Disk encryption hardware

To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses hardware which is used to implement the technique (for cryptographic aspects of the problem see disk encryption). Compared to access restrictions commonly enforced by an OS, this technique allows to protect data even when the OS is not active, for example, if data is read directly from the hardware.

Hardware designed for a particular purpose can often achieve better performance than software implementations. And disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialized, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.

Criticism

Some disk encryption hardware was criticised for using keys as small as 40 bits, which can be easily attacked by a brute-force attack, however the latest disk encryption hardware uses 256 bit keys.

Hardware solutions have also been criticised for being poorly documented. Many aspects of how the encryption is done are not published by the vendor. This leaves the user with little possibility to judge the security of the product and potential attack methods. It also increases the risk of a vendor lock-in.

In addition, implementing hardware-based full disk encryption is prohibitive for many companies due to the high cost of replacing existing hardware. This makes migrating to hardware encryption technologies more difficult and would generally require a clear migration and central management solution for both hardware- and software-based Full disk encryption solutions.[1]

References

  1. ^ Closing the Legacy Gap. Secude. February 21, 2008. http://www.secude.com/html/?id=1375. Retrieved 2008-02-22. 

See also



Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Disk encryption — uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term full disk encryption (or whole disk encryption) is often used to… …   Wikipedia

  • Disk encryption theory — Disk encryption is a special case of data at rest protection when the storage media is a sector addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For discussion of different software packages and… …   Wikipedia

  • Hardware-based full disk encryption — is being pursued by a number of HDD vendors including Intel, Seagate Technology, and Hitachi, Ltd. with the rest of the hard drive industry following. Encryption and the symmetric encryption key is maintained independently from the CPU, thus… …   Wikipedia

  • Disk encryption software — To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique (for cryptographic aspects of the problem see… …   Wikipedia

  • Full disk encryption — (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk or disk volume. The term full disk encryption is often used to signify that everything on a disk, including the… …   Wikipedia

  • Comparison of disk encryption software — This is a technical feature comparison of different disk encryption software. Contents 1 Background information 2 Operating systems 3 Features 4 Layering …   Wikipedia

  • Full Disk Encryption — (FDE) beschreibt eine Verschlüsselungstechnik in der Informatik, bei der sämtliche Daten eines Datenträgers verschlüsselt werden. Bei der Art der Verschlüsselung kann zwischen soft und hardwarebasierten Lösungen unterschieden werden. FDE ist ein… …   Deutsch Wikipedia

  • Encryption layer in storage stack — There is a plurality of terms that are used to describe implementations of disk encryption: on the fly encryption (OTFE); full disk encryption (FDE), whole disk encryption; filesystem level encryption, encrypted filesystem, cryptographic… …   Wikipedia

  • Encryption — Encrypt redirects here. For the film, see Encrypt (film). This article is about algorithms for encryption and decryption. For an overview of cryptographic technology in general, see Cryptography. In cryptography, encryption is the process of… …   Wikipedia

  • Disk image emulator — A disk image emulator is computer software designed to mount a disk image, usually of a CD or DVD, from a local hard drive or USB flash drive. The mounting is usually done by creating a virtual drive on the system, that to the operating system… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.