Forwarded from: Elizabeth Lennon <elizabeth.lennon (at) nist.gov>
ITL BULLETIN FOR NOVEMBER 2007
USING STORAGE ENCRYPTION TECHNOLOGIES TO PROTECT END USER
DEVICES
Shirley Radack, Editor
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
U.S. Department of Commerce
End user devices, such as personal computers, portable electronic
devices, and removable storage media, are vulnerable to many threats
that can endanger the confidentiality of the information stored on the
devices and enable unauthorized persons to gain access to the stored
information. The threats can be both unintentional, such as the loss of
a portable device, and intentional, such as directed attacks that result
in disruption, identity theft, and other fraud.
End user devices include:
* personal computers - desktop or laptop;
* consumer devices - personal digital assistants (PDAs), smart
phones; and
* removable storage media - Universal Serial Bus (USB) flash drives,
memory cards, external hard drives, writeable disks (CD or DVD).
Security controls can be effectively applied to protect the sensitive
information and particularly the personally identifiable information
(PII) stored on end user devices. The Information Technology Laboratory
of the National Institute of Standards and Technology (NIST) recently
issued a new guide to help organizations secure their end user devices
and deter unauthorized parties from accessing the stored information.
The guide focuses on the application of encryption and authentication
techniques, which are the primary security controls for restricting
access to sensitive information.
Guide to Storage Encryption Technologies for End User Devices
NIST Special Publication (SP) 800-111, Guide to Storage Encryption
Technologies for End User Devices, was written by Karen Scarfone and
Murugiah Souppaya of NIST, and by Matt Sexton of Booz Allen Hamilton.
The publication addresses the basic concepts of storage encryption for
end user devices, providing information that enables organizations to
plan, implement, and maintain effective storage encryption solutions.
Topics discussed include the three classes of storage encryption
techniques (full disk encryption, volume and virtual disk encryption,
and file/folder encryption), the protections provided by the three
classes of techniques, and the role of cryptography and authentication
in implementing storage encryption solutions.
The appendices to the guide include a description of the some of the
alternate methods available for protecting stored information on end
user devices, a glossary, an acronym list, and a reference list of
online tools and resources. These references provide useful information
to help organizations gain a better understanding of the use of storage
encryption for protecting end user devices.
NIST SP 800-111 is available at the NIST website at
http://csrc.nist.gov/publications/PubsSPs.html.
Storage Devices and the Need for Security Controls
One of the many threats to the confidentiality of information stored on
end user devices is the insertion of malicious code or malware, which
includes viruses, worms, malicious mobile code, Trojan horses, rootkits,
and spyware. Malware attacks compromise the confidentiality, integrity,
or availability of the organization's data, applications, or operating
system, and give attackers unauthorized access to a storage device. They
can then transfer information from the device to the attacker's system
and carry out other actions that jeopardize the confidentiality of the
information on a device.
Another common threat is loss or theft of an end user device. Someone
with physical access to a lost or stolen device has many options for
viewing the information stored on the device. Insider attacks are also a
concern. For example, an employee may attempt to access sensitive
information stored on another employee's device or access another user's
files on a device that the two users share.
These threats, as well as threats to other aspects of information system
operation and management, should be addressed by the implementation of
appropriate controls that are managed within a comprehensive information
security program. Federal agencies are directed by the Federal
Information Security Management Act (FISMA) to develop, document, and
implement agency-wide information security programs and to provide
information security for the information and information systems that
support the organization's operations and assets.
Standards and guidelines developed by NIST help federal agencies meet
their responsibilities under FISMA. Federal Information Processing
Standard (FIPS) 199, Standards for Security Categorization of Federal
Information and Information Systems, helps agencies to categorize their
information systems as low-impact, moderate-impact, or high-impact for
the security objectives of confidentiality, integrity, and availability.
FIPS 200, Minimum Security Requirements for Federal Information and
Information Systems, guides agencies in determining minimum security
requirements for seventeen security-related areas and in selecting an
appropriate set of security controls to satisfy the minimum
requirements.
NIST SP 800-53, Recommended Security Controls for Federal Information
Systems, provides information about recommended security controls,
including controls related to storage security, such as controlling
access through encryption of stored information, restricting access to
mobile computing devices and information system media, and storing media
in physically secure locations.
In addition to FISMA, federal agencies are also required by Office of
Management and Budget (OMB) Memorandum M-06-16 to protect agency
information that is either "accessed remotely or physically transported
outside of the agency's secured, physical perimeter." M-06-16
specifically requires that agencies encrypt all data stored on mobile
computing devices, such as laptops and personal digital assistants
(PDAs), unless the data has been determined by the designated agency
official to be nonsensitive. Additional requirements for federal
agencies to protect sensitive personal information are included in the
Privacy Act of 1974, the Gramm-Leach Bliley Act, and the Health
Insurance Portability and Accountability Act of 1966 (HIPAA). Storage
Encryption Solutions
Encryption and authentication methods are the primary security controls
for restricting access to sensitive information stored on end user
devices. FIPS have been issued specifying methods for encryption,
message authentication, and security requirements for cryptographic
modules. See the More Information section at the end of this bulletin
for access to NIST resources on security-related FIPS and guidelines.
