File Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb

Similar documents
Encrypting external USB drive on Linux

Authentication. Steven M. Bellovin January 31,

Authentication. Steven M. Bellovin September 26,

Protecting and Archiving usernames & passwords

Sophos Central Device Encryption. Administrator Guide

Super USB. User Manual. 2007, March

Symantec Encryption (PGP) Installation Guide

How To Encrypt a Windows 7, 8.1 or 10 laptop or tablet

Cryptographic Engineering

Linux CompactFlash Re-imaging Procedure. April

PGP Whole Disk Encryption Training

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

Encrypting stored data

Cryptographic Engineering. Steven M. Bellovin October 16,

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

BitLocker Encryption for non-tpm laptops

Vendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo

Authentication. Steven M. Bellovin September 16,

Fix Three Common Accounting Firm Data Vulnerabilities

MU2b Authentication, Authorization and Accounting Questions Set 2

Lab Install Windows 8

Yale Software Library

Software Vulnerability Assessment & Secure Storage

FAQ No Q: What should we know before we start Windows 10 upgrade?

Authentication. Steven M. Bellovin October 1,

Apple Exam 9L0-412 OS X Support Essentials 10.8 Exam Version: 6.3 [ Total Questions: 86 ]

Contents. Getting Started...1. Managing Your Drives...9. Backing Up & Restoring Folders Synchronizing Folders...52

Linux Manually Mounting External Hard Drive Mac Terminal

How to Dual-Boot OS X and Ubuntu

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Veeam Endpoint Backup

Mac Os X Manually Mounted Usb Drive Read Only

JetFlash User s Manual

Mac Os X Single User Mode Mount Usb Drive

9L0-412 Q&As. OS X Support Essentials 10.8 Exam. Pass Apple 9L0-412 Exam with 100% Guarantee

System Requirements for Mac OS X Clients. Download View Client Package. **Take note: This guide is not a detailed step by step guide.

Setting up a Chaincoin Masternode

Chapter 1: Please follow these steps below.

Keys and Passwords. Steven M. Bellovin October 17,

VIRTUALBOX UBUNTU EBOOK

WipeDrive Home 9. IMPORTANT! PLEASE READ CAREFULLY:... 3 General Information... 3 WipeDrive Overview... 3 System Requirements...

10 Hidden IT Risks That Might Threaten Your Business

U-Storage User s Manual. Version 2.3

COMP091 Operating Systems 1. File Systems

This option lets you reset the password that you use to log in if you do not remember it. To change the password,

WINDOWS 7 BITLOCKER DRIVE ENCRYPTION

Windows Xp Installation User Manually Create Bootable Usb Flash Drive

SSH and keys. Network Startup Resource Center

Protecting your data with Windows 10 BitLocker

CeBIT Preview January Make the cloud a safer place

UNIVERSITY OF EXETER BITLOCKER USER GUIDE

Format Hard Drive After Install Ubuntu From Usb External

Security Enhancements

2018 By: RemoveVirus.net. Remove A Virus From Your PC In 5 Simple Steps

How to Create a Bootable OS X Yosemite Installer Disk in 2 Steps

IRONKEY D300S SECURE USB 3.0 FLASH DRIVE

Intel and Symantec: Improving performance, security, manageability and data protection

Install and Configure Ubuntu on a VirtualBox Virtual Machine

BitLocker to Go: Encryption for personal USB

SafeGuard Enterprise. user help. Product Version: 8.1

Tiger Box Firmware Version 2.5 Release Notes

Quick Guide. Full Install on Hog 4 OS Consoles Jan 4, 2017

EZ Drive USB Flash Disk

Spectrum Business Cloud Backup Quick Start Guide

Problem Overhead File containing the path must be read, and then the path must be parsed and followed to find the actual I-node. o Might require many

Manual Format Flash Drive Mac Os X Lion Startup

SafeGuard Enterprise user help. Product version: 8.0

Uses of Cryptography

Apple EXAM - 9L OS X Support Essentials 10.9 Exam.

