SlideShare una empresa de Scribd logo

Improving data confidentiality in personal computer environment using on line encryption

Damir Delija
Damir Delija
1 de 6
Descargar para leer sin conexión
Improving Data Secrecy in Personal Computer Environment Using On-line Encryption Damir Pehar Faculty of Electrical Engineering and Computing, University of Zagreb Unska 3, 10000 Zagreb, Croatia damir.pehar@fer.hr Damir Delija University Computing Centre, University of Zagreb Marohniæeva 11, 10000 Zagreb, Croatia damir.delija@srce.hr Abstract: Combined with the site and resource access controls, encryption forms the most reliable mean of static data protection. This paper describes a crypto-disk on-line encryption system. The system is aimed to improve data secrecy level available to PC users. The general design philosophy is discussed as well as details related to secrecy evaluation. Keywords: computer security, encryption, secrecy, crypto-disk, device driver, IDEA 1. INTRODUCTION The electronic data processing has long since become an irreplaceable part of the modern society. The importance of personal computing in data processing is growing steadily. The personal computers are increasingly used for "individual data processing" or as a part of various networks. The ultimate goals of the modern data processing are efficiency, flexibility and increased productivity. However, there are many cases in which data processing must not only be efficient but it also must provide a reasonable level of data confidentiality. Sometimes, the most important aspect of information processing is not to endanger the information security. Regarding the data security, personal computers leave a lot to be desired. Due to their architecture and operating system design, PCs are particularly vulnerable to unauthorised access, manipulation and import or export of programs and data. PCs are widely deployed and often used in environment where access is not monitored or recorded. Besides that, the diskettes are shared among users, and networking is common practise. These operating conditions facilitate uncontrolled data flow. Depending on the nature of processed data, the lack of security may pose a serious problem. This article addresses one personal computer security segment - the stored data secrecy problem. Furthermore, a method for secrecy improvement through transparent encryption is discussed.
2. THE ROLE OF ENCRYPTION IN DATA ACCESS CONTROL The biggest risks for data security are the negligence, curiosity and ignorance of the users. Statistically, the intentional data abuse is still a relatively insignificant threat. However, the security can not rely on statistical results if there are possibilities of damage due to data abuse. In other words, the nature of information and the sources of danger are the critical factors. A good data access control system should have the power to deprive information from unauthorised users even if they manage to break some site or system access barriers (if there are any). This demand dictates the use of data encryption. The encryption should be particularly interesting for the personal computer users because PCs, due to their hardware and system software design, are intrinsically vulnerable to unauthorised access. Even if there are some forms of system access control, it may be difficult to enforce strict control. On the other hand, the most of the access controls available for the personal computer systems prevent unauthorised person from starting up the system. Once the system is running, the person who operates a PC has access to all resources. There are no possibilities for differentiation among users or limitations on accessing program or data files. Encryption can provide personal computer users with the level of data secrecy that can satisfy even the most demanding requests. However, the site or system access control measures must not be neglected. Ideally, encryption should be a security layer after the site or system access controls. Encryption can not prevent data from being damaged or stolen. In a such case, encryption does make data useless to unauthorised person, but sometimes a "pure" data loss may implicate the damage comparable (or worse) to data abuse. 3. IMPLEMENTING ENCRYPTION On a personal computer system, encryption can be implemented by software, or it can be implemented through dedicated hardware device. The hardware-based solutions are generally less demanding on the host CPU and offer faster encryption/decryption process. The software solutions are usually more CPU demanding but less expensive. However, the final encryption results are implementation independent for the same encryption algorithm used. The software encryption can be implemented in different ways. For instance, encryption can be application specific - it can represent an option built into particular software package. Furthermore, there are dedicated encryption utilities that encrypts files. When user wants to encrypt a file, he or she runs appropriate program. The program usually prompts user to enter a password and performs encryption on the selected file. The encrypted file is a coded copy of the original file, so some additional activities must be taken. As the most important step, the original file must be erased using the safe file erasure procedures, because there is no point in encrypted file existence while original is still in being on the same system. In many cases, file encryption programs are not handy when greater file count is involved, especially if files are scattered around the directory tree. Alternatively, encryption can be done on-the-fly. This task can be performed by the operating system (less likely) or by a program closely linked to the operating system (more likely). Such encryption is application independent and more convenient for use. In this concept, encryption is done automatically - an extra step is added to file system read and write calls. 4. IMPROVING SECRECY - OUR PROPOSAL
In order to improve the data secrecy level available to PC users we have developed and tested an on-line encryption system. The system (called crypto-disk) is based on a symmetric key block cipher encryption algorithm IDEA (International Data Encryption Algorithm). It is implemented in software and available for DOS/Windows platforms. The design goal was to develop a system that would be easy for use and that would offer a significant benefit in data privacy area combined with a reasonable performance penalty. 4.a. How does it work ? The core of a crypto-disk is a device driver program. Usually, device drivers are link between software and hardware, but there are no reasons forbidding them to serve other purposes. In fact, many drivers do not provide a service for real hardware devices, but instead they provide support for some logical concept. Usually, the device drivers are the base of an abstraction mechanism. They are part of an operating system architecture that provides applications with device independent, high-level interface. In a such environment, the application requests are submitted to the operating system through the use of an application programming interface (API). The operating system analyses the request and, if necessary, calls the lower level functions encapsulated in the device drivers using a different interface, the SPI (system programming interface). Figure 1 illustrates the control flow scenario. Crypto-disk works like a logical disk. Once properly installed, it forms up to four additional (logical, virtual) disks on the system. These disks behave like normal disks but everything transferred to them gets encrypted or decrypted (in a case of reversed data flow). Furthermore, the encryption key (password) must be provided during the crypto-disk activation phase. The encryption/decryption process is performed automatically by the crypto-disk driver. The encrypted data is redirected to a file situated on some other disk (called host-disk). It can be a psychical or logical disk but not another crypto-disk drive. Just like encryption/decryption process, the data redirection is done "behind the scene". The crypto-disk acts like an intermediate driver. Let us assume that an application has requested write operation on a crypto-disk drive. In response, the operating system packs up an application I/O request into a defined data structure and sends the packet to the driver that corresponds to the device. In our example, the crypto-disk driver receives the package and analyses its content. It extracts data address pointers and encrypts data in 512-byte chunks (the disk sector size). The encrypted data is passed on to a driver responsible for the host disk (the disk that contains a file where encrypted data will be stored) together with the modified write request. In order to ensure correct execution, the crypto-disk emulates a part of the operating system SPI functionality, so the host disk driver processes routed request without knowing anything about the request traverse. Figure 2 illustrates the control flow in this case. In read operation case, the situation is similar. The operation system submits an application I/O request to the crypto-disk driver. The crypto-disk driver analyses the request and issues an emulated SPI read operation request to the appropriate host disk driver. The host disk data is redirected to crypto-disk working area, decrypted and eventually put at the operating system disposal. 5. HOW SECURE IS IT ? Basically, the system secrecy is ensured if a cryptoanalyst is not able to determine plaintext data from available ciphertext, regardless of the possible means he or she might posses.
However, the security evaluation problem is not a trivial one. One may state that it is easier to design a system, then to construct exact proofs about its strength. In the following discussion we will concentrate on the evaluation of crypto-disk secrecy features. 5.a. The algorithm strength The algorithm strength is the primary factor that determines the secrecy level. The crypto-disk uses IDEA algorithm. This algorithm is developed by Xeejia Lai and James Massey in 1990. It is a symmetric-key block cipher. The major factors that influence the strength of a block cipher are key length, block size and resistance to cryptoanalysis methods other than brute force attack. IDEA uses a 128-bit key and it operates on 64-bit data blocks. The detailed description and evaluation of IDEA algorithm could be found in reference [Schneier]. The algorithm is relatively new for definitive cryptoanalytic results. Generally, it is concerned to be the best and the most secure block algorithm publicly available. It is certain that the brute force attack against IDEA is beyond the capability of the most sophisticated hardware feasible. However the brute force may not be the best way to attack the algorithm. Many people have constructed and tried other types of attack, but there are no known cryptoanalytic results against IDEA that would reveal any serious weakness. According to the current knowledge, IDEA algorithm represents a very solid building block for a data security system. It is difficult to anticipate all of the cryptoanalytic attacks that one might devise. In order to make the cryptoanalysis even more harder the crypto-disk implementation uses a cipher block chaining (CBC) technique. In brief, the CBC implementation uses a block of ciphertext to be exclusive-ored with the next plaintext block. The result is then encrypted using the base algorithm (IDEA). CBC offers improved protection against ciphertext insertions, deletions and modifications. The CBC is described in reference [Denning]. 