Practical whole disk encryption, or, how to frustrate data forensics.

23 February 2009

When you get right down to it, the best way for an attacker to get hold of your data is to shut the box down, pull the drive, and rip a sector-by-sector image to analyze offsite. It might not be quick (depending on the speed of the hard drive, speed of the storage drive, and a number of other factors) but if you're not there when it's done you might not know that it ever happened. However, if you encrypt data at the level of the drive, they can copy the drive all they want but they won't be able to pick apart the image without breaking the key. Having encrypted data but not knowing what algorithm it was encrypted with, the length of the key, or the key itself presents a non-trivial problem to the attacker best described thusly: "You're kidding, right?"

In a practical sense, anyway. Any cryptosystem will eventually be broken if you throw enough resources at it, which means compute cycles, talented brains, and calendar years. The whole purpose of cryptography, however, is to make the resources necessary to figure out the content of a message too prohibitive to be worthwhile. For example, if an encrypted file contains data which would be useful for only one month is encrypted with an algorithm that would require two centuries and the efforts of hundreds of thousands of CPUs to break, most attackers won't bother trying.

For Microsoft Windows and MacOS there is only one method of whole disk encryption that I personally know of where the source code is freely available for public scrutiny, and that's Truecrypt (v6.1a of which was released on 1 December 2008). Truecrypt makes it incredibly easy to encrypt your hard drive and as a bonus you don't have to rebuild everything to do it, though I strongly suggest that you make a backup just in case something terrible happens. The same Truecrypt software that you install to work with encrypted partitions and volumes also implements WDE (whole disk encryption) for free. Installing Truecrypt is straightforward: download the executable to your system from the website, check the PGP signature to make sure it hasn't been tampered with (you DO check the signatures, right??) and install it like any other Windows application. Read the end-user license, tick the "I accept and agree" radio button, and move on. The installer will give you two options, installation or extracting it to a directory. While you can extract Truecrypt to use it as a portable app, leave "Install" selected and click Next. The default installation options are fine so you don't have to play with them, but if you're feeling particularly paranoid you might want to un-check the "Associate the .tc file extension with TrueCrypt" option because any .tc files on your system will be scrutinized by a savvy attacker. Click install, then click 'Finish' and let the installer reboot your machine. When your system comes back up, log in and click on the Truecrypt icon that's been added to your desktop. Open the System menu and select "Encrypt System Partition/Drive". By default, Truecrypt will have "Encrypt the whole drive" selected; this is what you want, so click Next. Truecrypt will then search your drive to see if there are any hidden sectors at the end of the drive. When it's done, it'll ask you if you have a single-boot or multi-boot system. Most of you will select single-boot mode, but if you use another boot loader (like GRUB) to run multiple OSes on the same drive, choose multi-boot mode. Either way, click on Next.

Truecrypt will then present a window containing encryption options for your system. Most of the time, you don't want to play around in here because you run the risk of accidentally choosing a poor combination of options. I don't even play around in here. However, what I do suggest you do is hit the little button that says "Benchmark," because this will set Truecrypt to testing all of the crypto algorithms it implements against your hardware so you can choose the fastest for your system (which might make the difference between a secure system and a system so slow that you can't use it). Leave the options the way they are and hit "Benchmark".

It's my suggestion that you pick the one with the highest mean encryption and decryption speed on your hardware (as listed in the rightmost column of the output). On Windbringer as well as in a VMware image of Microsoft Windows XP Professional, AES came out on top (Windbringer: mean speed of 87.0 MB/s; VMware: mean speed of 84.0 MB/s), so close that window, open the "Encryption Algorithm" drop-down of the TrueCrypt Volume Creation Wizard window, and pick the fastest algorithm from the benchmark. Leave the hash algorithm alone and move on. Now choose a strong passphrase. If you don't pick a strong one, Truecrypt will complain. Be sure to remember your passphrase because if you ever forget it, you're screwed. Out of luck. You won't get back into your box. I hope you made backups and kept them current and safe.

In the next window, Truecrypt will start collecting random junk to seed its pseudo-random number generator. Move the mouse cursor around for a minute or two, and maybe dangle the mouse off the side of your desk and let your cat play with it for a while for good measure. After a minute or so, click next. Truecrypt will display parts of the crypto keys it's generated and ask you if you want to move on or try again. If you were good about wiggling the mouse cursor, just hit Next. Truecrypt will then tell you that it wants to generate a rescue disk for use in the event that your drive is damaged and the Truecrypt headers get messed up somehow. It won't let you move on until you've done this. Pick where you want to save the .iso image to and click Next.

The next window will force you to burn that .iso image to a CD or DVD, and it won't let you move on until you've done so. If you don't have CD burning software installed it'll present you with a link where you can download some for free. The .iso image is tiny - not even two megabytes in size, so if you have any business card CDs laying around, now's the time to break them out because a full-sized CD or DVD-ROM would really be overkill. Any way you can, burn at least two copies of the rescue disk because it could save your data and your bacon if your drive is somehow corrupted. Leave the disk in the drive and hit Next. If everything went according to plan, the wizard will tell you that it was able to read and verify the rescue disk. Eject it, label it clearly, and put it in a safe place. Click Next.

The wizard will then ask you what kind of secure data wiping mode you want to enable. This means that the Truecrypt driver will overwrite every block it encrypts on the drive before writing the encrypted blocks back in a manner of your choosing that will make it difficult or impossible for an attacker to recover anything using forensic means. By default, Truecrypt will leave this option set to 'none'.

