When you save files in your computer, they are saved somewhere in the hard-disk. To access them, you need to turn on your computer, log into your account and then access the file. But if someone unplugs your hard-disk and then opens it up in an already running computer as a secondary hard-disk, then he will be able to access all the contents of the hard-disk. The solution to this problem is encryption of data into an unreadable form.
Full disk encryption or Whole drive encryption is a method where the user can encrypt all of the data on a drive or a partition, which provides an extra layer of security apart from operating system login system as unencrypted data can be accessed by anyone by installing it as secondary hard-disk in another computer or live-booting with some other operating system via USB-Drive.
If the drive itself is encrypted, anyone with the access of the computer needs to put a key in a pre-boot environment (i.e. before Operating System starts) to decrypt the data of the drive. The pre boot key can either be a password/passphrase or the user can use a physical drive which stores the key. In the second case, the data can only be accessed if the physical drive (like a pendrive) is available.
But, though full drive encryption systems like bit locker (Windows) or vera crypt (for windows and linux) are fairly secure, the user can add an extra layer of security by using something called TPM or Trusted Platform Module, which many modern motherboards have built in. Users can buy it online and plug it into their motherboard. If the user has TPM enabled, it generates the encryption key and stores a part of it within the module which prevents tampering methods such as taking the drive off of the main computer and using a different computer to decrypt the data. In full drive encryption the boot sector does not get encrypted, so if anyone infects your computer with a bootkit which usually resides in the boot sector, TPM can detect the rootkit and can lock down the drive, saving the data from rootkit.
But as these encryption strategy decrypts the whole drive once it gets the proper key, users can also use file system level encryption system to further encrypt the sensitive/important file systems of the drive using different encryption keys and decrypt them whenever necessary.
It is to be kept in mind that since the data is encrypted when stored in the hard drive and then decrypted again on-the-fly when the data is retrieved, there is a minor performance loss while using full disk encryption.
This post is written by Agnidhra.
For Wikipedia entry on Disk Encryption, click here.
For more posts on Cybersecurity, click here.
For more posts in The Cyber Cops project, click here.