5.b. The possible security holes The crypto-disk security relies on the secrecy of the key used for data encryption. It is crucial not to reveal the key, so it is undesirable to store the key "anywhere except in the user mind". However, there has to be a mechanism for user key validation. For instance, it would be disastrous for crypto-disk data integrity to allow crypto-disk write operations using the mistyped key. The key validation mechanism works as follows: during the crypto-disk formatting phase a data block is encrypted using a key obtained from the user. In this data block, eight bits are pre-defined while the other bits are generated randomly. The result is stored together with the other crypto-disk data. During the crypto-disk activation process the same ciphertext is decrypted using a user provided key. The result is then checked for the pre- defined bits. If they are found at the correct place, the key is considered valid. It would be possible to disassemble the program and recover the pre-defined bits. By doing this the cryptoanalyst would acquire a ciphertext of a partially known plaintext. This may not lead to a known-plaintext attack, but there are other ways of obtaining the material for such purpose. The structure of the crypto-disk file resembles the structure of the ordinary file system. It contains directories, FAT tables, boot sector and other common structures. In addition, there is a problem of regular appearance of the same structures in the data being encrypted (file headers, executable formats and so on). All these structures gets encrypted so there can be a lot of known plaintext-ciphertext counterparts to be examined by the cryptoanalyst. Is this a security hole ? Without any doubt, it can facilitate the cryptoanalytic
efforts and it is worth mentioning. But, it will not be effective unless used in a still- undiscovered way. We have stated that the security of a system rests in the key. The key is chosen by the user and that may pose a problem. When people choose keys, they tend to choose poor ones. By using a poor key the whole system could be compromised regardless of the strength of the encryption algorithm used. This is more serious problem then one mentioned above. For instance, this can be used for modified brute-force attack that would try only a subset of all possible keys. It is called a dictionary attack because only common combinations would be tried (words from database, their variations, commonly used passwords etc.) It is not unusual for the dictionary attack to be successful in a surprisingly large percentage numbers. The answer to this threat is simple - use strong keys. The strong keys are random bit strings generated by some reliable automatic process. Unfortunately, such keys tend to be hard to remember and inconvenient for use. At present moment, crypto-disk rejects short keys but it does not support automatic key generation or any elaborate guarding mechanism against poor key choices. This remains to be implemented in the future versions. The another possible problem connected to key usage is a key changing. It is always desirable to change keys regularly. In a crypto-disk case, there is one key per disk and the crypto-disk data is actually stored in a single file. To change a key, whole file must be decrypted and re- encrypted with a new key. Depending on the file size, it can be a tedious process. However, it is not necessary to change key on daily basis. Generally, the recommended key lifetime has to be determined according to the information nature and the possible sources of danger. There are ways to bypass the security system without using the cryptoanalysis. Let us assume that an application results have been stored on a crypto-disk. In this way, they are supposed to be protected, but a potential problem lies in a fact that, in a computer, data can be easily copied and stored in multiple places. This can happen without user knowledge. For instance, the operating system memory management could cause data swapping to disk. The application might use the temporary files on non crypto-disk volume. The data may remain there unprotected. If such scenarios are plausible, the only answer is to safe-erase the contents of any temporary or swap file. Unfortunately, the need for doing this is often overlooked and sometimes, it is hard to locate the potential candidates for safe-erasure. To ensure secrecy, care must be taken to avoid other system bypassing scenarios. For instance, someone might install a program that intercepts the keyboard calls and copies key- stroke codes to a hidden file. Later, this file could be examined and keys extracted. It is difficult to anticipate all kinds of attack against security system. It would be unwise to assume that the list is ever concluded. However, the important thing is not to state "our encryption is strong" and forget about everything else. 6. CONCLUSION The data secrecy is a important field of personal computer security. The crypto-disk employs cryptography in order to improve secrecy. If the data should be private, encryption forms the most reliable level of static data protection. The crypto-disk uses strong encryption and it will withstand attack, provided that poor keys and bypass scenarios are avoided. Crypto-disk test version (DOS/Windows 3.x, Croatian language) is available freely. Contact the authors at one of the given addresses.
7. REFERENCES Asche, R. R. (1994): The Little Device Driver Writer, Microsoft Cobb, S. (1992): PC and LAN Security, Windcrest/McGraw-Hill Denning, D.E.R. (1982): Cryptography and Data Security, Addison-Wesley Schneier, B. (1996): Applied Cryptography, Wiley

Recomendados

INTRODUCTION
INTRODUCTIONINTRODUCTION
INTRODUCTIONDheeraj Kumar Singh
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
IRJET- Data Security in Cloud Computing using Cryptographic Algorithms
IRJET- Data Security in Cloud Computing using Cryptographic AlgorithmsIRJET- Data Security in Cloud Computing using Cryptographic Algorithms
IRJET- Data Security in Cloud Computing using Cryptographic AlgorithmsIRJET Journal
 
Providing Secure Cloud for College Campus
Providing Secure Cloud for College CampusProviding Secure Cloud for College Campus
Providing Secure Cloud for College Campusvivatechijri
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET Journal
 
Cloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyCloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyIRJET Journal
 
A Secure MSSS Scheme and AES Encryption over Cloud Data
A Secure MSSS Scheme and AES Encryption over Cloud DataA Secure MSSS Scheme and AES Encryption over Cloud Data
A Secure MSSS Scheme and AES Encryption over Cloud DataEditor IJCATR
 

Recomendados

INTRODUCTION
INTRODUCTIONINTRODUCTION
INTRODUCTIONDheeraj Kumar Singh
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
IRJET- Data Security in Cloud Computing using Cryptographic Algorithms
IRJET- Data Security in Cloud Computing using Cryptographic AlgorithmsIRJET- Data Security in Cloud Computing using Cryptographic Algorithms
IRJET- Data Security in Cloud Computing using Cryptographic AlgorithmsIRJET Journal
 
Providing Secure Cloud for College Campus
Providing Secure Cloud for College CampusProviding Secure Cloud for College Campus
Providing Secure Cloud for College Campusvivatechijri
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET Journal
 
Cloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyCloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyIRJET Journal
 
A Secure MSSS Scheme and AES Encryption over Cloud Data
A Secure MSSS Scheme and AES Encryption over Cloud DataA Secure MSSS Scheme and AES Encryption over Cloud Data
A Secure MSSS Scheme and AES Encryption over Cloud DataEditor IJCATR
 
Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloud Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloudinventionjournals
 
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLEDATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLEijdms
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435Manuel Garza
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Securely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud ComputingSecurely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud ComputingIJERA Editor
 
Iaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloudIaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloudIaetsd Iaetsd
 
Paper2
Paper2Paper2
Paper2Vikas Khairnar
 
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...IRJET Journal
 
Design and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storageDesign and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
 
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER csandit
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support quamaheshnimbalkar
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Secure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganographyiosrjce
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEAM Publications,India
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116IJRAT
 
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustavaNeizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustavaDamir Delija
 
Verifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pcVerifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pcDamir Delija
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload managerDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaDamir Delija
 

Más contenido relacionado

La actualidad más candente

Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloud Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloudinventionjournals
 
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLEDATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLEijdms
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435Manuel Garza
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
 
Securely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud ComputingSecurely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud ComputingIJERA Editor
 
Iaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloudIaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloudIaetsd Iaetsd
 
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...IRJET Journal
 
Design and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storageDesign and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
 
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER csandit
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Secure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganographyiosrjce
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEAM Publications,India
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116IJRAT
 

La actualidad más candente (18)

Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloud Preserving Privacy Policy- Preserving public auditing for data in the cloud
Preserving Privacy Policy- Preserving public auditing for data in the cloud
 
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLEDATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
DATABASE PRIVATE SECURITY JURISPRUDENCE: A CASE STUDY USING ORACLE
 
ResearchPaperITDF2435
ResearchPaperITDF2435ResearchPaperITDF2435
ResearchPaperITDF2435
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption System
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber Security
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Securely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud ComputingSecurely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
Securely Data Forwarding and Maintaining Reliability of Data in Cloud Computing
 
Iaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloudIaetsd secure data sharing of multi-owner groups in cloud
Iaetsd secure data sharing of multi-owner groups in cloud
 
Paper2
Paper2Paper2
Paper2
 
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
IRJET- A Review Paper on an Efficient File Hierarchy Attribute Based Encr...
 
