• Title/Summary/Keyword: Whole Disk Encryption

Search Result 4, Processing Time 0.02 seconds

The Research for Digital Evidence Acquisition Procedure within a Full Disk Encryption Environment (Full Disk Encryption 환경에서 디지털 증거 수집 절차에 관한 연구)

  • Jang, Sung-Min;Park, Jung-Heum;Pak, Chan-Ung;Lee, Sang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.39-48
    • /
    • 2015
  • As a growing number of people are concerned about the protection of personal information, the use of encryption solution has been increased. In addition, with the end of support for Windows XP and the improvement of operating system, the use of the Full Disk Encryption solution like Bitlocker will be increased. Therefore, it is necessary to consider countermeasures against Full Disk Encryption for the future digital forensic investigation. This paper provides the digital evidence acquisition procedure that responds to the Full Disk Encryption environment and introduces the countermeasures and detection tool against Full Disk Encryption solutions that are widely used.

A kernel memory collecting method for efficent disk encryption key search (디스크 암호화 키의 효율적인 탐색을 위한 커널 메모리 수집 방법)

  • Kang, Youngbok;Hwang, Hyunuk;Kim, Kibom;Lee, Kyoungho;Kim, Minsu;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.931-938
    • /
    • 2013
  • It is hard to extract original data from encrypted data before getting the password in encrypted data with disk encryption software. This encryption key of disk encryption software can be extract by using physical memory analysis. Searching encryption key time in the physical memory increases with the size of memory because it is intended for whole memory. But physical memory data includes a lot of data that is unrelated to encryption keys like system kernel objects and file data. Therefore, it needs the method that extracts valid data for searching keys by analysis. We provide a method that collect only saved memory parts of disk encrypting keys in physical memory by analyzing Windows kernel virtual address space. We demonstrate superiority because the suggested method experimentally reduces more of the encryption key searching space than the existing method.

UTrustDisk: An Efficient Data Protection Scheme for Building Trusted USB Flash Disk

  • Cheng, Yong;Ma, Jun;Ren, Jiangchun;Mei, Songzhu;Wang, Zhiying
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.4
    • /
    • pp.2276-2291
    • /
    • 2017
  • Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

Securing Sensitive Data in Cloud Storage (클라우드 스토리지에서의 중요데이터 보호)

  • Lee, Shir-Ly;Lee, Hoon-Jae
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.04a
    • /
    • pp.871-874
    • /
    • 2011
  • The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.