Hard disk drives usually contain a lot of data yet any person using the computer can easily access the data, unless the data has limited access rights, which can better still be called encryption. Data encryption technology has for many years been used to protect information stored in hard disks by simply converting them into unique readable code that unauthorized people cannot access or break into easily. The disk encryption technology uses hardware or disk encryption software to encrypt all information that is written on a disk. If using sophisticated data encryption software, users can manage the encryption preferences by allocating the data to be allocated and one not to be. In simple terms, data encryption is all about preventing unauthorized people from accessing some part or all user data stored on a hard disk drive.
Whole disk encryption of full disk encryption is when everything on a hard disk is protected, including programs that encrypt bootable OS partitions, when the disk is partially un-encrypted. File vault 2 is used to fully encrypt OS X’s start up volume; in such instance authorized FDE user information gets loaded from a non encrypted boot volume in a different location. If a system uses master boot record (MBR) it will not be encrypted. There is quite a number of full disk encryption hardware which can fully encrypt a full booth disk including the master boot record.
Filesystem Level Encryption versus Disk Encryption
There is some situation under which disk encryption fails to adequately replace file encryption. In some instances disk encryption is used alongside filesystem-level encryption to help provide more hard disk encryption solutions. Since the disk encryption technology mostly uses a similar key in whole volume encryption, there are high chances for data decryption when the whole system goes down. On the end, there are a number of disk encryption solutions that use many keys to encrypt different hard disk partitions. If filesystem-level encryption is not used the attackers gain unlimited access to files in the hard disk. Folder end conventional encryption is a better alternative for they allow the user to allocate unique keys to the different hard disk portions. This means as much as they can access the hard disk, there are parts of the hard disk that they cannot access since they remain encrypted.
There one major difference between hard disk encryption and filesystem-level encryption. Filesystem-level encryption doesn’t encrypt filesystemmetadata, like modification sizes or timestamps, directory structure, and file names.
Problems with the boot key
There is one major issue that has to be tackled when doing full disk encryption, since the blocks where the OS is stored have to be decrypted prior to booting the OS, the user must have the key before having user interface requesting for password. Majority of the full disk encryption technologies in attempt to utilize Pre-Boot Authentication load a small but very secure OS that is highly locked against system variables so as to ascertain the integrity level of the Pre-Booth kernel. There are other implementations like BitLocker Drive Encryption which use hardware like Trusted Platform Module to make sure that the booth system environment has high level of integrity, thus frustrating any attacks targeting the bootloader through replacing it with a modified version. This guarantees that authentication takes place in highly controlled environment without any chances that attempt to use a bootkit to subvert the pre-booth decryption will be successful. This ensures that all data stored in the hard disk is highly protected from any unauthorized access.
If there is a proper Pre-Booth Authentication environment, they key being used in data encryption isn’t decrypted unless an external key will be input.
A large percentage of the disk encryption solutions face a cold booth attack, a scenario in which encryption keys are stolen when a machine running an OS is cold booted, and its memory contents before data get completely lost. The attack is reliant on the data reminance of the computer memory, in which data bits tend to take some minutes to degrade after removing power. Not even a Trusted Platform Module (TPM) can be fully effective against the attack, since an OS needs to memorize decryption keys for it to access the hard disk.
Any encryption system that depends on software is vulnerable to many side channels like hardware keyloggers and acoustic cryptoanalysis. As opposed to this, there are no chances of self encrypting drivers getting attacked since the hardware encryption key is always with the disk controller.
All these encryption solutions have varying security levels, but most of them are better compared to having a completely unencrypted disk. However, we have seen that hardware relying encryption systems are more reliable that software based systems. It’s advisable that one purchases encryption hardware, or purchase machines that already have the hardware installed. Hard disk drive security is a critical issue especially when handling sensitive data.