Design and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storageDesign and implementation of a privacy preserved off premises cloud storage
Design and implementation of a privacy preserved off premises cloud storage
 
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed Services
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloud
 
Secure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganography
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116
 

Destacado

Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustavaNeizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustavaDamir Delija
 
Verifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pcVerifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pcDamir Delija
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload managerDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaDamir Delija
 
Insig2 forenzicki trening 2011
Insig2 forenzicki trening 2011Insig2 forenzicki trening 2011
Insig2 forenzicki trening 2011Damir Delija
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1Damir Delija
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Damir Delija
 

Destacado (10)

Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustavaNeizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
Neizrazita logika u upravljanju i nadzoru racunalnih mreza i sustava
 
Verifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pcVerifikacija korisnika na mrezi pc
Verifikacija korisnika na mrezi pc
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavima
 
Insig2 forenzicki trening 2011
Insig2 forenzicki trening 2011Insig2 forenzicki trening 2011
Insig2 forenzicki trening 2011
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1
 

Similar a Improving data confidentiality in personal computer environment using on line encryption

Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryptionRuban Deventhiran
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationPapitha Velumani
 
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protectionSecure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protectionInka Traktman
 
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET Journal
 
High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...CSITiaesprime
 
Cloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityIGEEKS TECHNOLOGIES
 
Secured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid CloudSecured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid Cloudtheijes
 
E031102034039
E031102034039E031102034039
E031102034039theijes
 
Fragmentation of Data in Large-Scale System For Ideal Performance and Security
Fragmentation of Data in Large-Scale System For Ideal Performance and SecurityFragmentation of Data in Large-Scale System For Ideal Performance and Security
Fragmentation of Data in Large-Scale System For Ideal Performance and SecurityEditor IJCATR
 
Effective Data Erasure and Anti Forensics Techniques
Effective Data Erasure and Anti Forensics TechniquesEffective Data Erasure and Anti Forensics Techniques
Effective Data Erasure and Anti Forensics Techniquesijtsrd
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilityPvrtechnologies Nellore
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilityPvrtechnologies Nellore
 
IRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET Journal
 
A novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data applicationA novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data applicationijmnct
 
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET Journal
 

Similar a Improving data confidentiality in personal computer environment using on line encryption (20)

50120130405028
5012013040502850120130405028
50120130405028
 
Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryption
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplication
 
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protectionSecure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
 
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
 
High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...
 
Cloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditability
 
Secured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid CloudSecured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid Cloud
 
E031102034039
E031102034039E031102034039
E031102034039
 
Fragmentation of Data in Large-Scale System For Ideal Performance and Security
Fragmentation of Data in Large-Scale System For Ideal Performance and SecurityFragmentation of Data in Large-Scale System For Ideal Performance and Security
Fragmentation of Data in Large-Scale System For Ideal Performance and Security
 
Effective Data Erasure and Anti Forensics Techniques
Effective Data Erasure and Anti Forensics TechniquesEffective Data Erasure and Anti Forensics Techniques
Effective Data Erasure and Anti Forensics Techniques
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliability
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliability
 
IRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key Exposure
 
A novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data applicationA novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data application
 
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data StorageIRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
IRJET- Secure Data Deduplication and Auditing for Cloud Data Storage
 

Más de Damir Delija

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...Damir Delija
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection Damir Delija
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Damir Delija
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Damir Delija
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Damir Delija
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza Damir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 
Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Damir Delija
 
Mehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaMehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaDamir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 
Upravljanje racunalnim mrezama i sustavima
Upravljanje racunalnim mrezama i sustavimaUpravljanje racunalnim mrezama i sustavima
Upravljanje racunalnim mrezama i sustavimaDamir Delija
 

Más de Damir Delija (20)

6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
 
Ocr and EnCase
Ocr and EnCaseOcr and EnCase
Ocr and EnCase
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokazi
 
Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...
 
Mehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaMehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCa
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokazi
 
Upravljanje racunalnim mrezama i sustavima
Upravljanje racunalnim mrezama i sustavimaUpravljanje racunalnim mrezama i sustavima
Upravljanje racunalnim mrezama i sustavima
 

Improving data confidentiality in personal computer environment using on line encryption

  • 1. Improving Data Secrecy in Personal Computer Environment Using On-line Encryption Damir Pehar Faculty of Electrical Engineering and Computing, University of Zagreb Unska 3, 10000 Zagreb, Croatia damir.pehar@fer.hr Damir Delija University Computing Centre, University of Zagreb Marohniæeva 11, 10000 Zagreb, Croatia damir.delija@srce.hr Abstract: Combined with the site and resource access controls, encryption forms the most reliable mean of static data protection. This paper describes a crypto-disk on-line encryption system. The system is aimed to improve data secrecy level available to PC users. The general design philosophy is discussed as well as details related to secrecy evaluation. Keywords: computer security, encryption, secrecy, crypto-disk, device driver, IDEA 1. INTRODUCTION The electronic data processing has long since become an irreplaceable part of the modern society. The importance of personal computing in data processing is growing steadily. The personal computers are increasingly used for "individual data processing" or as a part of various networks. The ultimate goals of the modern data processing are efficiency, flexibility and increased productivity. However, there are many cases in which data processing must not only be efficient but it also must provide a reasonable level of data confidentiality. Sometimes, the most important aspect of information processing is not to endanger the information security. Regarding the data security, personal computers leave a lot to be desired. Due to their architecture and operating system design, PCs are particularly vulnerable to unauthorised access, manipulation and import or export of programs and data. PCs are widely deployed and often used in environment where access is not monitored or recorded. Besides that, the diskettes are shared among users, and networking is common practise. These operating conditions facilitate uncontrolled data flow. Depending on the nature of processed data, the lack of security may pose a serious problem. This article addresses one personal computer security segment - the stored data secrecy problem. Furthermore, a method for secrecy improvement through transparent encryption is discussed.
  • 2. 2. THE ROLE OF ENCRYPTION IN DATA ACCESS CONTROL The biggest risks for data security are the negligence, curiosity and ignorance of the users. Statistically, the intentional data abuse is still a relatively insignificant threat. However, the security can not rely on statistical results if there are possibilities of damage due to data abuse. In other words, the nature of information and the sources of danger are the critical factors. A good data access control system should have the power to deprive information from unauthorised users even if they manage to break some site or system access barriers (if there are any). This demand dictates the use of data encryption. The encryption should be particularly interesting for the personal computer users because PCs, due to their hardware and system software design, are intrinsically vulnerable to unauthorised access. Even if there are some forms of system access control, it may be difficult to enforce strict control. On the other hand, the most of the access controls available for the personal computer systems prevent unauthorised person from starting up the system. Once the system is running, the person who operates a PC has access to all resources. There are no possibilities for differentiation among users or limitations on accessing program or data files. Encryption can provide personal computer users with the level of data secrecy that can satisfy even the most demanding requests. However, the site or system access control measures must not be neglected. Ideally, encryption should be a security layer after the site or system access controls. Encryption can not prevent data from being damaged or stolen. In a such case, encryption does make data useless to unauthorised person, but sometimes a "pure" data loss may implicate the damage comparable (or worse) to data abuse. 3. IMPLEMENTING ENCRYPTION On a personal computer system, encryption can be implemented by software, or it can be implemented through dedicated hardware device. The hardware-based solutions are generally less demanding on the host CPU and offer faster encryption/decryption process. The software solutions are usually more CPU demanding but less expensive. However, the final encryption results are implementation independent for the same encryption algorithm used. The software encryption can be implemented in different ways. For instance, encryption can be application specific - it can represent an option built into particular software package. Furthermore, there are dedicated encryption utilities that encrypts files. When user wants to encrypt a file, he or she runs appropriate program. The program usually prompts user to enter a password and performs encryption on the selected file. The encrypted file is a coded copy of the original file, so some additional activities must be taken. As the most important step, the original file must be erased using the safe file erasure procedures, because there is no point in encrypted file existence while original is still in being on the same system. In many cases, file encryption programs are not handy when greater file count is involved, especially if files are scattered around the directory tree. Alternatively, encryption can be done on-the-fly. This task can be performed by the operating system (less likely) or by a program closely linked to the operating system (more likely). Such encryption is application independent and more convenient for use. In this concept, encryption is done automatically - an extra step is added to file system read and write calls. 4. IMPROVING SECRECY - OUR PROPOSAL
