Providing security for data on laptops and hard drives

| Comments (4) | TrackBacks (43) |
21st Century Locks is offering hard drives and flash drives that feature biometric (thumbprint) authentication. Here's the press release.
(PRWEB) January 21, 2005 -- With the workforce becoming increasingly mobile there is a large amount of confidential business, customer and personal information being stored on laptops. The loss, or theft, of a laptop containing confidential business, customer or personal information can leave you open to loss of critical business information, identify theft and possible legal action by your customers. With the implementation of increased regulatory requirements, HIPPA, Sarbanes-Oxley etc there is also the possibility of action being taken under those acts.

...

"The ClipDrive Bio Fingerprint USB Flash Drive and Outbacker Fingerprint USB Hard Disk Drives provide the most secure and efficient portable data storage available," said Rob van Gils - VP Sales & Marketing, 21st Century Locks, Ltd. "The devices are non-operational until a validated fingerprint is received. Once the device is activated it functions just like another drive on your PC. The drives have both public and private sectors, the public sector is available to all registered users and each user can have their own private sector which requires a password to access," he said.

"Because all biometric and fingerprint templates are saved in hardware and not storage media unauthorized users cannot access the device should it be lost or stolen."

Maintaining confidentiality for stolen laptops and hard drives is a very serious problem, but it's not clear that biometrics add a lot of value.

The major tool for providing security for hard drives is to encrypt the data on the drive (this applies to laptops too, since the important information in the laptop is generally on the hard drive.) The key issue is how to manage the encryption keys. Part of this is a well understood problem: the hard drive has a single master key which is used to generate sub-encryption keys for individual files or sectors. The tricky question is how to manage the master key.

Password-Based Encryption
The straightforward strategy is to use a password. The master key is generated from the password using a key generation function such as PKCS#5 (Technically speaking, you typically randomly generate the master key and then encrypt it with the password, but it really doesn't make much of a difference right now.)

There is a real problem with this scheme, which is that it's susceptible to dictionary attack. People tend to choose lousy passwords, such as their names, birthdays, words that are in the dictionary, etc. It's easy to attack the system by simply trying common candidate password in turn. You take each password and generate its corresponding encryption key, and try to decrypt the data on the disk. If you get plausible looking data--as opposed to random garbage--you've almost certainly found the right password.

Hardware Security Modules
Dictionary attack is very difficult to counter in this kind system as long as its purely in software. You can try to get people to choose better passwords, but history shows that that they use bad passwords anyway. You can make the software check for bad passwords when people choose them, but then people just write them on Post-Its and stick them to the laptop.

The standard fix for this is to use hardware rather than software. The way this works is that the master key is stored encrypted in a hardware security module (HSM). When you key in the password the Operating System (OS) puts it into the HSM which decrypts the master key and returns it to the OS. Now, so far this isn't any better than before, but the hardware lets you add a critical element--a limited-try capability. The HSM only lets you enter some finite number (typically 5-10) of wrong passwords in a row. If you make more than that many errors then the HSM zeroizes (erases) the master secret. This effectively stops dictionary attack.

Now, of course the attacker still has physical possession of the laptop, so they can try to open up the HSM and extract the encrypted master key directly. This already requires a lot more tooling and effort than doing a dictionary attack, but it's fairly common to design the HSM so that any attempt to tamper with it causes it to zeroize the master secret. It's possible to bypass this too, but now you're talking about an attacker with some serious capabilities, which most people who find or steal your laptop won't have.

Note that if you have an HSM you can use very weak passwords. a 4-8 digit numeric PIN is plenty good because the number of candidate passwords the attacker can try is so limited.

Biometrics
We are now prepared to address the question of biometrics. The general principle is that the laptop or hard drive has a biometric reader (in this case a fingerprint reader). The user presses their finger on the reader instead of typing the password.

There are two ways to implement a biometric authentication scheme for hard drive encryption. The easy way to do it is for the device to store a copy of the biometric. It compares the scanned biometric to the copy and if they match it outputs the master key. The obvious problem here is that it requires the system to know the plaintext version of the master key, so if you break into it, you can decrypt all the data on the hard drive. This isn't that desirable so you probably want the biometric reader to have some sort of automatic zeroization capability, at which point you're back to HSMs and passwords start to look more attractive.

The second alternative is to directly derive the encryption master key from the biometric. The idea here is that the biometric has more entropy (is harder to guess than the password). The problem with this theory is that the biometric doesn't scan exactly the same way every time so you need some method for generating the encryption key that is insensitive to this kind of error while still being sensitive to the variation between different people's fingers. There are techniques for this (the general name is fuzzy extractors) but it's not clear that once you've compensated for them that password still have enough entropy--though it seems possible that iris codes will.1

An even more serious problem is that as anyone who watches CSI knows, your laptop is covered with your fingerprints. In particular, the fingerprint pad which you've been using to authenticate for weeks is almost certainly covered with your fingerprints! It's actually quite easy to make fake fingers from residual fingerprints that will fool fingerprint readers. So, unless you obsessively wipe down your computer, I wouldn't be too confident that someone can't replicate your fingerprint and gain access.

Given these problems, the primary value of biometric authentication--at least using fingerprints--for things like laptops is that it's marginally more convenient than passwords. However, it doesn't really make things more secure and quite likely makes them less secure.

1. Most of the work on fingerprint recognition (e.g., this paper by Clancy and Lin focuses on false positive rates (they claim 2^-69 chance of a false positive with 30% false negatives)), but that provides an upper bound on how difficult it is to guess a plausible biometric, since there's probably some correlation between different fingerprint minutiae.

