System Integration

Data Encrpition

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk, USB drive, Zip drive or a flash card/drive). It is a technique that allows data to be protected even when the OS is not active, for example, if data is read directly from the hardware as compared to access restrictions commonly enforced by an OS.

What are the types of Encryption?
Encryption can happen at the following levels:

1. Full Disk encryption- ideal for devices on the move like laptops, notebooks, palmtops, USB sticks.
2. Partition level encryption
3. Encrypted Containers stored in the regular file system also called as HIDDEN VOLUMES
4. File System level Encryption

Most Disk Encryption systems use a combination of the below mentioned techniques:
• Cipher Block Chaining(CBC)
• Electronic Code Book(ECB)
• Cipher Feedback(CFB)
• Output Feedback(OFB)
• Counter(CTR)
• Cryptographically Secure Pseudorandom number generators(CSPRNG)
• Message Authentication Codes(MAC)

Advantages of Disk Encryption:
• Ensures confidentiality of Data
• Protects data even when the OS is not in operation
• Ensures data cannot be easily accessed by unauthorized personnel.
• Makes the disk/data unusable in the event of unauthorized access.
• Encryption and Decryption is done transparently which ensures that users need not know bother about the internal actions.
• Assure that intellectual property and sensitive or legally protected information is accessible only to authorized users
• Meet regulatory compliance requirements through strong, centrally managed encryption