International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
49
Laptop Data Theft-Full Disk Encryption System
Akinsola Fatai Adegboyega
1, Ogwueleka Francisca Nonyelun
21School of Science and Technology, National Open University (NOUN), Lagos 2Computer Science Department, Federal University Wukari, Taraba State
Abstract— Laptop data theft has reached alarming rate requiring urgent steps to bring the menace under control. This research work focused on mechanisms to protect laptop data from theft and abuse. Full disk encryption (FDE) system was designed to secure data stored on laptops owned by the company or those owned by individual employees but are used to carry out the business of the company. The protection of data stored on laptop was achieved by using open source Truecrypt encryption source code to implement full disk encryption solution. The design is purely software based and relied on password method of authentication. The full disk encryption solution basically takes blocks of data in plaintext format from the laptop’s hard disk, convert same into cipher text before writing it back onto the hard disk, using 128 bits Advanced Encryption Standard (AES). The full disk encryption system was able to guarantee security of data and information on the laptop since only the authorized owner or custodian, with correct encryption password or key was able to boot the laptop and logon to view, update or print
information stored on the laptop.
Keywords— Advanced Encryption System (AES), Full Disk Encryption (FDE), Information Security Management System (ISMS), Laptop data theft, Personal Identification Number (PIN), Pre-boot Environment (PBE)
I. INTRODUCTION
The use of laptop computers is increasing in private and corporate environments, providing mobile services and constant connectivity to mobile workers. The extensive use of laptops present new threats to personal and corporate information assets if not properly managed. Information security is not confined to laptop security, neither is it restricted to information in electronic or machine-readable form but to all aspects of safeguarding and protecting data and information in whatever form.
Today, laptops are much more than mere tools; they are important organizational and personal information assets containing valuable information. The foregoing makes laptop and its content a prime target. Sometimes, the motive behind laptop theft is the laptop computer itself while others are targeted at dispossessing the owner of the laptop in order to steal the valuable and confidential information stored on them. In some cases, the data stored on the laptops are highly confidential and may pose serious embarrassment if leaked to unauthorized persons.
Not only can a misplaced laptop bring negative impacts to a company, the sensitive business, customer or employee details are also put into jeopardy. Laptop hardware can be easily replaced but the valuable information may be lost forever. A way forward for every individual and
organizations using laptops and other computing
infrastructure is to put in place an effective Information Security Management System (ISMS). Effective ISMS will make unauthorized access to laptop data and other high risk assets extremely difficult if not impossible.
A number of techniques have been used to secure laptop hardware and the information they contain. While some measures will ensure physical security, others will provide technical precautions against laptop theft and data loss. This research focused on full disk encryption technique for laptop data security. Encryption plays important role in information protection. With encryption, the message in plain text format is converted into cipher text that is not readable in the event that the message is available to an unintended recipient. The intended recipient performs a similar technique to decrypt the message. Using the right algorithm and decryption key, the message can be
converted back into plain text or readable format.
II. REVIEW OF RELATED LITERATURE
The information revolution, no doubt, has altered the way information is created, stored, disseminated, modified, archived and disposed off and this has changed the organizations, and indeed society as a whole. Information and Communication Technology (ICT) remains one of the fastest spreading innovations that has been widely propagated and adopted world over. ICT has made the
world a global village facilitating interpersonal
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
50
Their applications and usefulness have been abused by dishonest and unprincipled individuals who would use computers to commit fraud and perpetrate unethical activities. The rapid advancement in the application of information technology has led to miniaturization of computer devices and associated components. Laptop computers and other portable devices (flash drives, cameras, smart phones, etc) are not left out. These devices are used today to take away large volume of data unnoticed. The reduction in sizes of these devices has made them vulnerable to theft and other forms of social vices. To prevent the information stored in these devices from falling into wrong hands, they need to be suitably secured and protected. Information security chain is needed when information is threatened, lost or misused. For information security to be effective, information and information systems must be protected from unauthorized access and usage. Information asset protection is not only a business requirement but also a legal obligation.
