PROGRAM-TECHNICAL ASPECTS OF ENCRYPTION PROTECTION OF USERS’ DATA
the providing of information security for personal computer (PC) users is a set
of problems, closely associated with the usage of program-technical facilities
intended for different purposes.
is that in different institutions the most widespread feature of the PC
exploitation is the public-staff access not limited by the authorities. It
inevitably results in situation when a single PC is accessible for
out-of-control number of users. Such multiuser exploitation mode generates
sooner or later the necessity of protection of the data stored as well as direct
decision of this problem is argued by the objective reasons determinating the
importance of providing the users’ information security:
- rapid growth of PC quantity and information burst;
- PC extensive application in the different spheres of human activity;
- accumulation of information content on PC;
- expansion of user base;
- PC connection to the local or corporate network with its simultaneous
solution of this problem can be realized due to the user’s individual
information storage, such as flash cards, removable hard disks etc.
fact it does not solve the problem of an unauthorized access by another persons,
malefactors or harmful software during connecting of the individual storage to
the PC. Besides, it should be noticed that it is not unsafely to entrust the
significant information to these devices. First of all, there is a risk of
information loss (physical or mechanical) especially if there is some
confidential information of great significance written on it, so the
consequences of such loss can appear to be the most sorrowful.
connection, a task of providing the reliable users’ data protection is
actual as never before.
widespread methods of reliable information security for computer removable
storage devices are:
of the hidden partition;
of the archive blocked by a password;
restriction to the files/folders.
be noticed that the methods of information protection mentioned above have some
drawbacks. The presence of the hidden partitions is easily determined by
comparing the actual and real capacity of storage device.
creation of the archives blocked by a password inevitably increases:
- probability of PC software absence;
- time loss in creating-unzipping the archive;
- probability of input the wrong (casual) password for archive;
- probability of partial information loss in the process of archive creating,
this probability especially increases when using the flash (because of exceeding
the number of recording-reading cycles granted by a producer) .
restriction to the files/folders is carried out as a rule by means of additional
software: Folder Crypto Password; Secure Folder; Hide Folder; Lock Folder etc.
by means of built-in facilities of the operating system (OS). In this case,
access to the protected information is limited by the administrative facilities
of OS, that is unreliable of itself.
connection with stated above, it should be concluded that for reliable users’
information protection the only remaining choice is to use some cryptoprotection
in real-time mode. It will allow to realize the continuous work of
encryption/decryption traffic algorithm from PC to the removable storage device
in the process of recording/reading .
II. INSTRUCTION FOR AUTHORS
proper task solution to be made, the TrueCrypt – free, crossplatform
cryptographic software with open source code for on-the-fly encryption – is the
ideal option in practice.
encryption (OTFE) represents a method used by some disk encryption software and
refers to the fact that data is automatically encrypted or decrypted as it is
loaded or saved. The entire file system within the volume is encrypted including
file names, folder names, file contents, and other meta-data .
of TrueCrypt :
- possibility of the portable use (portable truecrypt);
- software works with Windows OS, starting with 2000/XP/7 (x32/x64), GNU/Linux
(32- and 64-bit versions, core 2.6 or compatible) and Mac OS X (10.4 Tiger) and
- use of stable encryption-decryption algorithms - AES - 256, Serpent and
Twofish (with possibility of their mutual combination);
- real time encryption unnoticeable for the user;
- pre boot-up authentification on encrypting the HDD boot partitions;
- possibility of file-hosted containers creation including the containers
dynamically expanding on NTFS disk;
- creation of cryptocontainers in cloud storage;
- a cryptocontainer can look as an ordinary file with any expansion, for
example, txt, doc(x), mp3, img, iso, mpg, avi etc., or without expansion;
- complete encryption of hard disks, removable storage devices content;
- creation of the hidden volumes, including hidden OS;
- variations of plausible deniability, including impossibility to define the
presence of TrueCrypt volumes – they are just a set of occasional data. Their
identification is unlikely to be possible by means of TrueCrypt (not counting
the method of termorectum cryptoanalysis).
- the most important features of TrueCrypt is providing of two levels of
plausible deniability. Operating principle consists in the creation of encrypted
disk with two passwords – the real password makes the real data accessible from
a disk, and the second boots other data . So, for instance, when encrypted
storage device is withdrawn, the user can open the second password and all
important data accessible with the real password will appear still hidden;
- change of passwords and key files for a TrueCrypt volume without the loss of
- creation of an encrypted virtual disk;
- possibility to use TrueCrypt on the PC with a real user’s rights.
practical use for storage devices protection (see Fig. 1):
1. Removable storage device (external HDD or flash card) is to be divided
into two partition . The size of the first partition is determined by
TrueCrypt size and makes 2-5 Mb.
2. Copy a TrueCrypt portable variant into the first partition.
3. Start TrueCrypt and implement the encryption of the second partition.
4. Mount the encrypted partition onto a Disk.
5. Perform the information transfer onto a Disk.
6. Unmount Disk into the encrypted partition.
of the encrypted storage device
Comparative analysis of the
PC performance with TrueCrypt usage
The figures 2-4 represent the
experimental research results of the problem formulated as follows: How does
encryption with TrueCrypt impact the PC performance for both Desktop and Laptop
(red – encrypted mode, blue – unencrypted mode) .
Comparative performance of PC video adapters
Fig.3. Analysis of OS boot timing with/without data
As it can
be observed from the diagrams presented on Fig. 2-3, the productivity of PC
video adapter does not go down but at OS boot time it even increases for Laptop
with the use of SDD.
Fig.4. Comparative analysis of the computing performance
for encrypted and unencrypted PCMark
observation of the diagram (Fig. 4) shows decrease in performance of Laptop of
SSD version (- 15%). At the same time the initial velocity of solid-state drive
is so high, that they anyway win from the PC with HDD, which lose only 4% in
comparative testing conducted on PC of the next configurations: (Laptop) - AMD
Phenom II X4 905 (2.5 GHz), 6GB DDR3 1600 MHz, Radeon HD6870 OC 1GB DDR5, 120GB
RunCore Pro V 2.5" SATA III SSD; Stationary PC - Intel Core2 Quad CPU Q9000 @
2.00 GHz, 6 GB of RAM DDR2, ATI Mobility Radeon HD 4650, Seagate Momentus XT
the TrueCrypt has got the further development in separate trends – CipherShed
 and VeraCrypt , which are fully noteworthy. Started in June, 2013 this
software is successfully developing and supported. Moreover, some errors of its
predecessor are eliminated in it .
TrueCrypt original codebase is taken as above mentioned software basis. It
should be also noted that the formats of VeraCrypt cryptocontainers are
incompatible with TrueCrypt. On the contrary, CipherShed cryptocontainers are
compatible with TrueCrypt.
independent audit conducted by iSEC Partners company showed in total 11
threats to users’ information security in its code. 4 of which have a middle
level of threat, other 4 – a low level, the others are difficult to classify in
principle through their insignificance. More detailed results of audit were
published in a document, placed on the internet resource
www.opencryptoaudit.org [10, 11].
the application of cryptographic software discussed above is the most effective
decision, which allows to prevent the leak of users’ confidential data placed on
PC and external storage devices. The personal 10-year experience in TrueCrypt
exploitationallows this article authors to confirm blamelessness,
reliability and stability in operation of the software presented.Download TrueCrypt software.