Cryptoshop Help! Cryptoshop Contact! Cryptoshop Memo! Cryptoshop Shopping Cart! Place your order! Change to german site!
+ Products
· · · · · · · · · · · · · · · · · · · · · · ·
+ Solution
· · · · · · · · · · · · · · · · · · · · · · ·
+ Knowledge Base
  Security Targets  
  Security Governance  
  Cryptography  
  Technology  
  Smart Card  
  Smart Card Terminals  
  Standards  
  Protocols  
  E-Mail Standards  
  File Encryption  
  Smart Card applications  
  Authentication  
  PKI  
  How to  
· · · · · · · · · · · · · · · · · · · · · · ·
+ Service
· · · · · · · · · · · · · · · · · · · · · · ·
     
Management
· · · · · · · · · · · · · · · · · · · · · · ·
Security Officer
· · · · · · · · · · · · · · · · · · · · · · ·
System Engineer
· · · · · · · · · · · · · · · · · · · · · · ·
Purchasing
· · · · · · · · · · · · · · · · · · · · · · ·
Maintenance
· · · · · · · · · · · · · · · · · · · · · · ·
 
 

Problem areas of encryption

Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding!

Encryption Solutions
 
INFO & KNOWLEGDE
 
The numerous manufacturers of encryption solutions are using different approaches – some have considerable constraints.

Simplest Variant ist the "manual" method of encryption, where the user encrypts and decrypts certain files - allowin cross-platform-solutions. One step higher you find folder encryption, which needs deeper integration into operating system. But there can traps for users, Microsoft EFS doesn't encrypt files, which are only dragged into the encrypted folder.

Other tools implements encrypted virtual drives (Container), a big encrypted file represent itself to the operating system as logical drive. Of course the whole hard disk can be encrypted with "Disk Encryption Solution" which include encrypted boot and system files and therefore need a "Pre-Boot-Logon".

File encryption (manual method)
This is a very simple encryption method which is triggered manually. Normally it is done using Microsoft EFS in windows explorer, "right-clicking" the file and choose "encrypt" in the context menue. But there are also other similar solutions. In the area of file encryption methods, this is the only possiblity to sende encrypted file through e-mail. Therefore many disk encryption manufacturers are offering this feature additionally (double encrypted). As stand alone solution this is rarely sufficient, because it is hit by all problem areas of file encryption including human misconduct.
file encryption ©WinMagic Inc.

file encryption ©WinMagic Inc.



Folder encryption
Compared to file encryption all files in a certain folder are encrypted and decrypted automatically. Because of the integration into the operating system, no user interaction is necessary. At first sight this is sounds reasonable, but also this approach is hit by many problem areas of file encryption . Compared to disk encryption it is remarkable, that more CPU performance and hard disk ressources are needed. The reason of the overhead is in single encryption of each file in the folder - therefore keys have to be generated and stored.

Container Encryption
Solutions of this approach are creating a bigger hidden file, in which all encrypted data is stored. The user sees a virtual disk (or subfolder), which he can use like an ordinary hard disk (or folder). All shown files therein are encrypted in this one file on the disk.

Some products supports more than one containers and are offering access administration for different users. Assigning authorisation is easy in this solutions. Using functionality of the operating system, broad support of HW-token like smart cards and certificates can be seen, even biometric authentication is possible. The implementation of such solutions is easy and comfortable (mostly), but there are substantial weaknesses. The operating system doesn't use such virtual disks like physical disks - so it is not possible to create temporary folders or paging files in the containers. All contents of such folders are still unencrypted - also the operating system itself (registry) is still unprotected.
folder and container encryption ©WinMagic Inc.

folder and container encryption ©WinMagic Inc.



Disk encryption
The difference of disk encryption compared to the other approaches is that disk encryption is encrypting the whole hard disk sector by sector and not each single file extra. All encryption and decryption happens in the background - the user doesn't notice any difference to an unencrypted system. A misconception is to think such system is much slower. A Winstone benchmark of 3% reduction in performance is unnoticeable to the user.

Only this approach solves all problem areas sufficiently, but encryption of the operating system is shifting the solution to a high sophisticated level, because authentication has to be done already before the boot process starts, otherwise no decryption of the operating system (kernel) will be done and boot process will fail, because there is no access to the cryptographic keys. Therefore this process is called "pre boot authentication". Of course at that time there are no driver loaded, the essential integration of hardware token as additional authentication factor is intricate for the manufacturer. As a result only few devices are supported - the number is varying much according to experience of the manufacturer and the quality of the solution.
disk encryption ©WinMagic Inc.

disk encryption ©WinMagic Inc.




Problem areas of encryption   Using encryption, no matter which solution, you have to consider, that information can be found at other places while processing respektive in its lifecycle....


function file folder container disk
primary application area
designed for securing desktop X X X
designed for transmission over networks X
Security
protects individual file X X X X
protects content of a folder X X X
protects temporary and paging files X
protects file slack X X
protects data bases X X
protects deleted files X X
protects back-up & auto-save files X X
enables windows undelete X X
protects file name X X
protects windows registry X
protects all applications (OS, SW,..) X
protects data on removeable disks X X X
protection by screen saver * * X
transparency
Real - time encryption and decryption X X X
diminisch human misconduct X X X
E-Mail
sending encrypted files as e-mail X X
sending encryted e-mail X
*depends on manufacturer


Winmagic SecureDoc   Winmagic Securedoc is a Hard Disk Drive Encryption Solution, which encrypts the whole disk and authenticates the user in Pre-Boot.

Secure Doc Hard Encryption Client - Licencing   WinMagic’s SecureDoc Hard Disk Enryption is protecting sensitive and confidential data on notebooks by encryption of the whole hard disk with AES 256 algorithm, avoiding all problem areas of encryption and is fullfilling all the security requirements of an organisation for mobile workers.

Secure Doc Enterprise Server - Licencing   The SecureDoc Enterprise Server eases the rollout and adminstration of WinMagic SecureDoc Disk Encrpytion, as well as the recovery of passwords, smart cards or token.


DOWNLOADS
 
File encryption on data carrier (german) [179 KB]



MS File-Encryption


EFS - certificates


Back to previous page!Top of page!To the startpage of Cryptoshop.com!
  Problem areas of encryption  
  MS File-Encryption  
  EFS - certificates  
 
  Special offer of the month!  
  Cryptoshop Bundles!  
 
  Password protection and quality  
  Symmetric  
  Asymmetric  
  PKCS - in general  
  Certificates  
  Risk Management  
  KonTraG  
 
Legal notice Terms and Condtitions Consumer notice Privacy Newsletter Copyright © 2004 CRYPTAS. All rights reserved