Slashdot Mirror
Why Not Use Full Disk Encryption on Laptops?
Saqib Ali asks: "According to the 2006 Security Breaches Matrix, a large number of the data leaks were caused due to stolen/missing laptops. Mobile devices will be stolen or lost, but one way to easily mitigate the harm is to use Full Disk Encryption (FDE) on all mobile devices. So, why don't we encrypt all our HDDs?"
"Cost, and performance impact are the usual arguments.
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performance noticeably when the virtual memory is being used more often.
Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Cost for Full Disk Encryption solutions ranges from $0-$300.
Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"
If the summary answers its own questions why even bother posting comments? Except to be a smart-ass (like me).
Philosophy.
Really, we all know that people will forget/lose the password. Or they'll write it down and leave it in the laptop case.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Doesn't Vista have a built-in feature for full disk (or all but system files) encryption? Can't you even just check off the 'encrypt' option on the properties sheet for your my docs folder (even on XP) ... or your entire user profile (to cover outlook OST etc, though that is already encrypted I believe, or can be configured to be in outlook).
Most of the key management problems have actually been solved. PGP disk for a long time had the ability to encrypt using multiple keys, fraction keys (eg. 3 out of 5 must have their keys to open), key expiration, etc.
The real problem is convenience. People don't like to use secure passphrases each time they turn on their computer. How many people actually used the BIOS password feature? An easier thing would be to use some identification based (USB fob, fingerprint scanner) access, but the acceptance rate of those are very small.
Unless security is important to them personally, people just don't care. (checking under my keyboard for the root password for all the machines at work)
Will the War in Iraq get better or worse in 2007? Vote here
I for one, do use full encryption... Suits me just fine...
But then again, I use linux. Encryption is actually pretty simple under it for people who actually know how to admin a Linux system.
At one time, I even ran Win2k under VMware from an image on the encrypted disk. Which means the *ENTIRE* win2k "partition" was encrypted -- something that I understand to be impossible when run natively.
The real reasons why most don't do it?
1) Ignorance -- it is not a built-in feature in Windows
2) Hassle -- overtasked IT professionals aren't going to incur extra liability for encrypting a disk, handling lost passwods, etc. (It would be really bad to forget the password)
3) Performance -- Encrypted disks aren't good for high I/O apps... Fortunately, most apps aren't!
I sleep much better, knowing that my data is safe even if I loose possession of it. I have no qualms about storing tax returns, financial records, etc on my laptop.
Full Disk Encryption gives you the access overhead that comes with encryption/decryption for every access to the hard disk. Why not just encrypt the sensitive data if you want to avoid leaks of the sensitive data?
Plus, a lot of the recent newsworthy leaks would be avoided or minimized by using encrypted access to sensitive databases via an application on the laptop, rather than people copying large databases of sensitive data to their laptop to take it home and work on it, and then losing the laptop.
In the context of stupid employers/empoyees losing laptops with sensitive databases on them, this isn't even a question - the data should never leave company premises unless it's encrypted, end of story. The fact that this isn't standard practice indicates widespread incompetence.
Do you understand what's being discussed here? It's NOT how to keep your laptop from being stolen. It's how to protect its contents in case it IS stolen. Not trying to prevent theft -- trying to make sure your data doesn't fall into the wrong hands.
In a number of contexts, loss of data is a more serious concern than loss of confidentiality. For the vast majority of self-generated data on my hard drive, I would be seriously inconvenienced by the loss of the data, but would not at all mind the data becoming public. For a significantly smaller amount of data, I would seriously mind the data becoming public, but I would more mind losing the data. Only a very small fraction of data on my computer is such that I would mind the data becoming public more than I would losing it.
In such a context, given that FDE makes data recovery harder and more time-consuming, it can make sense to encrypt only that tiny fraction of data where one would more mind its becoming public than one's losing it. In other contexts, it will be different.
The reason to encrypt the whole drive as opposed to the writable sections is simply convenience - if you've got hardware assistance, it's probably designed to encrypt the whole disk using some crypto chip in the disk controller, and administratively simpler to use, and if you don't have that, it's probably easier to encrypt individual partitions or filesystems, or sometimes directories, rather than hack up some CPU-based driver that encrypts the whole disk.
From a performance standpoint, it's probably faster *not* to encrypt your program filesystems, and as far as encrypting swap goes, you took the big hit when you started to swap anyway, and rotational+seek latency is usually more of a limitation than overall throughput, so if this bothers you, but some more RAM. Encryption chips on the disk controller are probably faster than CPU software drivers, but not necessarily - your mileage is extremely variable.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks