Академический Документы
Профессиональный Документы
Культура Документы
Vittorio Giovara
1 Introduction 3
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Basics of File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2.1 Files and Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2.2 Disk partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.3 Master Boot Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.4 Loop Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Modern Techniques 5
2.1 Full Disk Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Virtual Disk Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Volume Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4 File/Folder Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5 Other Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3 Solution Analisys 8
3.1 Possible Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.1 Advantages/Disadvantages Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2 Cryptoghaphic Concerns and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3 Authentication Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.4 Selection Aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Bibliography 20
A Test script 21
1
List of Tables
4.1 Volume Encryption perfomance test #1 (one file from single bytes). . . . . . . . . . . . . . . 14
4.2 Volume Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . . . . . . . . 14
4.3 Volume Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . . . . . . . . 14
4.4 Volume Encryption perfomance test #4 (multiple files from single bytes). . . . . . . . . . . . 15
4.5 Volume Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). . . . . . . . 15
4.6 Volume Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). . . . . . . . 15
4.7 Virtual Disk Encryption perfomance test #1 (one file from single bytes). . . . . . . . . . . . . 16
4.8 Virtual Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . . . . . 16
4.9 Virtual Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . . . . . 16
4.10 Virtual Disk Encryption perfomance test #4 (multiple files from single bytes). . . . . . . . . . 16
4.11 Virtual Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). . . . . 17
4.12 Virtual Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). . . . . 17
4.13 Full Disk Encryption boot time test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.14 Full Disk Encryption perfomance test #1 (one file from single bytes). . . . . . . . . . . . . . . 17
4.15 Full Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes). . . . . . . . . . 18
4.16 Full Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes). . . . . . . . . . 18
4.17 Full Disk Encryption perfomance test #4 (multiple files from single bytes). . . . . . . . . . . . 18
4.18 Full Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes). . . . . . . 18
4.19 Full Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes). . . . . . . 19
2
Chapter 1
Introduction
focus on the current theories and actual implementations of the storage encryption
T HIS DOCUMENT WILL
technology. A brief introduction to the problem of securing data on hardware devices will be provided,
along with some basics about file storage techniques, in order to fully understand the main issues. Afterwards
this document will present the main solutions analizing the advantages and disadvantages of each one, taking
in consideration encryption and authentication concerns. Finally some related open source programs.currently
available will be showed, testing the performance impact of each adopted solution.
1.1 Overview
Due to the pervasive presence of computer systems in every aspect of modern life, there has been mayor concern
regarding the protection and confidenciality of data and information stored in hardware devices, such as hard
disks, USB drives, portable CD/DVD and memory cards. Malicious actions can be performed in order to obtain
access to sensitive data and commit identity theft, industrial secrets disclosure, fraud and privacy violation in
general.
To avoid unauthorized access to private information it has been suggested to adopt symmetric encryption
(quickier than asymmetric encryption for large quantities of data) on such devices, making impossibile to
dispose of such data without proper authentication and proper access rights. This way data is protected from
unauthorized read even in case of loss of device.
Encryption is very effective, as it can be applied to single files (granularly) or to the whole volume, but
its introduction can cause some disadvantages, like backup problems, recovery of lost keys, operating system
integration, performance impact and centralized management drawbacks.
3
1.3 Solutions 4
1.3 Solutions
As reported by [1], the most commonly found solutions for storage encryption are:
• File/Folder Encryption
Ii is possible to implement nested solution or use other available systems. The following chapter (§2) will
describe the operational behaviour of each system alogn with other possibile solutions, while for a more detailed
analisys, please consult §3.
Sometimes Virtual Disk/Volume Encryption is referred as on-the-fly encryption because files are immedi-
ately accessibile after authentication and the virtual disk is mounted with physical drive emulation.
Chapter 2
Modern Techniques
Figure 2.1: Boot sequence for Full Disk Encryption (orginal image at [1])
Full disk encryption is very effective when the device is lost or when the computer is off, as there is no
way for data to be disclosed without proper user authentication, but it is very weak in respect to other storage
encryption solutions because when the computer is on and the operating system is loaded it doesn’t offer any
kind of security or confidenciality at all.
