Presentation is loading. Please wait.

Presentation is loading. Please wait.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Published byStewart McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006."— Presentation transcript:

1 File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006

2 Encrypting File System Protects sensitive data on computers and laptops from physical theft. Encryption at a lower level that all applications can use. EFS introduced in Windows 2000 Tied to the NTFS file system Encrypt individual files or folders

3 Encrypting File System Data encrypted with symmetric file encryption key (FEK)  DESX, 3DES, AES  Cipher block chaining FEK encrypted with user’s public key (RSA) Multiple users Recovery Agent in case user private key lost Header Version Checksum Data Decryption Field DDF Key Entry 1 … DDF Key Entry n Data Recovery Field DRF Key Entry 1 … DRF Key Entry n User SID Container Name Provider Name EFS Certificate Hash Encrypted FEK Key Entry:

4 EFS Security Issues On standalone system, all keys that protect the private key potentially on hard disk  EFS Private key  Master key  Password key  Syskey  Recommend removing syskey from system with floppy or password  Smartcard support planned for Vista Can’t encrypt system files, registry, file name, or page file  Allows attacker to boot system  File names can reveal information  Page file might accidentally store sensitive data

5 Full Volume Encryption Encryption at the block driver level underneath file system. Everything in the volume is encrypted. BitLocker in Vista BitLocker takes advantage of Trusted Platform Module (TPM)  Top level root key sealed in TPM  Root key encrypts disk encryption key, which encrypts sector data

6 BitLocker Secure Startup  Ensures boot integrity of the Windows volume before unsealing root key.  Verifies none of the boot code or critical system files have been tampered with offline.  Taking measurements of critical information at each step of the boot process.  Compare hash of measurements to hash of known secure system.  Recovery mechanism – removable storage or password BitLocker and EFS not mutually exclusive  BitLocker can protect system volume and root keys.  EFS can provide file granularity and multiple user control.

7 Questions?

Download ppt "File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006."

Similar presentations

Secure Storage.

Secure Storage.
Encrypting stored data

Encrypting stored data
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Rambling on the Private Data Security

Rambling on the Private Data Security
Vpn-info.com.

Vpn-info.com.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,

Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK

BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.

Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
Security at the Operating System Level (Microsoft) By Birinder Dhillon.

Security at the Operating System Level (Microsoft) By Birinder Dhillon.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

Similar presentations

Ads by Google