Improving data confidentiality in personal computer environment using on line encryption
Improving Data Secrecy in Personal Computer Environment Using On-line Encryption Damir Pehar Faculty of Electrical Engineering and Computing, University of Zagreb Unska 3, 10000 Zagreb, Croatia email@example.com Damir Delija University Computing Centre, University of Zagreb Marohniæeva 11, 10000 Zagreb, Croatia firstname.lastname@example.orgAbstract: Combined with the site and resource access controls, encryption forms the mostreliable mean of static data protection. This paper describes a crypto-disk on-line encryptionsystem. The system is aimed to improve data secrecy level available to PC users. The generaldesign philosophy is discussed as well as details related to secrecy evaluation.Keywords: computer security, encryption, secrecy, crypto-disk, device driver, IDEA1. INTRODUCTIONThe electronic data processing has long since become an irreplaceable part of the modernsociety. The importance of personal computing in data processing is growing steadily. Thepersonal computers are increasingly used for "individual data processing" or as a part ofvarious networks. The ultimate goals of the modern data processing are efficiency, flexibilityand increased productivity. However, there are many cases in which data processing must notonly be efficient but it also must provide a reasonable level of data confidentiality.Sometimes, the most important aspect of information processing is not to endanger theinformation security.Regarding the data security, personal computers leave a lot to be desired. Due to theirarchitecture and operating system design, PCs are particularly vulnerable to unauthorisedaccess, manipulation and import or export of programs and data. PCs are widely deployed andoften used in environment where access is not monitored or recorded. Besides that, thediskettes are shared among users, and networking is common practise. These operatingconditions facilitate uncontrolled data flow. Depending on the nature of processed data, thelack of security may pose a serious problem. This article addresses one personal computersecurity segment - the stored data secrecy problem. Furthermore, a method for secrecyimprovement through transparent encryption is discussed.
2. THE ROLE OF ENCRYPTION IN DATA ACCESS CONTROLThe biggest risks for data security are the negligence, curiosity and ignorance of the users.Statistically, the intentional data abuse is still a relatively insignificant threat. However, thesecurity can not rely on statistical results if there are possibilities of damage due to data abuse.In other words, the nature of information and the sources of danger are the critical factors.A good data access control system should have the power to deprive information fromunauthorised users even if they manage to break some site or system access barriers (if thereare any). This demand dictates the use of data encryption. The encryption should beparticularly interesting for the personal computer users because PCs, due to their hardwareand system software design, are intrinsically vulnerable to unauthorised access. Even if thereare some forms of system access control, it may be difficult to enforce strict control. On theother hand, the most of the access controls available for the personal computer systemsprevent unauthorised person from starting up the system. Once the system is running, theperson who operates a PC has access to all resources. There are no possibilities fordifferentiation among users or limitations on accessing program or data files.Encryption can provide personal computer users with the level of data secrecy that can satisfyeven the most demanding requests. However, the site or system access control measures mustnot be neglected. Ideally, encryption should be a security layer after the site or system accesscontrols. Encryption can not prevent data from being damaged or stolen. In a such case,encryption does make data useless to unauthorised person, but sometimes a "pure" data lossmay implicate the damage comparable (or worse) to data abuse.3. IMPLEMENTING ENCRYPTIONOn a personal computer system, encryption can be implemented by software, or it can beimplemented through dedicated hardware device. The hardware-based solutions are generallyless demanding on the host CPU and offer faster encryption/decryption process. The softwaresolutions are usually more CPU demanding but less expensive. However, the final encryptionresults are implementation independent for the same encryption algorithm used.The software encryption can be implemented in different ways. For instance, encryption canbe application specific - it can represent an option built into particular software package.Furthermore, there are dedicated encryption utilities that encrypts files. When user wants toencrypt a file, he or she runs appropriate program. The program usually prompts user to entera password and performs encryption on the selected file. The encrypted file is a coded copy ofthe original file, so some additional activities must be taken. As the most important step, theoriginal file must be erased using the safe file erasure procedures, because there is no point inencrypted file existence while original is still in being on the same system. In many cases, fileencryption programs are not handy when greater file count is involved, especially if files arescattered around the directory tree. Alternatively, encryption can be done on-the-fly. This taskcan be performed by the operating system (less likely) or by a program closely linked to theoperating system (more likely). Such encryption is application independent and moreconvenient for use. In this concept, encryption is done automatically - an extra step is addedto file system read and write calls.4. IMPROVING SECRECY - OUR PROPOSAL
