Encryption : a solution or more problems?

When TalkTalk suffered its major data breach in October 2015, one of the first questions was why so much sensitive personal data appeared not to have been protected by encryption. Similarly, repeated theft and loss of large amounts of personal data which have been moved around unencrypted has led to public castigation by those responsible for overseeing data protection.

On the other hand, during 2015 the UK government has repeatedly raised the issue of ‘terrorists and criminals’ using encryption to prevent law enforcement agencies from being able to tap into their electronic communications. As a result, draft legislation in the form of the Investigatory Powers Bill seeks to force ISPs and others to be able to decrypt anything you might transfer in encrypted form.

Encryption is thus at the centre of debate: society (even government) seems to want its protection, but not to want it used by the ‘bad guys’.

This series of articles considers what encryption has to offer, what are its drawbacks, and how to get the best out of it.

The lost laptop scenario

What if you have to carry a laptop around with a database containing personal or sensitive information: is encryption the solution that will satisfy the demands of the Data Protection Act (or its various equivalents in the EU and elsewhere)? Or, like so many ‘weapons’, could it cause worse problems?

The message from those who oversee the protection of data is clear: if you take a laptop away from the physical security of your premises, or send media by courier or similar, then you must take robust steps to prevent unauthorised access to any personal or sensitive data that are covered by the Data Protection Act (or equivalent).

Relying on your OS X user password, or a firmware password protecting your Mac, is not sufficiently robust for a laptop, as it is consummately easy to pop the hard disk out, or connect it in Target mode, and bypass those basic security measures. OS X permissions are also totally ineffective at protecting removable media.

File encryption

The answer that is normally suggested is to encrypt files containing personal data, protecting them with an encryption method that is accepted as being ‘unbreakable’, and with a passphrase that can never be guessed or discovered.

Whilst this would appear to be very straightforward, encryption is a huge industry in which the key players – mainly government intelligence agencies – are into much more serious games, and hold most of the cards close to their chests. Encryption is also a major research area, in which some of the brightest minds in the world are actively engaged. As relatively uneducated users, it would be all too easy to get it badly wrong.

The first and most important principle in encryption is only to use products which are based on known, and well-established, methods of encryption. If a product claims that it uses proprietary techniques, thus relying on obscurity to achieve security, do not let it near your computers. Several commercial products that have claimed that they use unbreakable proprietary encryption have turned out to be lemons, using weak and easily-broken algorithms.

Those which you can trust include the US official standard AES (or Rijndael), Twofish, and Serpent. RSA and DES (including Triple-DES) are now old and have known issues, although even smart criminals are unlikely to break them, and they continue to be used quite extensively.

Sometimes using multiple passes of encryption, or a sequence of different methods, can make it much harder to break encryption, but such sequences can at other times actually make breaking easier. Stick to standard techniques applied using reputable software, as they are most likely to produce unbreakably encrypted files.

Any encryption method is only as secure as its password or passphrase. If you use short passwords that appear in a dictionary, then once a thief has worked out the likely encryption method used, it will take them very little time to discover your password. If you store passwords in your keychain, then they are only as secure as the password that protects your keychain, as the weakest password in your system will prove to be the weakest link in it too.

Never store your passwords in the same physical location as the encrypted data: writing passwords on sticky notes placed on the case of your laptop completely removes the protection that encryption should bring. Whilst it is often helpful to keep a written record of long and complex passphrases in case you forget them, they must be kept somewhere that will not go missing with the laptop, and transferred separately and securely from removable media.

Some good encryption systems now use more than just the password or PIN which you provide, to produce a key which is not guessable even if you enter an empty password. This is how 4- or 6-digit PINs can be used as the basis for very robust encryption, as used in iOS devices. Naive logic would suggest that, as there are only 10^4 = 10000 different 4-digit PINs, they should be very quick to break using brute force. What you do not see are the other unique elements which are added to your PIN to create a much longer key.

Disk encryption

The ideal way in which to implement encryption for vulnerable systems such as laptops is a wholly encrypted internal disk, as is now offered in FileVault 2 (available from OS X Lion onwards). This replaces the original version of FileVault, which only encrypted the user’s Home Folder, leaving most data relatively unprotected.

FileVault 2 uses AES in AES-XTS mode with 128-bit blocks and a 256-bit key, which is the configuration recommended by NIST, the US body responsible for the AES standard. Your login password is that used for encryption, and to gain access to the disk contents, when you are an enabled user. However once the Mac has been unlocked, others who do not know the master login password can use it, until it is shut down again: to render FileVault 2 encryption fully effective, you therefore have to shut your Mac down.

One shortcoming of partial encryption (as used in the original version of FileVault) is that OS X and applications store many cache files that may contain unencrypted data. For instance, if you used FileVault 1 and opened a file stored within your encrypted home folder, virtual memory management will keep decrypted data from the file in its cache files, that can hang around hidden folders on your disk for a long time.

Some applications also have their own cache files that may be kept outside your home folder and could yield sensitive information to the inquisitive. You could of course have closed these gaps by enabling secure virtual memory in the General tab of the Security pane in System Preferences, and by setting application preferences to store any caches within an encrypted area, but thankfully those are a thing of the past with FileVault 2.

Modern processors, such as those manufactured by Intel for Macs, include specific instructions to support AES encryption. As a result the overhead imposed by using FileVault 2 is small, reportedly of the order of 25%. As most users who might need FileVault 2 are those running less performance-dependent software, this is usually not noticed on recent models of Mac.

The biggest risk with FileVault 2 is loss of the password. This is mitigated by generation of a recovery key, a copy of which can be lodged with Apple. However if that is lost too, the result is disastrous.

There is additionally an increased risk of data loss on encrypted disks: this is a prediction from Information and Communication Theory, and is not readily quantifiable. In practice any additional risk seems very low indeed.

Based in part on original articles which were first published in MacUser.