06 May 2011 CS 200. System Management. Backups. Backups. CS 200 Fall 2016

USER GUIDE WWPass Security for (Thunderbird)

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Veeam Endpoint Backup

Seven secrets to making the most of your computer system. Chris Jeffery Proprietor/Chief Guru CyberGuru

Os X Manually Mount Usb Drive Command Line Afp

Linux Manually Mount External Hard Drive Ntfs 3g Could Not

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

Programming Project #1

How To Delete And Reinstall Mac Os X Mountain Lion Without Losing Data

Linux Manually Mount External Hard Drive Ntfs-3g Could Not

Forensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation

A practical guide to IT security

Boot Camp Installation & Setup Guide

Manually Mount External Hard Drive Win 7 Not Showing Up

Manual Format Flash Drive Mac Os X Lion Bootable Usb

SafeGuard Easy Demo guide. Product version: 6 Document date: February 2012

Partition External Hard Drive Without Losing Data Mac Os X

SafeGuard Easy Demo guide. Product version: 6.1

External Home Folder. By: KenTheFurry GPG Key: 83D5C1D0

Apple Exam 9L0-408 Mac Integration Basics 10.8 Exam Version: 6.0 [ Total Questions: 74 ]

securing a host Matsuzaki maz Yoshinobu

Hosted Acronis Backup Cloud. Keep your data safe with our cloud backup service, powered by Acronis

Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 7 Application Password Crackers

Administering FileVault 2 on OS X Mountain Lion with the Casper Suite. Technical Paper Casper Suite v9.0 or Later 7 January 2015

ACRONIS TRUE IMAGE 11 HOME REVIEWER S GUIDE

-: Ronak Patel (Gozariya) :Windows XP installation

Full Disk Encryption. Larry Carson, Associate Director, Information Security Management

Home Computer and Internet User Security

Transcription:

File Encryption Steven M. Bellovin https://www.cs.columbia.edu/~smb

Why Encrypt Files? Theft of files Theft of media Theft of computer Cloud storage? I.e. Someone else s computer 1

Issues with File Encryption Suppose we want to use crypto to protect files. Now what? What to encrypt? Where should keys be stored? What is the tradeoff between availability and confidentiality? 2

Bad Reasons and Good - Is there a flaw in the operating system s protection mechanisms? Why can t the OS keep bad guys from the file? - You don t trust the system administrator? Can the sysadmin steal the decryption key? ü The files are on a laptop, which might be stolen ü The files are on removable media (CD, flash drive, etc.) ü Avoid concerns when discarding drives ü Cloud-based file system? 3

Limitations of File or Disk Encryption Doesn t protect against on-machine threats, including malware How are keys stored or entered? What happens if you lose the key? 4

How Do You Enter a Key? Type it in to a window? Malware can sniff the keystrokes External keypad Where would you put one on a laptop? Not much room on a flash disk Can or will users type long-enough keys? Your host s key store? What if your host is compromised or seized? External smart card or equivalent? TPM? 5

Lost Keys If you lose the key (i.e., forget the passphrase), you lose access to the encrypted files For communication encryption, you can restart the session This is data at rest (also known as object encryption ); there s no negotiation of a key, and no way to restart You must have some form of key backup or key recovery For corporate use, there is often an administrator key 6

Encryption Options File at a time, perhaps manually A file system tree A disk or disk image Disk hardware 7

File at a Time Very fine-grained encryption: protect only what needs protecting Easy to use different keys for different data But Must remember to encrypt the files Not all applications have built-in support Easy to forget your key 8

Encrypted Directory Encrypt any subtree Best choice on Linux File sizes show through; length of file names show, also The equivalent of traffic analysis? Advantages Easy to do fine-grained keying Doesn t waste space in disk images 9

Encrypted Disk or Disk Image The most popular today No need for encryption options in every program No need for the user to remember to encrypt Hides file sizes and other metadata But: only one key per partition; all users share that key 10

Hardware Options Some flash drives and hard drives do encryption in hardware Even for desktops, eliminates need to erase disk before discarding Check your vendor carefully; some have done it wrong: http://www.zdnet.com/blog/hardware/encryptionbusted-on-nist-certified-kingston-sandisk-andverbatim-usb-flash-drives/6655 Actual disk key is usually randomly generated; usersupplied pass phrase is used to encrypt the key 11

Encrypted Disks: Mac OS 12

Encrypting a Disk on Existing Mac OS When you erase the drive, select Encrypted To encrypt an existing disk (Mountain Lion), go to finder For Lion, use diskutil 13

Encrypting a Mac Disk Image You can encrypt disk images, too Note the option to store the newly-created key in your keychain What is your threat model? This is a good choice for cloudresident images 14

Encrypted Disk Images on Linux # Installation $ sudo apt-get install encfs fuse-utils $ sudo modprobe fuse # Add yourself to the group $ sudo adduser <your username> fuse # Create the directories $ mkdir ~/ciphertext ~/plaintext # Create it or mount it $ encfs ~/ciphertext ~/plaintext # To unmount $ fusermount -u ~/plaintext 15

Bitlocker on Windows You need TPM to encrypt your boot drive 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback