IT’s Clouds

moon

 

Ethical theories of the past are blowing over the walls of modern technology like clouds rushing past the moon on a summer night, quickly vanishing into the welcoming darkness. The clouds become storms that race across subways, bridges and high-rises of our modern cities, where old ethical canons engage the cataclysmic tests of this dynamic information age.

                                    – Lou Paradies

“Ownership of Information”: A view from the race track

Today we have many legal tools to help us in protection of Ownership of Information. Florida Atlantic University Information Resource Management (IRM) provides a couple of these for us: “IRM supports the Federal Standard for Copyright (http://www.loc.gov/copyright/) and Fair Use ( http://www.copyright.gov/help/faq/faq-fairuse.html ). Any copyrighted material appearing on University web sites must adhere to acceptable use policies or be supported by written permission from the owner of the copyrighted material” (FAU, 2012). These are two avenues to protect informational rights, and patents are the other.

Part of the security challenge of the future gets back to Ownership of Information. Let’s look at this strictly from the view of business. With hardware, software, data and clouds, it is hard to keep track of everything a business owns in our day and age. It gets complex with the rate of speed it is being presented. Let’s layer on intellectual and property law, and you have an ever changing ocean of information, ideas, and ownership rights. A similarity between this kind of property and security is that both are moving at the rate of the internet and dynamically changing every day. “Congress enacted modest reforms to the patent system, but these reforms are inadequate to address the increasing rate of innovation, Christopher Paradies, a registered patent attorney and shareholder in the Tampa office of Fowler White Boggs PA, said in an email to the Tampa Bay Business Journal. Patents need to be examined and issued in less than a year, especially in technologies that change the fastest, such as computer and communications technologies” (Hoover, 2011).

We need to know that computer innovation is moving at lightning speeds, and just as our system of patents must change to keep up, so must all areas of information security.

 

FAU. (2012). Acceptable Use & Ownership of Information Technology Resources. Retrieved March 6, 2012, from Florida Atlantic University: http://www.fau.edu/irm/techpolicy/v.php

Hoover, K. (2011, Sept 23). Patent reform signed into law. Retrieved March 6, 2012, from BizJournals.Com: http://www.bizjournals.com/tampabay/print-edition/2011/09/23/patent-reform-signed-into-law.html?page=2

Staying ahead of the storm…

As we look ahead to our ever changing world we see the field of computer security struggling to keep up. It never quite catches up, and it never quite gets comfortable. Last month Julia Banfield spoke with Dr. Sadie Creese from Oxford on this race: “Assessing risk, understanding priorities and constantly reassessing as you move forward and the world changes are crucial to cyber security. Creese argues that consumers and businesses alike need to understand their areas of highest risk; those with the real costs to you as an individual or organisation” (Banfield, 2012).

As we keep up with cyber security we will also be keeping up with information security. As we move into those clouds, we need to keep the storms away. It is not certain if all businesses are up for the continued and growing challenges in security.  We have to meet these challenges and storms head on if we want information to be secure.

 

Banfield, J. (2012, Feb 10). Global Future Challenges: The race to secure cyber space. Retrieved March 6, 2012, from OxfordMartin: http://www.oxfordmartin.ox.ac.uk/blog/view/139

Using TrueCrypt

This post deals with File Access Control Using TrueCrypt.  I will go through the basics of setting up a “Z” drive to hold my encrypted data.  In a later post I will discuss the merits of encrypting the entire hard drive.  There is a lot of power here if desired.

But here are the basic steps to get a working copy of TrueCrypt:

After clicking on “TrueCrypt Setup.exe”, you will see the following configuration screen where you click “Create Volume”

And click “next” to create the standard volume:

Select a volume location.  You could specify an external device such as USB:

Next we need to select an encryption algorithm.  You can select one of the following:

  1. AES: FIPS-approved cipher.  256-bit key, 128-bit block, 14 rounds (AES-256). Mode of operation is XTS.
  2. Serpent: 256-bit key, 128-bit block. Mode of operation XTS. (An AES finalist)
  3. Twofish: 256-bit key, 128-bit block. Mode is XTS. (An AES finalist)
  4. AES-Twofish: Two ciphers in a cascade opearting in XTS mode. Each block is first encrypted with Twofish (256-bit key) and then with AES (256-bit key). Each cipher uses its own key.
  5. AES-Twofish-Serpent: Three ciphers in a cascade operating in XTS.  Each block encrypted with Serpent (256-bit key), then Twofish (256-bit key), and then AES (256-bit key).
  6. Serpent-AES: Two ciphers in a cascade operating in XTS mode. Each block encrypted with AES (256-bit key) and then Serpent (256-bit key).
  7. Serpent-Twofish-AES: Three ciphers in a cascade in XTS mode. Each block encrypted with AES (256-bit key), then Twofish (256-bit key), and finally Serpent (256-bit key).
  8. Twofish-Serpent: Two ciphers in cascade operating in XTS. Each block encrypted with Serpent (256-bit key) and then Twofish (256-bit key).

