Sponsored Links
This presentation is the property of its rightful owner.
1 / 10

UWDiskCrypt PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

UWDiskCrypt. Erick Engelke Director, Engineering Computing erick@uwaterloo.ca January 10, 2010. Need. Policy 8 – Information Security On servers we restrict logical access to data, physical access to hardware – data is relatively safe

Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript



Erick Engelke

Director, Engineering Computingerick@uwaterloo.caJanuary 10, 2010



  • Policy 8 – Information Security

  • On servers we restrict logical access to data, physical access to hardware – data is relatively safe

  • Laptops (and desktops) often contain restricted information

  • Using boot CDs, one can easily read information on a stolen laptop

  • Data deletion at laptop surplus time



  • Host all data only on servers, like the GAP

    • Requires highspeed internet access

    • Readonly is more easily achieved

    • Read/Write access on Terminal Servers

    • Hosted Office (like GoogleDocs) would help

  • Data Encryption on laptops

    • Safeguard data against stolen or surplused laptops

    • Bitlocker on some Windows

    • Commercial, pricey – limited to their features

    • Open source – TrueCrypt, DiskCryptor

      • lacks some features

Key escrow

Key Escrow

  • Key escrow is an arrangement in which keys to decrypt encrypted data are held in escrow

  • Under certain circumstances, an authorized third party may gain access to those keys

  • In our case, the laptop ‘owner’ should also be able to recover a forgotten password



  • Vista and Windows 7 – upper level licenses

  • Not available on Windows of most laptops

  • upgrade laptops to Win7 Enterprise, replace existing OS, lose vendor features , driver mess

  • Key escrow requires laptops join domain first

  • Key escrow does not appear to work when off-site

  • Win 7 Ent. uses lots of disk space, bad for NetBooks



  • Open source, free

  • Supports all recent versions of Windows, Mac, Linux

  • Good encryption – CIA can’t crack it yet

  • Options – encrypt disk drive, partition, logical volume, memory stick

  • GUI is a little messy

  • No key escrow

  • Weird licensing restrictions – cannot distribute modified source



  • Open source, free, modifiable

  • GNU license is very compatible with our needs

  • Supports all recent versions of Windows but NOT Mac, Linux

  • Good encryption

  • Options –partition, CD/DVD, memory stick

  • GUI is a pretty nice, source is very nice

  • No key escrow



  • Added key escrow to TrueCrypt, DiskCryptor

  • 32 bit / 64 bit code added to program

  • Uses IE and SLL to communicate with campus web server

  • PHP code there stores password in MySQL DB

  • User can use web to recover own password

  • Would benefit from PKI

  • Can be modified for our needs



  • Program errors

    • number of diskcryptor clients reduces this likelihood

    • BIOS can be problems with any product

  • Key leakage at server

    • would reduce security to present levels at worst

    • Can use public key if we want to remove decrypt key from server

  • Works with existing clients, but is it futureproof?

    • Is Anything? We have had a good track record in EngComp

    • If we decide to switch, decrypt disk, then encrypt with new product, no risk just time spent

    • Open source lets us upgrade on our timetable, avoid licensing driving us

    • Free to add functionality or remove annoying “features”

    • Source is available, expertise exists in the cloud, not just local

    • Buying Oracle doesn’t mean we can use Win7 or IE8, every vendor is slow

  • Login