In order to improve the data secrecy level available to PC users we have developed and testedan on-line encryption system. The system (called crypto-disk) is based on a symmetric keyblock cipher encryption algorithm IDEA (International Data Encryption Algorithm). It isimplemented in software and available for DOS/Windows platforms. The design goal was todevelop a system that would be easy for use and that would offer a significant benefit in dataprivacy area combined with a reasonable performance penalty.4.a. How does it work ?The core of a crypto-disk is a device driver program. Usually, device drivers are link betweensoftware and hardware, but there are no reasons forbidding them to serve other purposes. Infact, many drivers do not provide a service for real hardware devices, but instead they providesupport for some logical concept. Usually, the device drivers are the base of an abstractionmechanism. They are part of an operating system architecture that provides applications withdevice independent, high-level interface. In a such environment, the application requests aresubmitted to the operating system through the use of an application programming interface(API). The operating system analyses the request and, if necessary, calls the lower levelfunctions encapsulated in the device drivers using a different interface, the SPI (systemprogramming interface). Figure 1 illustrates the control flow scenario.Crypto-disk works like a logical disk. Once properly installed, it forms up to four additional(logical, virtual) disks on the system. These disks behave like normal disks but everythingtransferred to them gets encrypted or decrypted (in a case of reversed data flow). Furthermore,the encryption key (password) must be provided during the crypto-disk activation phase. Theencryption/decryption process is performed automatically by the crypto-disk driver. Theencrypted data is redirected to a file situated on some other disk (called host-disk). It can be apsychical or logical disk but not another crypto-disk drive. Just like encryption/decryptionprocess, the data redirection is done "behind the scene".The crypto-disk acts like an intermediate driver. Let us assume that an application hasrequested write operation on a crypto-disk drive. In response, the operating system packs upan application I/O request into a defined data structure and sends the packet to the driver thatcorresponds to the device. In our example, the crypto-disk driver receives the package andanalyses its content. It extracts data address pointers and encrypts data in 512-byte chunks(the disk sector size). The encrypted data is passed on to a driver responsible for the host disk(the disk that contains a file where encrypted data will be stored) together with the modifiedwrite request. In order to ensure correct execution, the crypto-disk emulates a part of theoperating system SPI functionality, so the host disk driver processes routed request withoutknowing anything about the request traverse. Figure 2 illustrates the control flow in this case.In read operation case, the situation is similar. The operation system submits an applicationI/O request to the crypto-disk driver. The crypto-disk driver analyses the request and issues anemulated SPI read operation request to the appropriate host disk driver. The host disk data isredirected to crypto-disk working area, decrypted and eventually put at the operating systemdisposal.5. HOW SECURE IS IT ?Basically, the system secrecy is ensured if a cryptoanalyst is not able to determine plaintextdata from available ciphertext, regardless of the possible means he or she might posses.
However, the security evaluation problem is not a trivial one. One may state that it is easier todesign a system, then to construct exact proofs about its strength. In the following discussionwe will concentrate on the evaluation of crypto-disk secrecy features.5.a. The algorithm strengthThe algorithm strength is the primary factor that determines the secrecy level. The crypto-diskuses IDEA algorithm. This algorithm is developed by Xeejia Lai and James Massey in 1990.It is a symmetric-key block cipher. The major factors that influence the strength of a blockcipher are key length, block size and resistance to cryptoanalysis methods other than bruteforce attack. IDEA uses a 128-bit key and it operates on 64-bit data blocks. The detaileddescription and evaluation of IDEA algorithm could be found in reference [Schneier]. Thealgorithm is relatively new for definitive cryptoanalytic results. Generally, it is concerned tobe the best and the most secure block algorithm publicly available. It is certain that the bruteforce attack against IDEA is beyond the capability of the most sophisticated hardwarefeasible. However the brute force may not be the best way to attack the algorithm. Manypeople have constructed and tried other types of attack, but there are no known cryptoanalyticresults against IDEA that would reveal any serious weakness. According to the currentknowledge, IDEA algorithm represents a very solid building block for a data security system.It is difficult to anticipate all of the cryptoanalytic attacks that one might devise. In order tomake the cryptoanalysis even more harder the crypto-disk implementation uses a cipher blockchaining (CBC) technique. In brief, the CBC implementation uses a block of ciphertext to beexclusive-ored with the next plaintext block. The result is then encrypted using the basealgorithm (IDEA). CBC offers improved protection against ciphertext