UPDATE: In the comments Dan Simon mentions that you can use a removable token that contains the master key. This is a popular approach, but you need to force people to store the token and the laptop separately rather than just leaving the token in the laptop 24/7. I'm not sure how well that works in practice.

43 TrackBacks

Listed below are links to blogs that reference this entry: Providing security for data on laptops and hard drives.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/103

Not So Easy from The Cardinal Collective on January 25, 2005 10:38 PM

Read Eric Rescorla to find out why thumbprint authentication will make your laptop less secure.... Read More

cr-v3 lithium ion from ceixnoirs.dyndns.org on July 17, 2005 10:32 PM

lithium er 450 lithium clothing lithium analyzer lithium ornate lithium battery cross reference/ panasonic. 3.7 volt lithium polymer battery rush photo lithium lithium ion battery repair lithium flower bass tab aluminum lithium alloy m7318 lithium ion ... Read More

tyra banks breasts union bank united bank briana banks initiations 2 tyra banks playboy blood bank tyra banks playboy northwest savings bank texas state bank elizabeth banks free briana banks movies bendigo bank Read More

tattoo flash from tattoo flash on August 6, 2005 12:23 AM

tattoo flash Read More

alicia key ticket tropicana from alicia key ticket tropicana on August 11, 2005 10:22 AM

alicia key ticket tropicana Read More

celebrity photo from celebrity photo on August 25, 2005 8:43 AM

celebrity photo Read More

phentermine Philosophy is at once the most sublime and the most trivial of human pursuits. Read More

transvestites in lingerie big tits in lingerie lingerie bbw wifes in lingerie british lingerie lingerie romantic plump lingerie models scans glamour lingerie cameo lingerie fine lingerie thumbnails red reose lingerie sheer lingerie pics Read More

carisoprodol Read More

gasoline Read More

single dating Read More

1920s literature from anthropomorphism in literature on September 21, 2005 7:30 AM

literature masters degree on line ford literature childrens literature association literature during the civil war in alabama adolescent literature about aliens literature review compare and contrast two articles essays on northrop frye archetypes of l... Read More

childrens literature and coming of age from learning language arts through literature on September 25, 2005 4:10 PM

literature tests classic american literature portals to literature role of early american literature definition of gothic literature mexico and revolution and history or literature or sociology canadian literature world literature childrens literature ... Read More

free credit report from free credit report on September 30, 2005 2:21 AM

free credit report Read More

paris hilton video from paris hilton video on October 3, 2005 11:13 PM

paris hilton video Read More

adaware Read More

bankruptcy Read More

pillstore Read More

artificial christmas trees from artificial christmas trees on November 8, 2005 1:02 AM

artificial christmas trees Read More

college cheerleaders from college cheerleaders on November 23, 2005 3:50 AM

college cheerleaders Read More

christmas trees Read More

poker.com Read More

replica watches from how to buy replica watches on December 11, 2005 9:04 AM

TITLE: replica watches URL: http://replica.freeownhost.com/replica-watch.htm IP: 72.36.222.3 BLOG NAME: how to buy replica watches DATE: 12/11/2005 09:04:28 AM Read More

hampton inn Read More

spybot download from spybot download on January 5, 2006 9:41 PM

spybot download Read More

used cars Read More

replica watch from rolex replica watch on January 11, 2006 2:23 PM

TITLE: replica watch URL: http://replica.gratis-webspace.de/ IP: 220.202.161.26 BLOG NAME: rolex replica watch DATE: 01/11/2006 02:23:53 PM Read More

TITLE: hoodia URL: http://www.20mbweb.com/Health/hoodia/ IP: 219.62.200.238 BLOG NAME: hoodia DATE: 01/17/2006 02:06:44 PM Read More

pearl necklace from pearl necklace on January 23, 2006 12:03 PM

TITLE: pearl necklace URL: http://necklace.mappibiz.com/pearl.htm IP: 68.45.221.136 BLOG NAME: pearl necklace DATE: 01/23/2006 12:03:52 PM Read More

stockmarket Read More

this isa niceblog ... Read More

superbowl Read More

lufthansa Read More

4 Comments

An argument for passwords and against HSMs: if the HSM zeroizes itself after N wrong passwords, you better make very sure that a little kid (or curious adult) isn't going to get their hands on your laptop. It's equivalent to having a button you can press to wipe the drive: good for paranoia, but not so good for ensuring your data stays around. Availability vs confidentiality, etc. Now, if the HSM just refused new requests for a few minutes after a handful of bad attempts, that wouldn't be so bad.

And with regards to dictionary attacks, there is a reason PKCS #5 lets you use arbitrarily large salts and iteration counts. An iteration count of 100,000 is going to make dictionary attacks somewhat nontrivial, and it won't cause any overhead except during initial boot.

The standard procedure for dealing with HSM zeroization is to have offsite backups of the master secret. Though, it's certainly true that you can put a medium-length time lockout in. That's also a standard procedure.

Yes, you can use large iteration coutns. That helps some. Salts only help against precomputation attacks. However, I don't agree about the "initial boot" comment. A lot of people suspend their laptops rather than shutting them off, so you need the laptop to become unavailable on resume.

Another approach is to use a removable hardware token containing the master key. That eliminates the dictionary attack and HSM-busting, at the cost to the user of having to carry around a hardware token.

Well, how to get people to treat the hardware token special is also have it act as the physical access control to the building (have it double as the cardkey), login control to their computer, and put in on their keychain with their car keys.

Do THAT, and people will treat their hardware token better.

Leave a comment