On the other hand, this method is very well supported by operating systems, since the encryption is traspar-
ent to them, even if modifying the Master Boot Record can generate trouble in dual or multi boot systems (a
computer with two operating systems or more). The Master Boot Record is usually checked for integrity at
the Pre Boot Environment, so it is not possibile to modify it without proper tools. There are some hardware
implementations that, thanks to additional unremovable disk controllers for key and password storage, preserve
the Master Boot Record; however they have received poor interest from the market as they cannot be managed
centrally and require physical presence for any operation..
The delay and overhead brought by the encryption/decryprion process is tangible only at boot time and
when dealing with very large files.
5
2.2 Virtual Disk Encryption 6
offers additional security as it is possible to nest different protection measures and tell apart the important data
from the user data; since virtual machine are single files it is very easy to make backups.
One final solution consists in forbidding the storage of sensitive information on any device. This is per-
formed in several ways:
• Adopting a terminal/client environment, so data can be secured directly on the mainframe and accessed
only after user authentication;
• Accessing sensitive data only through secure applications, for example using a web portal to gather and
manipulate data over a secure SSL channel (in which it’d be convenient to authenticate both the server
and the client).
Chapter 3
Solution Analisys
AVING PRESENTED THE MAIN choices of Storage Encryption techniques, in this chapter will be presented
H a detailed analisys of general problems in adopting a solution and the theoretical and practical aspects of
the encryption process and authentication metodology.
+ Immediate data destruction, it is just needed to destroy the keys and data will be unreadable;
8
3.2 Cryptoghaphic Concerns and Management 9
File/Folder Encryption
+ Integrates perfectly with the operating system and the filesytem;
Updates and deploying One of the key factor for a secure storage environment is to keep software updated
and be able to deliver to the final users quickly;
Configuration As said before, there are many parameters to be configured, not only the algorithms and key,
but also some authentication settings (like files accesibile from differnt groups of users, admistrators and
single user);
Logs Many programs help to keep track of file access or password modification and having a centralized
managent system is necessary for fetching and saving such information;
Recovery Recovery keys when the main key is lost or damaged are stored on the centralized system in order
to always keep a safe copy for quick action. Sometimes it is possible to store backups of encrypted data
too;
Routine system management Just some control and checks over the running systems.
3.3 Authentication Issues 10
single sign-on Access granted via the credentials provided by the operating system;
token-code Single use codes, obtained from additional hardware, providing one time passwords;
token-code with unique password or PIN The union of the two previous factors.
It is possible to use either one-factor authentication or two-factor authentication systems; with the former
the authenticator usually grants access to the key used in actual decrypting while with the latter tipically one
factor gives access to another factor which is the one used in decrypting information; as [1] reports, a password
can be used to retrieve a key from a smart card and use that key to decrypt the storage encryption key. Clearly
two-factor authentication is much more secure and the acquisition of either factor doen’t cause the disclosure
of the encrypted data.
Another interesting aspect of the authentication process is when dealing with encrypted files accessible
from different multiple users. This seems to break the conventional rules of encryption algorithms, but actually
the implementation is very simple. The data is encrypted with just a single key which is put in a container or a
clear file; in either ways, the key is repetidely encrypted with as many keys as users. So when a user uses his
own password or key to access the data, that password is used to decrypt the ciphered key used in for real access
to data. This can prove to be delicate when the key needs updated, but thanks to centrally managed system the
process requires very little time for encrypting the main key several times and depoying the secondaray key to
the users.
it will be shown a set of the modern opensource implementations for storage en-
I N THIS FINAL CHAPTER
cryption systems; a compehensive list of all the storage encryption software is located at [6]. The analisys
will provide a description of the main features and some actual performance tests about the performance impact.
11
4.2 BestCrypt 12
4.2 BestCrypt
BestCrypt is one of the most used tools for storage encryption and one of the oldest program available (started in
1993). The sources are open for review, but the program is not free: there is a 30-day tryout before purchasing
a licence.
This software has more parameters of choice with respect to TrueCrypt as it has more encryption algorithms,
(like IDEA, CAST and GOST), more hashes for password (like MD5) and supports as many filesystems as the
operating system can (FAT, EXT2/3 and ReiserFS on Linux, FAT and NTFS on Windows). Another interesting
feature is that images created by different version of this program are compatible with each other.