  • 3. In order to improve the data secrecy level available to PC users we have developed and tested an on-line encryption system. The system (called crypto-disk) is based on a symmetric key block cipher encryption algorithm IDEA (International Data Encryption Algorithm). It is implemented in software and available for DOS/Windows platforms. The design goal was to develop a system that would be easy for use and that would offer a significant benefit in data privacy area combined with a reasonable performance penalty. 4.a. How does it work ? The core of a crypto-disk is a device driver program. Usually, device drivers are link between software and hardware, but there are no reasons forbidding them to serve other purposes. In fact, many drivers do not provide a service for real hardware devices, but instead they provide support for some logical concept. Usually, the device drivers are the base of an abstraction mechanism. They are part of an operating system architecture that provides applications with device independent, high-level interface. In a such environment, the application requests are submitted to the operating system through the use of an application programming interface (API). The operating system analyses the request and, if necessary, calls the lower level functions encapsulated in the device drivers using a different interface, the SPI (system programming interface). Figure 1 illustrates the control flow scenario. Crypto-disk works like a logical disk. Once properly installed, it forms up to four additional (logical, virtual) disks on the system. These disks behave like normal disks but everything transferred to them gets encrypted or decrypted (in a case of reversed data flow). Furthermore, the encryption key (password) must be provided during the crypto-disk activation phase. The encryption/decryption process is performed automatically by the crypto-disk driver. The encrypted data is redirected to a file situated on some other disk (called host-disk). It can be a psychical or logical disk but not another crypto-disk drive. Just like encryption/decryption process, the data redirection is done "behind the scene". The crypto-disk acts like an intermediate driver. Let us assume that an application has requested write operation on a crypto-disk drive. In response, the operating system packs up an application I/O request into a defined data structure and sends the packet to the driver that corresponds to the device. In our example, the crypto-disk driver receives the package and analyses its content. It extracts data address pointers and encrypts data in 512-byte chunks (the disk sector size). The encrypted data is passed on to a driver responsible for the host disk (the disk that contains a file where encrypted data will be stored) together with the modified write request. In order to ensure correct execution, the crypto-disk emulates a part of the operating system SPI functionality, so the host disk driver processes routed request without knowing anything about the request traverse. Figure 2 illustrates the control flow in this case. In read operation case, the situation is similar. The operation system submits an application I/O request to the crypto-disk driver. The crypto-disk driver analyses the request and issues an emulated SPI read operation request to the appropriate host disk driver. The host disk data is redirected to crypto-disk working area, decrypted and eventually put at the operating system disposal. 5. HOW SECURE IS IT ? Basically, the system secrecy is ensured if a cryptoanalyst is not able to determine plaintext data from available ciphertext, regardless of the possible means he or she might posses.
  • 4. However, the security evaluation problem is not a trivial one. One may state that it is easier to design a system, then to construct exact proofs about its strength. In the following discussion we will concentrate on the evaluation of crypto-disk secrecy features. 5.a. The algorithm strength The algorithm strength is the primary factor that determines the secrecy level. The crypto-disk uses IDEA algorithm. This algorithm is developed by Xeejia Lai and James Massey in 1990. It is a symmetric-key block cipher. The major factors that influence the strength of a block cipher are key length, block size and resistance to cryptoanalysis methods other than brute force attack. IDEA uses a 128-bit key and it operates on 64-bit data blocks. The detailed description and evaluation of IDEA algorithm could be found in reference [Schneier]. The algorithm is relatively new for definitive cryptoanalytic results. Generally, it is concerned to be the best and the most secure block algorithm publicly available. It is certain that the brute force attack against IDEA is beyond the capability of the most sophisticated hardware feasible. However the brute force may not be the best way to attack the algorithm. Many people have constructed and tried other types of attack, but there are no known cryptoanalytic results against IDEA that would reveal any serious weakness. According to the current knowledge, IDEA algorithm represents a very solid building block for a data security system. It is difficult to anticipate all of the cryptoanalytic attacks that one might devise. In order to make the cryptoanalysis even more harder the crypto-disk implementation uses a cipher block chaining (CBC) technique. In brief, the CBC implementation uses a block of ciphertext to be exclusive-ored with the next plaintext block. The result is then encrypted using the base algorithm (IDEA). CBC offers improved protection against ciphertext insertions, deletions and modifications. The CBC is described in reference [Denning]. 