Data security has become one of the biggest concerns among Internet users. News on data theft from websites has become common, now days. Although the websites have the responsibility to protect our data, there is a lot that we as end users can do for our own safety. Using strong passwords, encrypting computer hard disks and taking care to click on secured links are just a few examples. Hard disk encryption in particular is a critical security boost. Not only does it protect you against any Trojans attempting to leak your data all over the web, it also makes sure that you are protected against physical attacks.
Disk encryption is a technology, which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes into a disk. In other words, disk encryption prevents unauthorized access to data storage.
Why to use Disk Encryption?
Disk encryption ensures that files are always stored in the disk in an encrypted form. When the system is unlocked by a trusted user, the files will become available to the operating system and applications in a readable form. An unauthorized person looking at the disk contents directly will only find garbled random-looking data instead of the actual files.
This can prevent unauthorized viewing of the data when the computer or hard-disk is:
- Located in a place to which non-trusted people might gain access
- Lost or stolen, as with laptops, netbooks or external storage devices
- In the repair shop
Discarded after its end-of-life
In addition, disk encryption can also be used to add security against unauthorized attempts to tamper with your operating system. For example, the installation of Keyloggers or Trojan horses by attackers, who can gain physical access to the system, while you are away.
For the purposes of disk encryption, each block device (or individual file in the case of stacked filesystem encryption) is divided into sectors of equal length, for example 512 bytes (4,096 bits). The encryption/decryption then happens on a per-sector basis, so the n’th sector of the blockdevice/file on disk will store the encrypted version of the n’th sector of the original data. Whenever the operating system or an application requests a certain fragment of data from the blockdevice/file, the whole sector (or sectors) that contains the data will be read from the disk, decrypted on-the-fly, and temporarily stored in memory. In order to be able to de/encrypt data, the disk encryption system needs to know the unique secret “key” associated with it. Whenever the encrypted block device or folder in question is to be mounted, its corresponding key (called henceforth its “master key”) must be supplied. The entropy of the key is of utmost importance for the security of the encryption. A randomly generated byte string of a certain length, for example 32 bytes (256 bits), has desired properties but is not feasible to remember and apply manually during the mount.
For knowing more on different drive encryption techniques await for our upcoming blogs.