Encryption can be used to encrypt an individual file containing
sensitive information or to encrypt all stored data. Three types of
encryption methods are available: full disk encryption, volume and
virtual disk encryption, and file/folder encryption. Issues to be
considered in selecting the appropriate encryption solution for a
particular situation include the type of storage, the amount of
information that needs to be protected, the environments where the
storage will be located, and the threats that need to be mitigated. A
chart in NIST SP 800-111 compares the protections and other
characteristics of the different storage encryption technologies.
Full disk encryption (FDE). Also known as whole disk encryption, full
disk encryption is the process of encrypting all the data on the hard
drive used to boot a computer, including the computer operating system
(OS), and permitting access to the data only after successful
authentication to the FDE software product.
Most FDE products are software-based and are mostly used on desktop and
laptop computers. The requirement for pre-boot authentication means that
users have to be able to authenticate their identity using the
fundamental components of a device, such as a standard keyboard. Since
the OS is not loaded, OS-level drivers are unavailable. For example, a
PDA or smart phone could not display a keyboard on the screen for
entering a password because that is an OS-level capability.
Protection Offered: For a computer that has not been booted, all the
information encrypted by FDE is protected, assuming that pre-boot
authentication is required. When the device is booted, then FDE provides
no protection; once the OS is loaded, the OS becomes fully responsible
for protecting the unencrypted information. However, when the device is
in a hibernation mode, most FDE products can encrypt the hibernation
file.
Virtual disk and volume encryption. Virtual disk encryption involves
encrypting a file called a container, which can hold many files and
folders, and permitting access to the data within the container only
after proper authentication is provided. In this case, the container is
typically mounted as a virtual disk. Virtual disk encryption is used on
all types of end user device storage. The container is a single file
that resides within a logical volume. Examples of volumes are boot,
system, and data volumes on a personal computer and a USB flash drive
formatted with a single filesystem. Volume encryption involves
encrypting an entire logical volume and permitting access to the data on
the volume only after proper authentication is provided. Volume
encryption is most often performed on hard drive data volumes and
volume-based removable media, such as USB flash drives and external hard
drives.
Protection Offered: When virtual disk encryption is employed, the
contents of containers are protected until the user is authenticated for
access to the containers. In the case of a single sign-on being used for
authentication, the containers are usually protected until the user logs
onto the device. If a single sign-on is not used, then protection is
typically provided until the user explicitly authenticates to a
container. Virtual disk encryption does not provide any protection for
data outside the container, including swap and hibernation files. These
files could contain the contents of unencrypted files that were being
held in memory. Volume encryption provides the same protection as
virtual disk encryption, but for a volume instead of a container.
File/folder encryption. This method consists of encrypting individual
files on a storage medium and permitting access to the encrypted data
only after proper authentication is provided. Folder encryption is very
similar to file encryption, but addressing individual folders instead of
files. Some OSs offer built-in file and/or folder encryption
capabilities, and many third-party programs are also available for this
encryption process. Folder encryption and virtual disk encryption differ
in that virtual disk encryption involves a container, which is a single
opaque file. No one can see what files or folders are inside the
container until the container is decrypted. File/folder encryption is
transparent, making it possible for anyone with access to the filesystem
to view the names and possibly other metadata for the encrypted files
and folders, including the files and folders within encrypted folders,
unless they are protected through OS access control features.
File/folder encryption is used on all types of storage for end user
devices.
Protection Offered: File/folder encryption protects the contents of
encrypted files, including the files in encrypted folders, until the
user is authenticated for the files or folders. When a single sign-on is
used, the files are normally protected until the user logs onto the
device. When a single sign-on is not used, protection is typically
provided until the user explicitly authenticates to a file or folder.
File/folder encryption does not provide any protection for data outside
the protected files or folders, including swap and hibernation files,
which could contain the contents of unencrypted files that were being
held in memory. File/folder encryption software also cannot protect the
confidentiality of filenames and other file metadata. This situation can
result in attackers getting access to valuable information such as files
that are named by Social Security number.
NIST Recommendations
NIST advises that organizations implement the following recommendations
to facilitate more efficient and effective design, implementation, and
management of storage encryption solutions for end user devices:
Consider solutions that use existing system features and infrastructure
when selecting a storage encryption technology. Organizations have many
factors to consider when they are selecting storage encryption
solutions, including the platforms they support, the data they protect,
and the threats they mitigate. Some solutions involve deploying various
servers and installing software on the devices to be protected, while
other solutions can use existing servers, as well as software built into
the devices to be protected, such as FIPS-approved encryption features
built into the devices' operating systems. When the changes to the
infrastructure and devices are more extensive, it is more likely that
the storage encryption solution will cause a loss of functionality or
other problems with the devices. When evaluating solutions,
organizations should compare the loss of functionality with the gain in
security capabilities and decide if the trade-off is acceptable.
Solutions that require extensive changes to the infrastructure and end
user devices should generally be used only when other solutions cannot
meet the organization's needs.
Use centralized management for all deployments of storage encryption
except for standalone deployments and very small-scale deployments.