5.b. The possible security holes The crypto-disk security relies on the secrecy of the key used for data encryption. It is crucial not to reveal the key, so it is undesirable to store the key "anywhere except in the user mind". However, there has to be a mechanism for user key validation. For instance, it would be disastrous for crypto-disk data integrity to allow crypto-disk write operations using the mistyped key. The key validation mechanism works as follows: during the crypto-disk formatting phase a data block is encrypted using a key obtained from the user. In this data block, eight bits are pre-defined while the other bits are generated randomly. The result is stored together with the other crypto-disk data. During the crypto-disk activation process the same ciphertext is decrypted using a user provided key. The result is then checked for the pre- defined bits. If they are found at the correct place, the key is considered valid. It would be possible to disassemble the program and recover the pre-defined bits. By doing this the cryptoanalyst would acquire a ciphertext of a partially known plaintext. This may not lead to a known-plaintext attack, but there are other ways of obtaining the material for such purpose. The structure of the crypto-disk file resembles the structure of the ordinary file system. It contains directories, FAT tables, boot sector and other common structures. In addition, there is a problem of regular appearance of the same structures in the data being encrypted (file headers, executable formats and so on). All these structures gets encrypted so there can be a lot of known plaintext-ciphertext counterparts to be examined by the cryptoanalyst. Is this a security hole ? Without any doubt, it can facilitate the cryptoanalytic
  • 5. efforts and it is worth mentioning. But, it will not be effective unless used in a still- undiscovered way. We have stated that the security of a system rests in the key. The key is chosen by the user and that may pose a problem. When people choose keys, they tend to choose poor ones. By using a poor key the whole system could be compromised regardless of the strength of the encryption algorithm used. This is more serious problem then one mentioned above. For instance, this can be used for modified brute-force attack that would try only a subset of all possible keys. It is called a dictionary attack because only common combinations would be tried (words from database, their variations, commonly used passwords etc.) It is not unusual for the dictionary attack to be successful in a surprisingly large percentage numbers. The answer to this threat is simple - use strong keys. The strong keys are random bit strings generated by some reliable automatic process. Unfortunately, such keys tend to be hard to remember and inconvenient for use. At present moment, crypto-disk rejects short keys but it does not support automatic key generation or any elaborate guarding mechanism against poor key choices. This remains to be implemented in the future versions. The another possible problem connected to key usage is a key changing. It is always desirable to change keys regularly. In a crypto-disk case, there is one key per disk and the crypto-disk data is actually stored in a single file. To change a key, whole file must be decrypted and re- encrypted with a new key. Depending on the file size, it can be a tedious process. However, it is not necessary to change key on daily basis. Generally, the recommended key lifetime has to be determined according to the information nature and the possible sources of danger. There are ways to bypass the security system without using the cryptoanalysis. Let us assume that an application results have been stored on a crypto-disk. In this way, they are supposed to be protected, but a potential problem lies in a fact that, in a computer, data can be easily copied and stored in multiple places. This can happen without user knowledge. For instance, the operating system memory management could cause data swapping to disk. The application might use the temporary files on non crypto-disk volume. The data may remain there unprotected. If such scenarios are plausible, the only answer is to safe-erase the contents of any temporary or swap file. Unfortunately, the need for doing this is often overlooked and sometimes, it is hard to locate the potential candidates for safe-erasure. To ensure secrecy, care must be taken to avoid other system bypassing scenarios. For instance, someone might install a program that intercepts the keyboard calls and copies key- stroke codes to a hidden file. Later, this file could be examined and keys extracted. It is difficult to anticipate all kinds of attack against security system. It would be unwise to assume that the list is ever concluded. However, the important thing is not to state "our encryption is strong" and forget about everything else. 6. CONCLUSION The data secrecy is a important field of personal computer security. The crypto-disk employs cryptography in order to improve secrecy. If the data should be private, encryption forms the most reliable level of static data protection. The crypto-disk uses strong encryption and it will withstand attack, provided that poor keys and bypass scenarios are avoided. Crypto-disk test version (DOS/Windows 3.x, Croatian language) is available freely. Contact the authors at one of the given addresses.
  • 6. 7. REFERENCES Asche, R. R. (1994): The Little Device Driver Writer, Microsoft Cobb, S. (1992): PC and LAN Security, Windcrest/McGraw-Hill Denning, D.E.R. (1982): Cryptography and Data Security, Addison-Wesley Schneier, B. (1996): Applied Cryptography, Wiley