Encryption

Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it. This includes files and storage devices, as well as data transferred over wireless networks and the Internet.

You can encrypt a file, folder, or an entire volume using a file encryption utility such as {{#NewWindowLink: https://www.gnupg.org | GnuPG }} or {{#NewWindowLink: http://www.axantum.com/AxCrypt/ | AxCrypt }}. Some file compression programs like {{#NewWindowLink: http://my.smithmicro.com/stuffit-file-compression-software.html?gclid=CK-e36C93cQCFcQbgQod33wARw | Stuffit Deluxe }} and {{#NewWindowLink: http://www.7-zip.org | 7-zip }} can also encrypt files. Even common programs like Adobe Acrobat and Intuit TurboTax allow you to save password-protected files, which are saved in an encrypted format.^[1]

Encryption terminology[]

AES[]

The {{#NewWindowLink: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard | Advanced Encryption Standard (AES) }} is an encryption standard approved by the National Institute of Standards and Technology (NIST) for the safeguarding of electronic data. After being adopted by the US government, the standard is now used worldwide. This cipher, usually implemented with either 128-bit or 256-bit encryption keys, is widely used to protect sensitive information and is found integrated at both the hardware and software level. All 840 and 840 PRO Series SSDs are equipped with a high-performance hardware accelerator that implements AES encryption with a 256- bit key.

FDE[]

Full Drive Encryption refers to a storage device in which nearly everything is encrypted rather than encrypting only certain files or folders. This solution is attractive for high-security environments because it makes it simple to destroy all data on the drive by destroying and replacing the cryptographic key(s) that protect it. With this technology, the swap space and temporary files are also encrypted, and, when implemented through hardware rather than software, even the {{#NewWindowLink: http://en.wikipedia.org/wiki/Bootstrapping | bootstrapping }} code is encrypted. By using a Trusted Platform Module (TPM), standardized by the Trusted Computing Group, in conjunction with FDE, the integrity of the boot environment can also be verified.

SED[]

Self-Encrypting Drive (SED) is a term that refers to a storage device that implements hardware-based FDE. Therefore, an SED is a special case of FDE. SEDs boast better performance, security, and manageability compared to software-based FDE implementations, which commonly suffer severe performance degradation as a result of the encryption overhead. Also, because the encryption key exists only inside the SED itself, it is impossible to access it via the host (operating system). Software-based solutions are vulnerable to several types of attack because they must store the encryption key in main memory. Finally, because SEDs provide drive-level encryption that is independent of the operating system and any other data management tools (e.g. compression utilities, data loss prevention, de-duplication, etc.), users can easily install an SED into any system without worrying about operating system or application interference.

OPAL[]

OPAL is the name for an SED storage specification developed by the Trusted Computing Group, the same group responsible for the TPM microchip mentioned above. It defines a means by which to place an SED storage device under policy control. Its goal is to protect the confidentiality of user data and prevent unauthorized access to the drive while still maintaining compatibility with multiple storage vendors through a standardized management interface. Most systems require 3rd party software to utilize the OPAL Storage Specification, although {{#NewWindowLink: http://windows.microsoft.com/en-us/windows-8/bitlocker-drive-encryption | Windows 8's Bitlocker }} feature supports this functionality natively.^[2]

When Encryption Actually Helps[]

Encryption has a long history dating back to when the ancient Greeks and Romans sent secret messages by substituting letters only decipherable with a secret key.

Let’s get away from the emotional component of wanting to lock down access to all your files so only you can view them. Here’s are the situations where encryption will actually do something for you:

Protecting Sensitive Data If Your Laptop is Stolen: If your laptop is stolen, encryption will prevent a thief from booting it up and looking through your sensitive data for financial information and other sensitive things. Realistically, your average laptop thief probably just wants the hardware and will probably wipe the drive quickly. But, if you have sensitive documents on your computer, encryption does make sense. The thief probably doesn’t care about most of your data, though — photos of your dog, your MP3 collection, and any sort of videos you might have downloaded won’t be important to them.

Storing or Sending Sensitive Data Online: When storing something particularly sensitive — perhaps archives of tax documents that contain personal details like your social-security number — in online storage or emailing it to someone, you may want to use encryption. Almost all of your personal files likely don’t require this sort of encryption, though.

The Business Case: For businesses, there may be various commercial guidelines or rules requiring the use of encryption. These are intended to prevent the terrible stories we hear about business laptops being stolen out of cars, and those laptops having massive databases containing millions of customer credit card numbers on them. Of course this sort of data should be encrypted, but we’re focusing more on average users here. (And actually, a laptop sitting in a car shouldn’t have this sort of database on it in the first place!)

Encryption could potentially protect your data from being searched by law enforcement, but in a serious investigation you’d likely be compelled to disclose your encryption key. We’re focusing on the average computer user here, not someone who has something serious to hide from law enforcement.^[3]

↑ Encryption. (2014, November 11). Retrieved April 2, 2015, from http://techterms.com/definition/encryption
↑ SSD White Paper | Samsung SSD. (n.d.). Retrieved April 2, 2015, from http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/whitepaper/whitepaper06.html
↑ Hoffman, C. (2014, October 30). HTG Explains: When Should You Use Encryption? Retrieved April 2, 2015, from http://www.howtogeek.com/200113/htg-explains-when-should-you-use-encryption/

[1] Encryption. (2014, November 11). Retrieved April 2, 2015, from http://techterms.com/definition/encryption

[2] SSD White Paper | Samsung SSD. (n.d.). Retrieved April 2, 2015, from http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/whitepaper/whitepaper06.html

[3] Hoffman, C. (2014, October 30). HTG Explains: When Should You Use Encryption? Retrieved April 2, 2015, from http://www.howtogeek.com/200113/htg-explains-when-should-you-use-encryption/

[1]

[2]

[3]