A. Trend In Computer Crime
A discussion of computer security and data theft will not be complete without considering few cases of computer crime including those targeting either the laptop computers or the data content. Bosworth (2009) traced the history of computer crime and identified the following stages in computer fraud:
i. Early stages of modern information and
communication technology witnessed computer crime by mainly disgruntled employees who would want to revenge the perceived maltreatment by their employers.
ii. Major threat faced by companies at that time involved
physical damage as well as stealing of computer systems and their components.
iii. Attackers had used authorized access to subvert
access control systems as they alter data for financial gain or destroyed data intentionally to revenge against their employers.
iv. Notable advancement in the field of computer science
and wide spread application of ICT to virtually every facet of human endeavor facilitated increase knowledge in methods and techniques used to penetrate and hack into computer systems and networks.
v. Around 1980s, programmers were not left out as they
learned how to write malicious software such as virus and worms to invade personal computers and networks.
vi. Criminals abused the openness of Internet to gain
increased access to increasing numbers of systems worldwide using unauthorized access to penetrate vulnerable systems for vandalisms and other ulterior motives.
vii. Financial crime using penetration and subversion of
computer systems increased as the 1990s progressed.
viii. From mid-1990s onwards, illegitimate applications of
e-mail increased, sending series of unsolicited commercial and fraudulent e-mails.
ix. From 2000 upward, unsuspecting individuals have
lost millions of dollars to fraudsters through mails from banks and other financial institutions asking them to change their personal access control information even though you do not maintain accounts with them.
x. Cases of illegally breaking into organizations systems
to steal information and cause untold damage to information assets are a common phenomenon in recent times.
xi. Website spoofing became a daily occurrence
masterminded for the purpose of stealing personal identity of unsuspecting customers.
xii. On Sunday 28th November 2010, WikiLeaks began
publishing leaked United States embassy cables - the largest set of confidential documents ever to be
released into the public domain
(http://en.wikipedia.org/wiki)
The incidents of computer abuse and crime will not stop; rather other forms of abuse will continue to emerge. As we
witness greater flexibility in communication and
collaboration through communication networks,
governments, organizations and individuals will have to increase their vigilance to defeat the growing army of computer criminals of every type. It is pertinent to mention that up till this moment, some countries are yet to enact a Cybercrime law which would have outlawed many forms of Internet misuse, including spamming, data theft, online identification theft, and buying goods online using stolen credit card details. As a result, all of the above remain more or less permissible with difficulties in prosecuting offenders.
A. Goals of Information Security
The goals of data and information security are integrity, confidentiality, and availability of information stored and managed by computer systems. The relationship among
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
[image:3.612.42.285.118.247.2]51
Figure 1. Relationship between confidentiality, integrity and availability
Confidentiality means preventing unauthorized access. Confidentiality ensures that only the authorized person accesses the computer system. Not all data available on the computer falls in the category of confidential data. There is data that can be made public and there is data that is considered sensitive. Integrity on the other hand deals with the knowledge that data has not been modified. To prevent the integrity of data means that the data is unmodified, precise, accurate, complete and modified in an acceptable way by authorized people. Availability is the property that information is usable and accessible to authorized individual upon request.
B. Encryption Against Data Theft
Data encryption is a mean of securing data by changing the meaningful plaintext into some code that looks like null and void to others. It is an easy way to protect information. It is however pertinent to mention that the user has to remember the key. According to Certified Information Systems Audit (CISA) Review Manual (2012), encryption, also referred to as cryptography is defined as the ‘process of converting plaintext message into a secure-coded form of text, called cipher text, which cannot be understood without converting back, via decryption to plaintext’. Encryption is done via a mathematical function and a special encryption/decryption password called the key. Afolorunso (2009) noted that secret writing is not new. He described it as the science of writing in secret code and is an ancient art. According to him, the first documented use of cryptography in writing dated back to 1900 B.C. when an Egyptian scribe used non-standard hieroglyphics in an inscription. Some experts believed the cryptography and writing were invented almost at the same time. The new form of encryption emerges with the widespread
development of computer and communications
technologies. Encryption is a key technology when communicating over any un-trusted medium, particularly the Internet. Based on CISA Review manual (2012), encryption is used to:
i. Safeguard data in transit over networks from
unauthorized interception and manipulation
ii. Protect information stored on computers from
unauthorized disclosure, alteration and theft.
iii. Discourage and detect accidental or intentional
alterations of data
iv. Verify authenticity of a transaction or document.
Afolorunso (2009) identified two broad categories of encryption systems: the symmetric and the asymmetric key systems. Symmetric key systems use single, secret, bidirectional (encrypt/decrypt) keys. Asymmetric key systems use pairs of unidirectional complementary keys, one of which is usually secret and the other publicly known. Public key systems are asymmetric encryption systems. In practical term, encryption involves taking an original message or plaintext and converting it into cipher text (unreadable format) using an encryption algorithm and an encryption key. You can decipher the message into plain text only if you have a secret key. Historically, encryption acted on letters of the alphabet. Anjana (2007) noted that the Caesar Cipher, was one of the oldest techniques, and gave a very simple example as explained below and depicted in figure 2:
Take the plaintext ‘Good morning sister’
Encrypt based on the encryption algorithm replacing
each letter with that X places to the right of it in the alphabet A - Z, where X, is the encryption key, and this is 3;
The cipher text is ‘jrrg pruqlqj vlvwhu’ and can be
converted back to plaintext with a decryption algorithm and decryption key, in this case, replace each letter with that three places to the left of it in the alphabet.
Key Key
PLAIN TEXT Encryption CIPHER TEXT Decryption PLAIN TEXT
Figure 2. How Encryptions Works
Full disk encryption (FDE) is achieved using encryption software or hardware to encrypt every bit of data stored on a disk. It is a secure approach of protecting sensitive data and ensuring that the enterprise meets all compliance requirements mandated by data privacy legislation, and industry standards like the ISO/IEC 27001and Payment
Card Industry Data Security Standard. You may not always
be able to protect your laptop from a thief, but you can keep the data it contains safe. Full disk encryption encrypts the entire disk including swap and temporary files.
Data Integrity
Data
Confidentiality
Data
[image:3.612.323.561.509.596.2]International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
52
If a disk encrypted with full disk encryption is misplaced, stolen, or inserted into another computer, the disk remains encrypted, and only an authorized user can access the files stored on it. It is interesting to note that full disk encryption will not protect the disk if you already logged into the system after booting and then leave your computer unattended.
III. METHODOLOGY
Chi-square was used to analyze the data obtained from responses to questionnaire and to test the hypothesis of the study. A total of one hundred and fifty (150) questionnaires were administered, out of which one hundred and thirty seven (137) were filled and returned. The responses from questionnaire were analyzed using frequency counted.
These responses shown in Table 1 justified the need to
[image:4.612.39.300.368.668.2]adopt full disk encryption for all laptops being used for official tasks using reliable software tools.
TABLE I KEY SURVEY RESPONSES
Key Survey Responses Percentage (%)
Percentage of staff mobile with laptops 91
Percentage of laptop storing confidential data 100
Percentage of staff that used password to protect operating system login/access
37
Percentage of staff that used full disk encryption
2
Percentage of staff that have lost laptops 11
Percentage of staff that was aware of full disk encryption
31
Percentage of staff that trusted full disk encryption as an effective means of laptop data
protection
69
There are different techniques available for a software engineer or a programmer to implement full disk encryption. These methods include: Cipher Block Chaining (CBC), Cipher Feedback Mode (CFB), Output Feedback Mode (OFB), Counter Mode (CTR) and Advanced Encryption Standard (AES), etc. This study relied on Truecrypt open source code that employed AES method based on Rjndael algorithm to encrypt data blocks on the laptop. The full disk encryption system was implemented using C and C++. The encryption algorithm consists of different modules implemented in a number of phases: the plain text data from the laptop is received by the receiver module; the 128-bit width plain text is encrypted by the AES encryption module; the encrypted text is sent to the intermediate module and the data sender module receives the encrypted text from the intermediate module and sends the encrypted text to hard drive where it is stored. The decryption process is performed basically in opposite direction to the encryption procedure. Once a full hard disk encryption is achieved, plaintext is never available on the disk. After encryption, the system works by redirecting the
laptop’s master boot record (MBR), which is a reserved
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
53
Yes
[image:5.612.67.255.142.662.2]
No
Figure 3. Full Disk Encryption Flowchart
IV. RESULT
After the implementation of full disk encryption using TrueCrypt open source on the laptop, the solution was tested. The following results were observed:
a)When the laptop was booted, the system presented a
pre-boot authentication (PBA) screen asking for a password.
b)There was a successful pre-boot authentication of the
user after a valid password was entered.
c)The laptop began to load Windows operating system
files.
d)The laptop booted successfully.
e)After booting the laptop, the laptop was used
normally.
f) Some files in Microsoft office (Words and Excel)
were opened and saved.
g)All the files were closed and the laptop shutdown for
another round of test.
h)The laptop was rebooted.
i) An attempt to bypass or skip ‘pre-boot authentication’
by pressing ‘Esc’ key failed. The laptop beeped with an error message reading ‘Error: No bootable partition found’.
j) The above confirmed the fact that unless a valid
pre-boot password is entered, the laptop cannot be pre-booted and the data on it cannot be used.
V. DISCUSSION
The present information security practices in most organizations permit unauthorized access to data and information stored on laptops when misplaced or stolen. In this way, the confidentiality and integrity of the laptop data is compromised and can lead not only to financial loss but embarrassment or legal disputes. Unauthorized access to company information can also lead to leakage of company trade secrets or loss of competitive advantage.
