14-11-2012, 01:13 PM
Confidential Data Storage and Deletion
Confidential Data Storage and Deletion - Report.pdf (Size: 437.15 KB / Downloads: 149)
ABSTRACT
With the decrease in cost of electronic storage media, more and more sensitive data
gets stored in those media. Laptop computers regularly go missing, either because they are
lost or because they are stolen. These laptops contain confidential information, in the form of
documents, presentations, emails, cached data, and network access credentials. This
confidential information is typically far more valuable than the laptop hardware, if it reaches
right people. There are two major aspects to safeguard the privacy of data on these storage
media/laptops. First, data must be stored in a confidential manner. Second, we must make
sure that confidential data once deleted can no longer be restored. Various methods exist to
store confidential data such as encryption programs, encryption file system etc. Microsoft
BitLocker Drive Encryption provides encryption for hard disk volume and is available with
Windows Vista Ultimate and Enterprise editions. This seminar describes the most commonly
used encryption algorithm, Advanced Encryption System (AES) which is used for many of
the confidential data storage methods. This seminar also describes some of the confidential
data erasure methods such as physical destruction, data overwriting methods and Key erasure.
Keywords: Privacy of data, Confidential data storage, Encryption, Advanced
Encryption Standard (AES), Microsoft Bit Locker, Confidential data erasure, Data
overwriting, Key erasure.
Introduction
As the cost of electronic storage declines rapidly, more and more sensitive data is
stored on media such as hard disks, CDs, and pen drives. Many computers store data about
personal finances, online transactions, tax records, passwords for bank accounts and emails.
All these sensitive information are vulnerable to theft. Sensitive data may also be leaked
accidentally due to improper disposal or resale of storage media. To protect the secrecy of the
entire data lifetime, we must have confidential ways to store and delete data.
Traditional methods for protecting confidential information rely on upholding system
integrity. If a computer is safe from hackers and malicious software (malware), then so is its
data. Ensuring integrity in today’s interconnected world, however, is exceedingly difficult.
There are two major components to safeguard the privacy of data on electronic storage
media. First, the data must be stored confidentially without incurring much inconvenience
during normal use. Second, data must be removed from the storage medium in an
irrecoverable manner, at the time of disposal.
The general concept of secure handling of data is composed of three aspects:
confidentiality, integrity, and availability. Confidentiality involves ensuring that information
is not read by unauthorized persons. Using encryption to store data or authenticating valid
users are examples of means by which confidentiality is achieved. Integrity ensures that the
information is not altered by unauthorized persons. Storing a message authentication code or
a digital signature computed on encrypted data is a way to verify integrity. Finally,
availability ensures that data is accessible when needed. Having multiple servers withstand a
malicious shutdown of a server is one way to improve availability.
Confidential Data Storage and Deletion
Department of Computer Science 3 CUSAT
Encryption
Encryption is the process of transforming information (referred to as plaintext) using
an algorithm (called cipher) to make it unreadable to anyone except those possessing special
knowledge, usually referred to as a key. The unreadable text created is known as cipher text.
The reverse process is known as decryption. There are two basic techniques for encrypting
information: symmetric encryption (also called secret key encryption) and asymmetric
encryption (also called public key encryption).
Symmetric encryption is the oldest and best-known technique. A secret key, which
can be a number, a word, or just a string of random letters, is applied to the text of a message
to change the content in a particular way. This might be as simple as shifting each letter by a
number of places in the alphabet. As long as both sender and recipient know the secret key,
they can encrypt and decrypt all messages that use this key.
Sub Bytes
The first transformation, Sub Bytes is used at the encryption site. To substitute a byte,
we interpret the byte as two hexadecimal digits. The left digit defines the row and the right
digit defines the column of the substitution table. The two hexadecimal digits at the junction
of the row and the column are the new byte. In the Sub Byte transformation a state is treated
as a 4 x 4 matrix of bytes. Transformation is done one byte at a time. The content of each
byte is changed, but the arrangement of bytes in the matrix remains the same. Fig 4. shows
this idea.
Confidential Data Storage
Achieving confidentiality means storing data in a way that can be read or deciphered
only by authorized persons. No unauthorized persons should be able to read or otherwise
obtain meaningful information from this data, even with physical access to the storage media
(e.g., a stolen laptop).
Fig 7 shows the storage data paths for popular Unix-based and Windows operating
systems. For both platforms, applications reside in user space. When a Unix application
makes a call to a file system, the call crosses the kernel boundary and is handled by the
Virtual File System (VFS) layer. VFS provides functions commonly used in various file
systems to ease individual file system implementations, and allows different file systems to
coexist, including local file systems such as ext3 and network file systems such as NFS.
Local file systems then proceed to read and write to the block layer, which provides a unified
API to access block-layer devices.
When a Windows application makes a file system call, that call gets passed to the I/O
Manager. The I/O Manager translates application file system calls into I/O request packets,
which it then translates into device-specific calls. The File System Drivers are high-level
drivers such as FAT and NTFS. These drivers rely on the Storage Device Drivers, which are
lower-level drivers that directly access the storage media. Note that both UNIX and Windows
storage data paths share almost one-to-one mapping in terms of their internal structures.
Thus, a confidential storage solution designed for one can be generalized to both platforms