file system and full volume encryption n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
File System and Full Volume Encryption PowerPoint Presentation
Download Presentation
File System and Full Volume Encryption

Loading in 2 Seconds...

play fullscreen
1 / 7

File System and Full Volume Encryption - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

File System and Full Volume Encryption. Sachin Patel CSE 590TU 3/9/2006. Encrypting File System. Protects sensitive data on computers and laptops from physical theft. Encryption at a lower level that all applications can use. EFS introduced in Windows 2000 Tied to the NTFS file system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

File System and Full Volume Encryption


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006

    2. Encrypting File System • Protects sensitive data on computers and laptops from physical theft. • Encryption at a lower level that all applications can use. • EFS introduced in Windows 2000 • Tied to the NTFS file system • Encrypt individual files or folders

    3. Encrypting File System • Data encrypted with symmetric file encryption key (FEK) • DESX, 3DES, AES • Cipher block chaining • FEK encrypted with user’s public key (RSA) • Multiple users • Recovery Agent in case user private key lost Key Entry:

    4. EFS Security Issues • On standalone system, all keys that protect the private key potentially on hard disk • EFS Private key  Master key  Password key  Syskey • Recommend removing syskey from system with floppy or password • Smartcard support planned for Vista • Can’t encrypt system files, registry, file name, or page file • Allows attacker to boot system • File names can reveal information • Page file might accidentally store sensitive data

    5. Full Volume Encryption • Encryption at the block driver level underneath file system. • Everything in the volume is encrypted. • BitLocker in Vista • BitLocker takes advantage of Trusted Platform Module (TPM) • Top level root key sealed in TPM • Root key encrypts disk encryption key, which encrypts sector data

    6. BitLocker • Secure Startup • Ensures boot integrity of the Windows volume before unsealing root key. • Verifies none of the boot code or critical system files have been tampered with offline. • Taking measurements of critical information at each step of the boot process. • Compare hash of measurements to hash of known secure system. • Recovery mechanism – removable storage or password • BitLocker and EFS not mutually exclusive • BitLocker can protect system volume and root keys. • EFS can provide file granularity and multiple user control.

    7. Questions?