I don't yet know how I feel about enabling this: on one hand, the more people who routinely shred their deleted files, the less suspicious this practice will become in the public eye. On the other hand, this can increase the time required to encrypt the drive up to a factor of four (for a three pass overwrite). If you go for the 35-pass overwrite, the Truecrypt docs say that weeks could be added to the encryption process. Your possible options are not doing so, a three-pass ovewrite, a seven-pass overwrite, and the full 35-pass, or Gutmann overwrite. For my test, I chose to not overwrite the plaintext disk blocks, but for real-world use I recommend the three (personal) or seven (corporate) pass mode.

Truecrypt will then ask to test everything before it starts the encryption process. Do it. Then Truecrypt will display a window of important notes before it starts the encryption process. Read them twice, and consider printing them out to refer to later. They might save your data and your ass if something goes west.

Truecrypt will ask to restart your computer. Let it. When your computer comes back up, it'll display the TrueCrypt Boot Loader screen, in which you can hit the escape key to not authenticate yourself, F8 to open the repair option menu, or enter your passphrase. Enter your passphrase, and if it's correct Windows will boot. Now log in. If the pre-test was successful, a window will appear telling you so. When you're ready, hit the Encrypt button; another page of notes will be displayed, this time telling you how to use the rescue disk and how to diagnose your system. Once again, read these notes twice, print them, and save them for later. Hit OK.

Now sit back because the hard drive of your computer will undergo the encryption process. When I encrypted a 100GB NTFS partition on Windbringer, it took about two hours to run to completion. Encrypting the VMware image took about thirty minutes (though it was only 8GB in size). Larger drives could require up to twelve hours to fully encrypt, so don't do this the night before you're supposed to catch your flight. When the process is finished, you'll get an OK window telling you so. When you hit the Finish button, the Truecrypt windows will vanish but an icon for it will appear in the system tray.

Now the acid test: reboot your box. When you get back to the TrueCrypt Boot Loader screen, enter your password. If it's right, Windows will boot back up.

When everything is said and done, every last block of data on your drive (whether or not it holds any data) will be encrypted, and under inspection with a hex or disk editor will look like junk. An attacker won't be able to tell where the data is, how much data there is, when it was last updated, or anything like that because all file system structures on the drive will be encrypted as well. This sounds excessive, but is useful because with less well designed WDE systems it might be possible for an attacker to find patterns in the data on the disk and determine that "Everything near the front of the drive is clumped together and doesn't seem to change much, so that's probably the OS. This blob of noise on the drive over isn't very big - a couple of megabytes, at most, so that's probably some basic user files, a couple of pictures, maybe a .pdf or three. The rest of the drive is full of the string 'AAAAAAAAAAAAAAAA', so that must be what unused disk space looks like. This system doesn't look like it's used much; it might be a decoy."

When you encrypt a Windows drive with Truecrypt, Truecrypt relocates the boot loader (the software used to actually load the OS) farther down into the encrypted partition and installs itself in the first cylinder. When the computer boots up, it runs the Truecrypt bootloader, which prompts you for a passphrase. The passphrase is used to attempt to decrypt part of the encrypted partition (I'm oversimplifying - read the Truecrypt docs if you want the nitty-gritty), and if it looks like a copy of the default Microsoft Windows bootloader, it runs it on top of itself, translating disk accesses into decrypt or encrypt-and-disk accesses on the fly. Whole disk encryption that you never know is there once it's up and running is yours to enjoy. I will warn you that there will be a slight performance hit, which is why I told you to make use of the crypto algorithm benchmark option during the encryption process. If you chose wisely, you might not ever notice. I strongly recommend installing the latest revision of TrueCrypt (in February of 2009, the v6.x series) because it can make use of multiple CPUs in a machine to speed up encryption and decryption.

For those of you who multi-boot more than one OS on your computer, Truecrypt WDE plays nicely with Linux, BSD, or what have you so long as you install the boot loader (LILO or GRUB) on the first partition of your other OS and not the MBR (master boot record) of the drive. For example, if you have Windows on /dev/hda1 (the first partition of the drive, using Linux nomenclature), Ubuntu on /dev/hda2 of the drive (the second partition), and a swap partition on /dev/hda3, you'll have to install GRUB on /dev/hda2 and not /dev/hda. If GRUB or LILO (which I hope you aren't using because it lacks many features of GRUB that'll spoil you the first time you really try it) is already in the MBR, don't worry, just re-install it on your first Linux partition using these directions. I highly recommend removing GRUB from the MBR before setting up Truecrypt WDE to avoid mishaps (you never know); I used these instructions. Also, when Truecrypt asks you if you want to encrypt the whole drive or just the Windows system partition, check the radio box for "Encrypt System Partition/Drive" before moving on. After your Windows partition is encrypted, the Truecrypt bootloader will present you with the same choice choice as before. However, if you hit the ESC key, Truecrypt will probe the other partitions on the drive for boot loaders and if it finds one (like the aforementioned copy of GRUB on /dev/hda2) it'll execute it and then remove itself from memory because it won't be needed.

Of course, adjust partitions and their names as appropriate to your setup.

This work by The Doctor [412/724/301/703] is licensed under a Creative Commons Attribution / Noncommercial / Share Alike 3.0 License.