18-06-2013, 02:53 PM
Seminar Report On Confidential Data Storage and Deletion
Confidential Data.pdf (Size: 437.15 KB / Downloads: 74)
ABSTRACT
With the decrease in cost of electronic storage media, more and more sensitive data
gets stored in those media. Laptop computers regularly go missing, either because they are
lost or because they are stolen. These laptops contain confidential information, in the form of
documents, presentations, emails, cached data, and network access credentials. This
confidential information is typically far more valuable than the laptop hardware, if it reaches
right people. There are two major aspects to safeguard the privacy of data on these storage
media/laptops. First, data must be stored in a confidential manner. Second, we must make
sure that confidential data once deleted can no longer be restored. Various methods exist to
store confidential data such as encryption programs, encryption file system etc. Microsoft
BitLocker Drive Encryption provides encryption for hard disk volume and is available with
Windows Vista Ultimate and Enterprise editions. This seminar describes the most commonly
used encryption algorithm, Advanced Encryption System (AES) which is used for many of
the confidential data storage methods. This seminar also describes some of the confidential
data erasure methods such as physical destruction, data overwriting methods and Key erasure.
Introduction
As the cost of electronic storage declines rapidly, more and more sensitive data is
stored on media such as hard disks, CDs, and pen drives. Many computers store data about
personal finances, online transactions, tax records, passwords for bank accounts and emails.
All these sensitive information are vulnerable to theft. Sensitive data may also be leaked
accidentally due to improper disposal or resale of storage media. To protect the secrecy of the
entire data lifetime, we must have confidential ways to store and delete data.
Traditional methods for protecting confidential information rely on upholding system
integrity. If a computer is safe from hackers and malicious software (malware), then so is its
data. Ensuring integrity in today’s interconnected world, however, is exceedingly difficult.
There are two major components to safeguard the privacy of data on electronic storage
media. First, the data must be stored confidentially without incurring much inconvenience
during normal use. Second, data must be removed from the storage medium in an
irrecoverable manner, at the time of disposal.
Encryption
Encryption is the process of transforming information (referred to as plaintext) using
an algorithm (called cipher) to make it unreadable to anyone except those possessing special
knowledge, usually referred to as a key. The unreadable text created is known as cipher text.
The reverse process is known as decryption. There are two basic techniques for encrypting
information: symmetric encryption (also called secret key encryption) and asymmetric
encryption (also called public key encryption).
Symmetric encryption is the oldest and best-known technique. A secret key, which
can be a number, a word, or just a string of random letters, is applied to the text of a message
to change the content in a particular way. This might be as simple as shifting each letter by a
number of places in the alphabet. As long as both sender and recipient know the secret key,
they can encrypt and decrypt all messages that use this key. This is shown in Fig 1.
Advanced Encryption Standard (AES)
In cryptography, the Advanced Encryption Standard (AES) is a symmetrickey
encryption standard adopted by the U.S. government. The standard comprises three block
ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally
published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128,
192 and 256 bits, respectively. The AES ciphers have been analysed extensively and are now
used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).
AES was announced by National Institute of Standards and Technology (NIST) as
U.S. FIPS PUB 197 (FIPS 197) on November 26.
Sub Bytes
The first transformation, Sub Bytes is used at the encryption site. To substitute a byte,
we interpret the byte as two hexadecimal digits. The left digit defines the row and the right
digit defines the column of the substitution table. The two hexadecimal digits at the junction
of the row and the column are the new byte. In the Sub Byte transformation a state is treated
as a 4 x 4 matrix of bytes. Transformation is done one byte at a time. The content of each
byte is changed, but the arrangement of bytes in the matrix remains the same. Fig 4. shows
this idea.
Shift Rows
Shifting is the permutation of bytes. Unlike DES, in which permutation is done at the
bit level, shifting transformation in AES is done at the byte level; the order of bits in the byte
is not changed. The number of shifts depends on the row number (0, 1, 2 or 3) of the state
matrix. This means the row 0 is not shifted at all and the last row is shifted three bytes. Fig 5.
shows this idea.
Conclusion
This seminar took a look at the methods, advantages, and limitations of confidential
storage and deletion methods for electronic media in a non distributed, single-user
environment, with a dead forensic attack model. Confidential data-handling methods are
compared using characteristics associated with confidentiality, policy, ease-of-use, and
performance.
Clearly, a combined solution that can store and remove confidential information
should have the following ideal characteristics:
High confidential storage and deletion granularity
Acceptable performance overhead in terms of storage and deletion
Enhanced security policy support to enable key revocation, encryption algorithm/mode of
operation change and mitigation, and erasure technique
Confidential storage and erasure of file and directory metadata
Easy to use with minimal user awareness.