key to decrypt the code. This can be done by memorizing a substitution pattern, by using a physical device, by using a computer to keep track of the encryption and decryption code, by making use of a one-time pad, etc. Each of these has its advantages and disadvantages. As a general rule, usability comes at the cost of security. All cryptographic techniques can be broken by modern computers given enough time, but some are easier than others due to flawed implementation.

The earliest cyphers were simple letter or word substitute cyphers, such as replacing each character with a number or letter. Julius Caesar used a cipher named after him which relied on both parties having a cylinder of equal size -- a physical decryption key of sorts. Not a whole lot happened until the advent of basic computers -- in the mid 1800s by Charles Babbage! But during World War II, the use of cryptography (and cryptanalysis) really took off. The most famous bits of cryptography during this era were the Enigma machine and the Polish mathematicians' breaking of this (by hand, no less), the American decoding of the Japanese diplomatic and, after Pearl Harbor, tactical encryption, and the American Marines' use of Navajo "Code Talkers" to relay messages to and from the front lines. Modern powerful multipurpose computing machines have ushered in the age of Modern Cryptography and its various methods and techniques for encryption.

Now that the obligatory background information, we can start on the meat of the post. I find that it is best to think of encryption software by its functionality. What does the software do and how can that be useful? In this sense, there are three categories of stored data encryption: file level encryption, file vault encryption, and whole disk encryption. Note that I will not be discussing cryptographic protocols, such as SSL/TLS, for securing data as it crosses a network.

File level encryption or filesystem level encryption is a method of encrypting individual files on a disk. Usually this requires the user to manually select to encrypt a file. Some software allows the user to specify that a directory in its entirety is encrypted, including new documents created or put into this directory. Windows uses the Encrypting File System (EFS), and OS X uses their FileVault. Each of these automate decryption when the user logs into the computer. However, this means that anyone who has access to this login has access to the sensitive files. It also makes transporting the files encrypted a challenge: they are decrypted in transit, but are difficult to copy when encrypted (or rather, they are difficult to decrypt after they have been moved when encrypted). Other programs can be used which can overcome the latter difficulty, but which do not solve the first one and may not provide the same ease of use as the integrated products.

What I call "file vault encryption" others call "disk encryption". I think this is easily confused with "full disk encryption" so I will continue to use my terminology, despite the possible confusion with Apple's FileVault. Whatever you want to call it, file vault encryption creates a single file in which all data is stored encrypted. Typically the software will mount this file as an additional hard drive in your computer, making access to the data easy. This type of encryption is very easy to transfer to another computer or to medium -- you just copy the single file. However, it typically requires entering a secondary password after logging into the computer.

Full disk encryption or whole disk encryption usually refers to encrypting the entire boot device. This ensures that all of the data on the disk will be encrypted, including temporary files, working files like the ones Microsoft Word creates, and the scratch disk or virtual memory. Encrypting all of this data is most appropriate for mobile computers which are likely to be lost or stolen. However, this security costs performance. Also, once the user logs into the computer, all files are copied and transmitted unencrypted. In addition to the fact that transporting the data requires additional encryption, if the hard drive is damaged or if the boot sector is overwritten, the data is essentially irretrievable.

Of these three types, each has its proper use. The least useful type of stored data encryption of the three is the file level encryption. It offers the fewest benefits with the highest risks. In fact, I would argue that it is completely useless in comparison with file vault encryption, which performs many of the same functions with the added bonus of transportability. In addition, the fact that the vault is mounted to a drive letter clearly delineates which data is encrypted and which data is not encrypted. Full disk encryption should be used anywhere the risk of computer theft or loss is moderate, in addition to some high security environments. And some form of encryption should be used on all backed up data.

Of the many dozens of attacks where personal information has been lost, it is unclear how many were preventable by encrypting the data. However, it is a good bet that every lost or stolen laptop or backup tape would have yielded no data if proper encryption methods had been used. And many of the hacking incidents may have been preventable if the sensitive information had been encrypted properly. While it may seem costly for a company to implement, the encryption software and practices cost hardly anything compared to an incident like the Department of Veteran's Affairs suffered.

The take away lesson here is to keep your important stuff protected. It's not enough to just keep it in a safe place, you should keep it in a secure place. Whether that is a safety deposit box at your bank, a safe in your home, or a vault at Ft. Knox, you can't afford to let your valuables just sit around unprotected. How cheap it would seem in retrospect to buy a safe than to try replacing a family heirloom after it is stolen.

No comments: