Improving data confidentiality in personal computer environment using on line encryption
1. Improving Data Secrecy in Personal
Computer Environment Using On-line
Encryption
Damir Pehar
Faculty of Electrical Engineering and Computing, University of Zagreb
Unska 3, 10000 Zagreb, Croatia
damir.pehar@fer.hr
Damir Delija
University Computing Centre, University of Zagreb
Marohniæeva 11, 10000 Zagreb, Croatia
damir.delija@srce.hr
Abstract: Combined with the site and resource access controls, encryption forms the most
reliable mean of static data protection. This paper describes a crypto-disk on-line encryption
system. The system is aimed to improve data secrecy level available to PC users. The general
design philosophy is discussed as well as details related to secrecy evaluation.
Keywords: computer security, encryption, secrecy, crypto-disk, device driver, IDEA
1. INTRODUCTION
The electronic data processing has long since become an irreplaceable part of the modern
society. The importance of personal computing in data processing is growing steadily. The
personal computers are increasingly used for "individual data processing" or as a part of
various networks. The ultimate goals of the modern data processing are efficiency, flexibility
and increased productivity. However, there are many cases in which data processing must not
only be efficient but it also must provide a reasonable level of data confidentiality.
Sometimes, the most important aspect of information processing is not to endanger the
information security.
Regarding the data security, personal computers leave a lot to be desired. Due to their
architecture and operating system design, PCs are particularly vulnerable to unauthorised
access, manipulation and import or export of programs and data. PCs are widely deployed and
often used in environment where access is not monitored or recorded. Besides that, the
diskettes are shared among users, and networking is common practise. These operating
conditions facilitate uncontrolled data flow. Depending on the nature of processed data, the
lack of security may pose a serious problem. This article addresses one personal computer
security segment - the stored data secrecy problem. Furthermore, a method for secrecy
improvement through transparent encryption is discussed.
2. 2. THE ROLE OF ENCRYPTION IN DATA ACCESS CONTROL
The biggest risks for data security are the negligence, curiosity and ignorance of the users.
Statistically, the intentional data abuse is still a relatively insignificant threat. However, the
security can not rely on statistical results if there are possibilities of damage due to data abuse.
In other words, the nature of information and the sources of danger are the critical factors.
A good data access control system should have the power to deprive information from
unauthorised users even if they manage to break some site or system access barriers (if there
are any). This demand dictates the use of data encryption. The encryption should be
particularly interesting for the personal computer users because PCs, due to their hardware
and system software design, are intrinsically vulnerable to unauthorised access. Even if there
are some forms of system access control, it may be difficult to enforce strict control. On the
other hand, the most of the access controls available for the personal computer systems
prevent unauthorised person from starting up the system. Once the system is running, the
person who operates a PC has access to all resources. There are no possibilities for
differentiation among users or limitations on accessing program or data files.
Encryption can provide personal computer users with the level of data secrecy that can satisfy
even the most demanding requests. However, the site or system access control measures must
not be neglected. Ideally, encryption should be a security layer after the site or system access
controls. Encryption can not prevent data from being damaged or stolen. In a such case,
encryption does make data useless to unauthorised person, but sometimes a "pure" data loss
may implicate the damage comparable (or worse) to data abuse.
3. IMPLEMENTING ENCRYPTION
On a personal computer system, encryption can be implemented by software, or it can be
implemented through dedicated hardware device. The hardware-based solutions are generally
less demanding on the host CPU and offer faster encryption/decryption process. The software
solutions are usually more CPU demanding but less expensive. However, the final encryption
results are implementation independent for the same encryption algorithm used.
The software encryption can be implemented in different ways. For instance, encryption can
be application specific - it can represent an option built into particular software package.
Furthermore, there are dedicated encryption utilities that encrypts files. When user wants to
encrypt a file, he or she runs appropriate program. The program usually prompts user to enter
a password and performs encryption on the selected file. The encrypted file is a coded copy of
the original file, so some additional activities must be taken. As the most important step, the
original file must be erased using the safe file erasure procedures, because there is no point in
encrypted file existence while original is still in being on the same system. In many cases, file
encryption programs are not handy when greater file count is involved, especially if files are
scattered around the directory tree. Alternatively, encryption can be done on-the-fly. This task
can be performed by the operating system (less likely) or by a program closely linked to the
operating system (more likely). Such encryption is application independent and more
convenient for use. In this concept, encryption is done automatically - an extra step is added
to file system read and write calls.
4. IMPROVING SECRECY - OUR PROPOSAL
3. In order to improve the data secrecy level available to PC users we have developed and tested
an on-line encryption system. The system (called crypto-disk) is based on a symmetric key
block cipher encryption algorithm IDEA (International Data Encryption Algorithm). It is
implemented in software and available for DOS/Windows platforms. The design goal was to
develop a system that would be easy for use and that would offer a significant benefit in data
privacy area combined with a reasonable performance penalty.
4.a. How does it work ?
The core of a crypto-disk is a device driver program. Usually, device drivers are link between
software and hardware, but there are no reasons forbidding them to serve other purposes. In
fact, many drivers do not provide a service for real hardware devices, but instead they provide
support for some logical concept. Usually, the device drivers are the base of an abstraction
mechanism. They are part of an operating system architecture that provides applications with
device independent, high-level interface. In a such environment, the application requests are
submitted to the operating system through the use of an application programming interface
(API). The operating system analyses the request and, if necessary, calls the lower level
functions encapsulated in the device drivers using a different interface, the SPI (system
programming interface). Figure 1 illustrates the control flow scenario.
Crypto-disk works like a logical disk. Once properly installed, it forms up to four additional
(logical, virtual) disks on the system. These disks behave like normal disks but everything
transferred to them gets encrypted or decrypted (in a case of reversed data flow). Furthermore,
the encryption key (password) must be provided during the crypto-disk activation phase. The
encryption/decryption process is performed automatically by the crypto-disk driver. The
encrypted data is redirected to a file situated on some other disk (called host-disk). It can be a
psychical or logical disk but not another crypto-disk drive. Just like encryption/decryption
process, the data redirection is done "behind the scene".
The crypto-disk acts like an intermediate driver. Let us assume that an application has
requested write operation on a crypto-disk drive. In response, the operating system packs up
an application I/O request into a defined data structure and sends the packet to the driver that
corresponds to the device. In our example, the crypto-disk driver receives the package and
analyses its content. It extracts data address pointers and encrypts data in 512-byte chunks
(the disk sector size). The encrypted data is passed on to a driver responsible for the host disk
(the disk that contains a file where encrypted data will be stored) together with the modified
write request. In order to ensure correct execution, the crypto-disk emulates a part of the
operating system SPI functionality, so the host disk driver processes routed request without
knowing anything about the request traverse. Figure 2 illustrates the control flow in this case.
In read operation case, the situation is similar. The operation system submits an application
I/O request to the crypto-disk driver. The crypto-disk driver analyses the request and issues an
emulated SPI read operation request to the appropriate host disk driver. The host disk data is
redirected to crypto-disk working area, decrypted and eventually put at the operating system
disposal.
5. HOW SECURE IS IT ?
Basically, the system secrecy is ensured if a cryptoanalyst is not able to determine plaintext
data from available ciphertext, regardless of the possible means he or she might posses.
4. However, the security evaluation problem is not a trivial one. One may state that it is easier to
design a system, then to construct exact proofs about its strength. In the following discussion
we will concentrate on the evaluation of crypto-disk secrecy features.
5.a. The algorithm strength
The algorithm strength is the primary factor that determines the secrecy level. The crypto-disk
uses IDEA algorithm. This algorithm is developed by Xeejia Lai and James Massey in 1990.
It is a symmetric-key block cipher. The major factors that influence the strength of a block
cipher are key length, block size and resistance to cryptoanalysis methods other than brute
force attack. IDEA uses a 128-bit key and it operates on 64-bit data blocks. The detailed
description and evaluation of IDEA algorithm could be found in reference [Schneier]. The
algorithm is relatively new for definitive cryptoanalytic results. Generally, it is concerned to
be the best and the most secure block algorithm publicly available. It is certain that the brute
force attack against IDEA is beyond the capability of the most sophisticated hardware
feasible. However the brute force may not be the best way to attack the algorithm. Many
people have constructed and tried other types of attack, but there are no known cryptoanalytic
results against IDEA that would reveal any serious weakness. According to the current
knowledge, IDEA algorithm represents a very solid building block for a data security system.
It is difficult to anticipate all of the cryptoanalytic attacks that one might devise. In order to
make the cryptoanalysis even more harder the crypto-disk implementation uses a cipher block
chaining (CBC) technique. In brief, the CBC implementation uses a block of ciphertext to be
exclusive-ored with the next plaintext block. The result is then encrypted using the base
algorithm (IDEA). CBC offers improved protection against ciphertext insertions, deletions
and modifications. The CBC is described in reference [Denning].
5.b. The possible security holes
The crypto-disk security relies on the secrecy of the key used for data encryption. It is crucial
not to reveal the key, so it is undesirable to store the key "anywhere except in the user mind".
However, there has to be a mechanism for user key validation. For instance, it would be
disastrous for crypto-disk data integrity to allow crypto-disk write operations using the
mistyped key. The key validation mechanism works as follows: during the crypto-disk
formatting phase a data block is encrypted using a key obtained from the user. In this data
block, eight bits are pre-defined while the other bits are generated randomly. The result is
stored together with the other crypto-disk data. During the crypto-disk activation process the
same ciphertext is decrypted using a user provided key. The result is then checked for the pre-
defined bits. If they are found at the correct place, the key is considered valid.
It would be possible to disassemble the program and recover the pre-defined bits. By doing
this the cryptoanalyst would acquire a ciphertext of a partially known plaintext. This may not
lead to a known-plaintext attack, but there are other ways of obtaining the material for such
purpose. The structure of the crypto-disk file resembles the structure of the ordinary file
system. It contains directories, FAT tables, boot sector and other common structures. In
addition, there is a problem of regular appearance of the same structures in the data being
encrypted (file headers, executable formats and so on). All these structures gets encrypted so
there can be a lot of known plaintext-ciphertext counterparts to be examined by the
cryptoanalyst. Is this a security hole ? Without any doubt, it can facilitate the cryptoanalytic
5. efforts and it is worth mentioning. But, it will not be effective unless used in a still-
undiscovered way.
We have stated that the security of a system rests in the key. The key is chosen by the user
and that may pose a problem. When people choose keys, they tend to choose poor ones. By
using a poor key the whole system could be compromised regardless of the strength of the
encryption algorithm used. This is more serious problem then one mentioned above. For
instance, this can be used for modified brute-force attack that would try only a subset of all
possible keys. It is called a dictionary attack because only common combinations would be
tried (words from database, their variations, commonly used passwords etc.) It is not unusual
for the dictionary attack to be successful in a surprisingly large percentage numbers.
The answer to this threat is simple - use strong keys. The strong keys are random bit strings
generated by some reliable automatic process. Unfortunately, such keys tend to be hard to
remember and inconvenient for use. At present moment, crypto-disk rejects short keys but it
does not support automatic key generation or any elaborate guarding mechanism against poor
key choices. This remains to be implemented in the future versions.
The another possible problem connected to key usage is a key changing. It is always desirable
to change keys regularly. In a crypto-disk case, there is one key per disk and the crypto-disk
data is actually stored in a single file. To change a key, whole file must be decrypted and re-
encrypted with a new key. Depending on the file size, it can be a tedious process. However, it
is not necessary to change key on daily basis. Generally, the recommended key lifetime has to
be determined according to the information nature and the possible sources of danger.
There are ways to bypass the security system without using the cryptoanalysis. Let us assume
that an application results have been stored on a crypto-disk. In this way, they are supposed to
be protected, but a potential problem lies in a fact that, in a computer, data can be easily
copied and stored in multiple places. This can happen without user knowledge. For instance,
the operating system memory management could cause data swapping to disk. The
application might use the temporary files on non crypto-disk volume. The data may remain
there unprotected. If such scenarios are plausible, the only answer is to safe-erase the contents
of any temporary or swap file. Unfortunately, the need for doing this is often overlooked and
sometimes, it is hard to locate the potential candidates for safe-erasure.
To ensure secrecy, care must be taken to avoid other system bypassing scenarios. For
instance, someone might install a program that intercepts the keyboard calls and copies key-
stroke codes to a hidden file. Later, this file could be examined and keys extracted. It is
difficult to anticipate all kinds of attack against security system. It would be unwise to assume
that the list is ever concluded. However, the important thing is not to state "our encryption is
strong" and forget about everything else.
6. CONCLUSION
The data secrecy is a important field of personal computer security. The crypto-disk employs
cryptography in order to improve secrecy. If the data should be private, encryption forms the
most reliable level of static data protection. The crypto-disk uses strong encryption and it will
withstand attack, provided that poor keys and bypass scenarios are avoided. Crypto-disk test
version (DOS/Windows 3.x, Croatian language) is available freely. Contact the authors at one
of the given addresses.
6. 7. REFERENCES
Asche, R. R. (1994): The Little Device Driver Writer, Microsoft
Cobb, S. (1992): PC and LAN Security, Windcrest/McGraw-Hill
Denning, D.E.R. (1982): Cryptography and Data Security, Addison-Wesley
Schneier, B. (1996): Applied Cryptography, Wiley