• new to create a virtual disk or a block volume, with the -a option for selecting the cipher;
• format to format the container with the FAT filesystem (you can select others with the -t option);
it generates a subsystem for user authentication, aftet which the system is dynamically decoded and loaded.
Regarding this process there is very detailed guide at [7].
The syntax for cryptsetup is a little more complicated with respect to other solutions and there is
practically no wizard at all. When dealing with Volume Encryption in general it is necessary to add the prefix
luks to standard operation (open, mount, create) and to define the hash and cipher from command line (default
AES, RIPEMD-160). The filesystem supported are the same supported by the operating system in which the
container is created.
1. write 1 file of dimension 1B, 1kB, 10kB, 100kB, 1MB, 10MB with sequences of 1 byte;
2. write 1 file of dimension 1kB, 10kB, 100kB, 1MB, 10MB, 100MB, 1GB, 4GB with blocks of 1024 bytes;
3. write 1 file of dimension 100kB, 1MB, 10MB, 100MB, 1GB, 4GB with blocks of 4096 bytes;
4. write 100 files of dimension 1B, 1kB, 10kB, 100kB, 1MB with sequences of 1 byte;
5. write 100 files of dimension 1kB, 10kB, 100kB, 1MB, 10MB, 100MB with blocks of 1024 bytes;
6. write 100 files of dimension 100kB, 1MB, 10MB, 100MB with blocks of 4096 bytes.
4.4 Final Benchmarks 14
The tests for Full Disk Encryption were run on a Windows XP machine, Intel Pentium 4 HT 3,8GHz with
2 GB of RAM, 10000rpm 40 GB SATA disk with NTFS.
The tests for Virtual Disk/Volume Encryption were run on a Ubuntu Linux 7.10 machine, Intel Core 2 Duo
2,8GHz with 2 GB of RAM, 7200rpm 10 GB SATA disk. The filesystem adopeted for the tests was FAT so to
mantain a layer of compatibility among the different solutions.
Table 4.1: Volume Encryption perfomance test #1 (one file from single bytes).
XXX
X XX Software vfat TrueCrypt BestCrypt cryptsetup
File size
XXX
XX
1 kB 0,015 0,015 0,014 0,016
10 kB 0,015 0,015 0,015 0,016
100 kB 0,02 0,016 0,016 0,018
1 MB 0,03 0,28 0,032 0,034
10 MB 0,131 0,135 0,136 0,137
100 MB 1,2 1,4 3,688 5,168
1 GB 19,005 41,96 53,253 77,42
4 GB 48,899 156,476 200,418 421,747
Table 4.2: Volume Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XXX
X Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XX
XX
100 kB 0,028 0,026 0,015 0,017
1 MB 0,029 0,029 0,022 0,025
10 MB 0,101 0,088 0,104 0,093
100 MB 0,915 1,17 3,328 5,772
1 GB 32,044 39,585 39,592 133,961
4 GB 41,316 153,541 161,019 404,589
Table 4.3: Volume Encryption perfomance test #3 (one file from blocks of 4096 bytes).
4.4 Final Benchmarks 15
XXX
XXX Software
vfat TrueCrypt BestCrypt cryptsetup
File size
XXX
XX
1B 0,715 0,715 0,093 0,774
1 kB 1,354 1,559 1,683 1,324
10 kB 6,800 6,668 7,432 6,631
100 kB 55,231 54,039 55,318 60,418
1 MB 210,284 562,170 553,444 543,940
Table 4.4: Volume Encryption perfomance test #4 (multiple files from single bytes).
XXX
X Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XXX
X
1 kB 0,396 0,829 0,905 0,765
10 kB 0,398 0,731 1,019 0,831
100 kB 0,545 0,825 1,259 0,957
1 MB 2,485 3,090 5,492 5,757
10 MB 24,901 34,569 59,463 126,050
100 MB 158,549 694,73 452,373 1034,821
Table 4.5: Volume Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).