insertions, deletionsand modifications. The CBC is described in reference [Denning].5.b. The possible security holesThe crypto-disk security relies on the secrecy of the key used for data encryption. It is crucialnot to reveal the key, so it is undesirable to store the key "anywhere except in the user mind".However, there has to be a mechanism for user key validation. For instance, it would bedisastrous for crypto-disk data integrity to allow crypto-disk write operations using themistyped key. The key validation mechanism works as follows: during the crypto-diskformatting phase a data block is encrypted using a key obtained from the user. In this datablock, eight bits are pre-defined while the other bits are generated randomly. The result isstored together with the other crypto-disk data. During the crypto-disk activation process thesame ciphertext is decrypted using a user provided key. The result is then checked for the pre-defined bits. If they are found at the correct place, the key is considered valid.It would be possible to disassemble the program and recover the pre-defined bits. By doingthis the cryptoanalyst would acquire a ciphertext of a partially known plaintext. This may notlead to a known-plaintext attack, but there are other ways of obtaining the material for suchpurpose. The structure of the crypto-disk file resembles the structure of the ordinary filesystem. It contains directories, FAT tables, boot sector and other common structures. Inaddition, there is a problem of regular appearance of the same structures in the data beingencrypted (file headers, executable formats and so on). All these structures gets encrypted sothere can be a lot of known plaintext-ciphertext counterparts to be examined by thecryptoanalyst. Is this a security hole ? Without any doubt, it can facilitate the cryptoanalytic
efforts and it is worth mentioning. But, it will not be effective unless used in a still-undiscovered way.We have stated that the security of a system rests in the key. The key is chosen by the userand that may pose a problem. When people choose keys, they tend to choose poor ones. Byusing a poor key the whole system could be compromised regardless of the strength of theencryption algorithm used. This is more serious problem then one mentioned above. Forinstance, this can be used for modified brute-force attack that would try only a subset of allpossible keys. It is called a dictionary attack because only common combinations would betried (words from database, their variations, commonly used passwords etc.) It is not unusualfor the dictionary attack to be successful in a surprisingly large percentage numbers.The answer to this threat is simple - use strong keys. The strong keys are random bit stringsgenerated by some reliable automatic process. Unfortunately, such keys tend to be hard toremember and inconvenient for use. At present moment, crypto-disk rejects short keys but itdoes not support automatic key generation or any elaborate guarding mechanism against poorkey choices. This remains to be implemented in the future versions.The another possible problem connected to key usage is a key changing. It is always desirableto change keys regularly. In a crypto-disk case, there is one key per disk and the crypto-diskdata is actually stored in a single file. To change a key, whole file must be decrypted and re-encrypted with a new key. Depending on the file size, it can be a tedious process. However, itis not necessary to change key on daily basis. Generally, the recommended key lifetime has tobe determined according to the information nature and the possible sources of danger.There are ways to bypass the security system without using the cryptoanalysis. Let us assumethat an application results have been stored on a crypto-disk. In this way, they are supposed tobe protected, but a potential problem lies in a fact that, in a computer, data can be easilycopied and stored in multiple places. This can happen without user knowledge. For instance,the operating system memory management could cause data swapping to disk. Theapplication might use the temporary files on non crypto-disk volume. The data may remainthere unprotected. If such scenarios are plausible, the only answer is to safe-erase the contentsof any temporary or swap file. Unfortunately, the need for doing this is often overlooked andsometimes, it is hard to locate the potential candidates for safe-erasure.To ensure secrecy, care must be taken to avoid other system bypassing scenarios. Forinstance, someone might install a program that intercepts the keyboard calls and copies key-stroke codes to a hidden file. Later, this file could be examined and keys extracted. It isdifficult to anticipate all kinds of attack against security system. It would be unwise to assumethat the list is ever concluded. However, the important thing is not to state "our encryption isstrong" and forget about everything else.6. CONCLUSIONThe data secrecy is a important field of personal computer security. The crypto-disk employscryptography in order to improve secrecy. If the data should be private, encryption forms themost reliable level of static data protection. The crypto-disk uses strong encryption and it willwithstand attack, provided that poor keys and bypass scenarios are avoided. Crypto-disk testversion (DOS/Windows 3.x, Croatian language) is available freely. Contact the authors at oneof the given addresses.
7. REFERENCESAsche, R. R. (1994): The Little Device Driver Writer, MicrosoftCobb, S. (1992): PC and LAN Security, Windcrest/McGraw-HillDenning, D.E.R. (1982): Cryptography and Data Security, Addison-WesleySchneier, B. (1996): Applied Cryptography, Wiley