The FDE system achieves the high degree of protection since all files created by Windows and applications are permanently encrypted. Full disk encryption involves pre-boot authentication, which means that anyone that requires access to the encrypted system for reading and writing of files stored on the system drive will need to enter correct encryption password each time the system is needed. A laptop hard drive encrypted with full disk encryption will remain inaccessible unless a valid password is given. In this way, the risk of the laptop data being stolen or accessed without authorization is mitigated.
Begin
Input (plain
text data block)
text)
32/128 Converter
128-bit AES
Encryption module
128/32 Converter
Intermediate
Module
Data Sender
Output (encrypted
block on hard disk)
Encrypt more
data block?
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 6, June 2014)
54
If something were to happen and a laptop gets lost or stolen, though, one will lose the data but at least whoever is in possession of the laptop will not be able to access the data either. On the basis of foregoing, the use of full disk encryption will protect laptop data against theft and the risk of unauthorized access is mitigated.
VI. CONCLUSION
The use of full disk encryption offered a solution to a problem that has long been identified and of great concern to laptop owners and custodians. To achieve this result, one hundred and fifty (150) questionnaires were administered to capture the responses of the staff on laptop data security problems. Responses to the questionnaires indicated that 91% of staff traveled with laptops, 100% of the laptops had confidential data, 37% use password to protect operating system logon and access to laptop, 2% use full disk encryption to secure laptop data, 11% of staff have lost laptop in the past, 31% is aware of full disk encryption, 69% agreed the use of full disk encryption will secure laptop data against data theft. The result justified the need to encrypt hard disks of laptops that are used for personal or official tasks using reliable software tools. The solution prevented successful pre-boot authentication when an invalid encryption key or password was entered. Attempt to bypass pre-boot authentication will not work. All the files stored on the hard disk of the laptop were encrypted and could not be read without a valid logon credentials. The data on the hard drive will not be accessible either if it is removed or mounted on another laptop. The solution provided a reliable means of safeguarding laptop data and enables the laptop users to feel secure.
REFERENCES
[1] Afolorunso, A. A.(2009). Operating System Concept and Networking Management.National Open University of Nigeria (NOUN) publication, Lagos, Nigeria. Pp 382-386
[2] Ahmed, A. A. (2010). IT Security for Computer and Internet Threats. National Library of Nigeria-in-Publication. Pp 1– 3, 106-108.
[3] Allen, Schaaf (2007). Full Disk Encryption - An Executive's Introduction To How It Works And Other Issues.
www.ezinearticles.com/?Full-Disk
-Encryption—An- Executives-Introduction-To-How-It-Works-And-other-Issues&id=650714
[4] Andrew, Brandt (2006). Review: Disk encryption products for your laptop. www.computerworld.com/s/article/9004881, [5] Anjana, B. (2007). Need of Information Security in the 21st
Century: With Special Emphasis on Computer Security. http://ir.inflibnet.ac.in/dxml/bitstream/handle/1944/1011/4.pdf. Retrieved July 5, 2012.
[6] Bosworth, K. W. (2009). Computer Security Handbook. John Wiley & Sons, Inc, USA, 2009. Fifth Edition. Pp 5 – 25. [7] Chalermwat, T., Khanob, T., Somsak, C. (2011), FPGA
Implementation of FDE-Portable Hard Disk System,
IC-ICTES, Pp 189-191,
www.kmitl.ac.th/~kchsomsa/somsak/papers/icictes_2011.pdf
[8] David, C. W. (2011). Lost in Line: Improving laptop Security
with Automatic Identification Technologies.
http://computersight.com/communication- networks/security/lost-in-line-improving-laptop-security-with-automatic-identification-technology.
[9] ISACA (2012). CISA Review Manual, Official
TrainingManual of Information System Audit and Control Association, Pp 316, 324 – 325, 352 – 357.
[10] Jeff, T.(2003). The Need for Information Security in Today’s
Economy. http://www.sans.org/reading
room/whitepapers/awareness.
[11] John, L. (2011). Nigeria fails to enact Cybercrime laws. http://www.theregister.co.uk/2011/04/01/nigeria_cybercrime_l aw_fail.
[12] Karen S., Murugiah S., Matt. S(2007), Guide to Storage
Encryption Technologies for End User Devices
http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf
[13] Larry, P.(2008). Airport Insecurity: The Case of Missing &
Lost Laptops.
http://www.dell.com/downloads/global/services/dell_lost_lapto p_study.pdf.