XXX
X Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XX
XX
100 kB 0,892 0,873 0,959 0,991
1 MB 2,461 2,192 6,560 5,260
10 MB 14,417 37,550 62,043 60,748
100 MB 143,273 425,355 391,263 968,217
Table 4.6: Volume Encryption perfomance test #6 (multiple files from blocks of 4096 bytes).
Conclusions
From the data of above it is possible to notice that the greatest overhead is tangible when dealing with files
greater than 100 MB. Most of the the slowness is due to the old architecture of the targe file system (FAT), but
for small files there actually no sensible performance loss. Instead for large files (over the gigabyte) the write
time is as much as 10 times greater, but generally is only three or four time slower.
Overall, the analized software performed quite well, sometimes even performing better than the plain
filesystem, but every solution has problems with large files: cryptsetup is the wrost when dealing with large
files, but on the other hand it performs slightly better than others for small files, especially sequential ones;
TrueCrypt sustained perfectly all the tests for single files, but was outdo by BestCrypt for handling sequential
files; moreover BestCrypt incredibly enhances the performance of file system for files generated by single bytes
of considerable dimension (10MB) most likely thanks to heavy buffer usage.
XX
XXX Software
XX vfat TrueCrypt BestCrypt cryptsetup
File size XXX
X
1B 0,016 0,019 0,009 0,015
1 kB 0,021 0,021 0,018 0,022
10 kB 0,076 0,074 0,070 0,069
100 kB 0,567 0,554 0,516 0,563
1 MB 5,389 5,610 5,359 5,229
10 MB 54,261 45,882 27,297 30,505
Table 4.7: Virtual Disk Encryption perfomance test #1 (one file from single bytes).
XXX
X Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XX
XX
1 kB 0,015 0,016 0,017 0,015
10 kB 0,015 0,016 0,016 0,017
100 kB 0,020 0,017 0,016 0,018
1 MB 0,030 0,034 0,031 0,028
10 MB 0,131 0,134 0,133 0,129
100 MB 1,200 4,541 5,354 9,605
1 GB 19,005 60,163 70,150 131,113
4 GB 48,999 256,588 286,357 504,603
Table 4.8: Virtual Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XX
XX Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XXX
X
100 kB 0,026 0,016 0,017 0,015
1 MB 0,029 0,025 0,023 0,024
10 MB 0,101 0,096 0,099 0,131
100 MB 0,915 4,550 5,514 15,981
1 GB 32,044 54,415 66,656 122,605
4 GB 41,346 261,346 264,723 439,648
Table 4.9: Virtual Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes).
XXX
X Software
XXX vfat TrueCrypt BestCrypt cryptsetup
File size XX
XX
1B 0,715 0,886 1,071 0,888
1 kB 1,354 1,558 1,511 1,946
10 kB 6,800 7,154 7,226 8,078
100 kB 55,231 56,646 56,108 58,125
1 MB 210,284 559,804 559,919 571,746
Table 4.10: Virtual Disk Encryption perfomance test #4 (multiple files from single bytes).
4.4 Final Benchmarks 17
XXX
XXX Software
vfat TrueCrypt BestCrypt cryptsetup
File size
XXX
XX
1 kB 0,396 0,843 0,944 0,830
10 kB 0,398 0,805 0,892 0,902
100 kB 0,545 1,057 1,122 1,156
1 MB 2,485 8,366 9,030 13,320
10 MB 24,901 69,124 86,329 118,151
100 MB 158,549 694,730 702,611 2422,278
Table 4.11: Virtual Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).
XXX
XXX Software
vfat TrueCrypt BestCrypt cryptsetup
File size
XX
XXX
100 kB 0,892 0,872 0,959 0,861
1 MB 2,461 7,871 6,560 11,762
10 MB 14,417 61,775 62,043 86,259
100 MB 143,273 681,704 699,120 1007,887
Table 4.12: Virtual Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes).
Conclusions
As stated before, the perfomance is heavily decreased even for small files, expecally sequences. The file size
threshold is again 100 MB, but this time the slowdown consists in 4 to 6 times for big files and up to 15 times
for sequential files with respect to a standard filesystem.
The charcteristics of the previous results are mantained: cryptsetup behaves better with small files but
is almost unusable with large ones, BestCrypt is fantastic for files generated by single bytes, and TrueCrypt
performs quite well in most cases.
Table 4.14: Full Disk Encryption perfomance test #1 (one file from single bytes).
4.4 Final Benchmarks 18
XXX
XXX Software
NTFS TrueCrypt BestCrypt
File size
XXX
XX
1 kB 0,069 0,070 0,068
10 kB 0,068 0,071 0,069
100 kB 0,074 0,076 0,073
1 MB 0,115 0,120 0,116
10 MB 0,540 0,560 0,551
100 MB 6,113 7,630 7,239
1 GB 60,042 61,478 60,621
4 GB 302,336 293,174 281,187
Table 4.15: Full Disk Encryption perfomance test #2 (one file from blocks of 1024 bytes).
XXX
XX Software
XXX NTFS TrueCrypt BestCrypt
File size XXX
100 kB 0,070 0,068 0,068
1 MB 0,088 0,093 0,090
10 MB 0,296 0,422 0,302
100 MB 6,369 6,340 5,534
1 GB 49,240 76,514 78,760
4 GB 192,774 300,575 292,575
Table 4.16: Full Disk Encryption perfomance test #3 (one file from blocks of 4096 bytes).
XXX
XXX Software
NTFS TrueCrypt BestCrypt
File size
XXX
XX
1B 3,165 3,310 3,216
1kB 6,976 6,875 6,853
10kB 41,742 42,013 41,870
100kB 390,910 391,540 389,477
Table 4.17: Full Disk Encryption perfomance test #4 (multiple files from single bytes).
It was not possible to run the 1 MB files test due to the excessive metadata information stored in NTFS file systems when generating
files from single bytes.
XX
XXX Software
XX NTFS TrueCrypt BestCrypt
File size XXX
X
1kB 2,938 3,100 3,039
10kB 2,973 2,735 2,279
100kB 4,971 3,504 3,454
1MB 7,730 7,947 7,743
10MB 53,159 55,867 59,974
100MB 704,645 737,143 727,411
Table 4.18: Full Disk Encryption perfomance test #5 (multiple files from blocks of 1024 bytes).
4.4 Final Benchmarks 19
XXX
XXX Software
NTFS TrueCrypt BestCrypt
File size
XXX
XX
100kB 3,191 3,258 3,252
1MB 5,291 5,679 5,580
10MB 32,397 33,947 34,130
100MB 684,864 728,103 717,615
Table 4.19: Full Disk Encryption perfomance test #6 (multiple files from blocks of 4096 bytes).
Conclusions
It is possible to notice that the overall performance is not heavily chocked: small and big files don’t suffer at all
from encryption, even sequential file write is not harmed, while only extremely large files are actually lightly
jeopardized.
BestCrypt performed really well in the tests and the operations for setting up the encrypted system were very
basic. Moreover this software supports memory and swap encryption and suits well in dual boot environments,
as it installs a bootloader of its own. Protection is very well performed and in addition, if someone types a
wrong password at PBA it is reported that there has been an attempt to access the computer.
On the other hand TrueCrypt performed a little worse than BestCrypt and during the set up process incom-
patibilies are likely to happen: for example there is no support for dual boot environments and the swap file is
not encrypted. However it integrates well with operating system as it perform several checks over the hardware
before starting the process and forces the user to create a rescue disk containing information about the backed
up the master boot record.
Bibliography
[1] K. Scarfone, M. Souppaya, M. Sexton, Guide to Storage Encryption Technologies for End User Devices,
NIST Special Pubblication 800-111, 2007
[2] A.Silberschatz, P. B. Galvin, G. Gagne, Operating Systems, Chapter 10-11, Pearson Addison-Wesley, VII
Ed., 2006
20
Appendix A
Test script
The tool for running the test was this simple shell script algon with the time utility:
#!/bin/bash
for ((i=0;i<$1;i++))
do
dd if=/dev/zero of=file.bin bs=$2 count=$3
done
The script requires three parameters: the first for the number of files to generate, the second for the block
size and the third for the final file size. During the tests the files generated were always deleted before timing,
so not to deal with overwriting times.
The program dd was used because it is very efficient for byte and block copy and /dev/zero was chosen
as source because it is faster than other (randomized) virtual devices.
21