Centralized management, which is an effective and efficient practice for
policy verification and enforcement, key management, authenticator
management, data recovery, and other management processes, is also
recommended for most storage encryption deployments. Centralized
management can also be an effective practice for automating the
deployment and configuration of storage encryption software to end user
devices, for distributing and installing updates, for collecting and
reviewing logs, and for recovering information from local failures.
Ensure that all cryptographic keys used in a storage encryption solution
are secured and managed properly to support the security of the
solution. Storage encryption technologies use one or more cryptographic
keys to encrypt and decrypt the data that they protect. When a key is
lost or damaged, organizations may not be able to recover encrypted data
from the computer. Therefore, organizations should carefully plan their
key management processes, procedures, and technologies before
implementing storage encryption technologies. This planning should
include all aspects of key management, including key generation, use,
storage, recovery, and destruction. Organizations should carefully
consider how key management practices can support the recovery of
encrypted data if a key is inadvertently destroyed or otherwise becomes
unavailable. Organizations planning on encrypting removable media also
need to consider how changing keys will affect access to encrypted data
stored on removable media. They should develop feasible solutions, such
as retaining the previously used keys in case they are needed.
Select appropriate user authenticators for storage encryption solutions.
When storage encryption solutions are employed, users must authenticate
successfully before accessing the information that has been encrypted.
Common authentication mechanisms are passwords, personal identification
numbers, cryptographic tokens, biometrics, and smart cards. Instead of
adding new authenticators for their users, organizations should consider
leveraging existing enterprise authentication solutions, such as Active
Directory and public key infrastructure (PKI) techniques. This practice
is generally acceptable when two-factor authentication is used. However,
using the same single-factor authenticator for multiple purposes, such
as operating system (OS) authentication and storage encryption
authentication, significantly weakens the protection that the
authentication process provides. For example, an attacker who learns a
single password could gain full access to the device's information.
Organizations should carefully consider the security implications of
using the same single-factor authenticator for multiple purposes. In
particular, organizations should not use email passwords and other
passwords, sometimes transmitted in plaintext, as single-factor
authenticators for storage encryption.
Implement measures that support and complement storage encryption
implementations for end user devices. Since storage encryption alone
cannot provide adequate security for stored information, additional
security controls are needed. Federal organizations categorizing their
systems according to FIPS 199 should select and deploy the necessary
controls based on the potential impact of a security breach involving a
particular system. Management, operational, and technical controls are
explained in NIST SP 800-53.
Some examples of supporting controls are:
* Revising organizational policies as needed to incorporate appropriate
usage of the storage encryption solution;
* Securing and maintaining end user devices properly to reduce the risk
of compromise or misuse. This includes securing device operating
systems, applications, and communications, and physically securing
devices; and
* Making users aware of their responsibilities for storage encryption,
such as encrypting sensitive files, physically protecting mobile
devices and removable media, and promptly reporting loss or theft of
devices and media.
More Information
NIST publications assist organizations in planning and implementing a
comprehensive approach to information security. For information about
NIST standards and guidelines that are referenced in NIST SP 800-111 and
other security-related publications, covering related topics, such as
protecting active content, electronic mail, and servers, see
http://csrc.nist.gov/publications/index.html. Selected publications
specifically related to the guide include:
FIPS 199, Standards for Security Categorization of Federal Information
and Information Systems, requires agencies to categorize their
information systems as low-impact, moderate-impact, or high-impact for
the security objectives of confidentiality, integrity, and availability.
FIPS 200, Minimum Security Requirements for Federal Information and
Information Systems, specifies minimum security requirements for federal
information and information systems in seventeen security-related areas
that represent a broad-based, balanced information security program.
NIST SP 800-21, Second Edition, Guideline for Implementing Cryptography
in the Federal Government, helps agencies select, specify, employ, and
evaluate cryptographic protection mechanisms for federal information
systems.
NIST SP 800-53, Minimum Security Controls for Federal Information
Systems, provides guidance in selecting, specifying, and tailoring
security controls that will provide an appropriate level of security,
based on the organization's assessment of mission risk.
Draft NIST SP 800-53A, Guide for Assessing the Security Controls in
Federal Information Systems, will assist organizations in developing an
effective assessment plan.
NIST SP 800-60, Guide for Mapping Types of Information and Information
Systems to Security Categories, assists organizations in identifying
information types and impact levels, and assigning impact levels for
confidentiality, integrity, and availability.
NIST SP 800-66, An Introductory Resource Guide for Implementing the
Health Insurance Portability and Accountability Act (HIPAA) Security
Rule, summarizes the HIPAA security standards and explains the structure
and organization of the Security Rule.
Disclaimer
Any mention of commercial products or reference to commercial
organizations is for information only; it does not imply recommendation
or endorsement by NIST nor does it imply that the products mentioned are
necessarily the best available for the purpose.
Elizabeth B. Lennon
Writer/Editor
Information Technology Laboratory
National Institute of Standards and Technology
100 Bureau Drive, Stop 8900
Gaithersburg, MD 20899-8900
Telephone (301) 975-2832
Fax (301) 975-2378
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Wed Nov 28 2007 - 23:35:25 PST