We also must choose a Hash Algorithm:

  1. RIPEMD-160
  2. SHA-512
  3. Whirlpool

I liked Whirlpool’s security statement:

“Assume we take as hash result the value of any n-bit substring of the full WHIRLPOOL output. The design of WHIRLPOOL sets the following security goals:

  • The expected workload of generating a collision is of the order of 2n/2 executions of WHIRLPOOL.
  • Given an n-bit value, the expected workload of finding a message that hashes to that value is of the order of 2n executions of WHIRLPOOL.
  • Given a message and its n-bit hash result, the expected workload of finding a second message that hashes to the same value is of the order of 2n executions of WHIRLPOOL.
  • It is infeasible to detect systematic correlations between any linear combination of input bits and any linear combination of bits of the hash result, or to predict what bits of the hash result will change value when certain input bits are flipped (this means resistance against linear and differential attacks).”(Barreto, 2008)

We then click Next 

Now we select the volume size:

Now a Volume Password:

And then Format, which normally will be NTFS:

After we click “format” we will see the following message:

And clicking “ok” will display the next message:

Clicking Exit takes us back to where we specify the drive letter we want to use (I chose “X”). In the Volume area click the “Select File” button, and browse to the folder and file that you specified for the TrueCrypt volume.  Click and Open it so it shows in the Volume window as mine does below.  Then click “Mount”.

This will ask us to provide our password.  Supply this and click OK.

You should see a screen like the following, showing your path, size, encryption:

In the above window you will see that I allocated 250 MB for TrueCrypt, and have used AES-Twofish-Serpent, getting 3 cascading 256-bit ciphers!   Cool, huh.

If I double click on the X Drive in that window where it specifies my path, it will react just like Windows Explorer and open up as follows:

I also will include a view of 2 JPG images that I stored in my TrueCrypt partition space.  Both of these files are safely stored within TrueCrypt:

A “dismount” of my drive will close and secure my data.  Before the dismount I can also open up Windows Explorer and see what is in Local Disk X.  I can move any files in and out with ease.  Above shows what it looks like before the dismount.  At the risk of no steganography to hide my sense of humor, I must add that the file “today.JPG” also shows no dismount.

After dismounting, there no longer is an X drive to access, nor is there any possibility of viewing the files within the volume.  It is encrypted until I open it again with TrueCrypt and supply my password (which must be remembered).

TrueCrypt 7.0 is pretty top notch for an open source product.  Some CPUs support hardware-accelerated AES encryption which means really fast encryption.  The default type of processor is the ones with Intel AES-NI instructions available.  “TrueCrypt, one of the popular open-source programs for on-the-fly encryption, is out now with version 7.0. Most notably, the TrueCrypt 7.0 release provides hardware-accelerated AES support.” (Larabel, 2010)

LP

References:

Barreto, P. S. (2008, Nov 19). The Whirlpool Hash Function. Retrieved Dec 27, 2011, from LARC – Laboratory of Computer Networks and Architecture: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html

Larabel, M. (2010, July 20). TrueCrypt 7.0 Released With Hardware-Accelerated AES. Retrieved Dec 12, 2011, from Phoronix.Com: http://www.phoronix.com/scan.php?page=news_item&px=ODQyNw

Using EFS

I will share my experience with setting encryption on files and folders and the resulting access that ensued. I will start with a play by play for each step, and follow that with observations.

I first created a folder on my “C” drive, and some files within that folder.  I then encrypt the folder, as shown below where it shows “Encrypt contents to secure data”:

image

Upon clicking OK and OK, I got the following message which confirmed that encryption was going to take place on not only the folder level, but also the document level. This will become an important step as we will see later in regards to the results when moving documents around.

image

The first test for success is simply making sure that the text of the folder name was green, which it was. This color indicates that folder or files are encrypted.

When either remote connecting with another ID, or logging on with another ID, I was able to browse and open the remote folder.  I was able to see the content within the folder, but I could not open the files within.

If I tried to open the files, I would get the following error:

image

To verify encryption was in place I used the “command-line” cipher command to check status of my folder. There was an “E” attribute preceding the file names indicating these were indeed encrypted.

I also tried dragging a file from an unencrypted folder over to the encrypted folder.  All files in the encrypted folder were green, including the unencrypted file after being moved there.

I also used the more sure fire method of seeing what is encrypted. I ran the “cipher” command on the encrypted folder, and all files were encrypted:

I then took the original unencrypted file that had become encrypted back to the unencrypted folder. The “green” (encryption) followed, which I also verified with the “cipher” command.

In essence I was able to set encryption property on my file by simply dragging it to the encrypted folder and back again. However, it does give me a warning that “new files added to this directory will not be encrypted.”  The reason for this is simple.  Though the file had become encrypted and retained this property setting, the unencrypted folder retains its unencrypted property too.

If you go back 2 posts to my post entitled “Using the Windows Encrypting File System”, and read the “Fourth EFS Warning”, you will see the importance of backing up the windows system certificate and storing it safely in another location.   I’ll conclude my EFS experience with showing how this is done:

Within my IE session I went into Internet Options, then Content, then Certificates.  I then I selected my computer’s Certificate ID.

image

I ran the “Export” function, and it exported my certificate onto my desktop.  I could then encrypt and store this in a safe place.

I hope this little exercise shows how easily we can encrypt files and folders with EFS, and how the encryption property rights get retained.

 

LP 

Benefits of EFS

The main benefit is that EFS provides an easy way to safeguard confidential information on a computer.

EFS reduces the risk where we are “susceptible to attack by techniques that circumvent the restrictions of access control lists (ACLs). In a shared system, an attacker can gain access by starting up a different operating system. An attacker can also steal a computer, remove the hard drives, place the drives in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key”. (Microsoft, 2005)

Another benefit is the relative ease with which we can encrypt or decrypt files with “drag and drop” ease into folders.  I will be showing this in my next post where I perform a few of these techniques on my own laptop.  “The encryption attribute can also be set for a file folder. This means that any file created in or added to the folder is automatically encrypted”.  (Microsoft, 2005)

As we will see in my next post, files and folders can be encrypted using My Computer, the “cipher command”, or by right-clicking a file or folder.   I’ll be showing some of these with screenshots accompanying my actions.

 

LP

References:

Microsoft. (2005, Nov 3). Using Encrypting File System. Retrieved Dec 28, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/bb457116.aspx

Using the Windows Encrypting File System

Confidentiality of data is a serious matter.  I will spend some time looking at different ways we can encrypt this data for a safer environment.

I’m going to do a several part blog on Windows EFS.  The focus will be with Windows 7 because that is what I’m using and thus able to share current testing and experiences with.  I’ll progress in the coming days to other “open source” encryption systems but begin with my local Windows 7.

First EFS Warning:  

If you lock yourself out, you will be locked out.  EFS is supported on NTFS formatted drives, which is the default disk format for Windows as well as many hard disk and drives.  If you have encrypted files or folders and back that up to an NTFS drive, it also will be encrypted.  “Thus if you lose your encryption key, or if something else goes wrong, then you’ll not only lose access to the files on your hard drive, but you’ll also lose access to your backup copy too.  It’s a warning that EFS doesn’t tell you about and it’s a mistake I’ve seen too many people make.” (Halsey, 2011)

Second EFS Warning:

The crypto in EFS is solid, but you must be aware of what it is doing.  It will encrypt what you tell it to encrypt and no more.  There might be metadata scattered about on a drive, or even unencrypted original versions of your document that were only erased visibly from your FAT table, and still there.  Forensics could perhaps find these earlier versions that are unencrypted.

Third EFS Warning:

In general if your system was stolen any EFS protected files will be safe, but only to the extent of your Windows password strength.  The encryption keys EFS uses are unlocked by your Windows user password.   

Fourth EFS Warning:

Backup your certificate because if your certificate on your system gets corrupted it will also lock you out.    So always make an encrypted backup of your certs with a strong password, and keep the copy elsewhere for safety sake.

LP

References:

Halsey, M. (2011, July 8). Avoiding EFS Encryption Disasters in Windows. Retrieved Dec 28, 2011, from ghacks.net: http://www.ghacks.net/2011/07/08/avoiding-efs-encryption-disasters-in-windows/