Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Digital Forensics - Lecture 14 - Critical Analysis of Cryptography in use

Bitlocker, Filevault and other Cryptography used in different platforms

Masudur rahman

on 14 November 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Digital Forensics - Lecture 14 - Critical Analysis of Cryptography in use

Analyse the problems associated with different Encryption used by Major Providers
Compare the encryption technologies used in mobile devices

Which product do you
to buy?
Everbody likes to laugh...
use humor
Session Objectives
Mac's FileVault
How to protect the organisation from these threats?
Can we compare the benefits and disadvantages of using BitLocker, EFS and FileVault?
By working in group, please identify the advantages of using Blackberry Encryption
Can you also explain the disadvantages of this same encryption?
SMB Protocol
With P2P applications based on the Gnutella protocol, people can make files on their hard disks available to others for downloading. Gnutella-compatible client software allows users to connect to Gnutella services over the Internet and to locate and access resources shared by other Gnutella peers.

Many client applications are available for accessing the Gnutella network, including: BearShare, Gnucleus, LimeWire, Morpheus, WinMX and XoloX (see a screen capture of LimeWire in the figure). While the Gnutella Developer Forum maintains the basic protocol, application vendors often develop extensions to make the protocol work better on their applications.
Encryption used by Android
By end of this session we will be able to explain
How BitLocker works
How FileVault works
Encryption used by Blackberry and Android
Analyse the problems associated with different encryption techniques
TrueCrypt Encryption
Encryption used by iOS
What would be the benefits of using iOS encryption?
Encryption used by Blackberry
By working in group, can you identify the advantages of encryption used in Android OS?
Please explain the disadvantages of this this Encryption
Session Summary
Blackberry Encryption
Android Encryption
Security feature provided by Windows OS to encrypt the data volume.
BitLocker requires to have TPM (by default) to encrypt the hard drive volume.
This encryption tool protects the OS and user data stored on a drive
BitLocker can also be used without TPM, which will need additional configuration of Group Policy or having script.
If BitLocker is used without TPM, user will need USB key to store the encryption key.
Before we understand how BitLocker works, we need to understand Trusted Platform Module (TPM)
A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys.
The TPM is usually installed on the motherboard of a desktop or portable computer, and communicates with the rest of the system by using a hardware bus.
Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure.
The generated key will not only be wrapped but it will also be tied to a specific hardware software condition, which is known as "sealing". Any change to the windows registry or system files will be identified by BitLocker and the drive data will be encrypted to the user.
BitLocker prevents the user from offline attack and provide the data security
If BitLocker encryption enabled, hard drive volume can not be removed and work on a different computer
Data in the Hard Drive Volume can not be accessed by booting the computer from a DVD or USB (e.g. Portable OS like Linux)
TPM stores the "Encryption Key" used by BitLocker
BitLocker will check the initial boot process. If there is any change, drive will remain encrypted.
If the computer does not have TPM, a USB memory devices will have to be used for the key, what will be needed to decrypt the data.
Requirements for BitLocker
Windows 7 or above
100MB System Partition (hidden and protected)
Additional partition for BitLocker itself - where the Boot files and encryption related information will be stored. This will be known as BitLocker Partition but will not be encrypted itself.
TMP Chip needs to be Version 1.2 or Higher
TPM Chip needs to be enabled on BIOS
Option Available to use BitLocker Encryption
TPM Only - Computer will boot, if everything is OK. If someone can take the full computer, they can see the contents of the hard disk volume
TMP and PIN: Without knowing the PIN, user can not boot the computer
TPM and USB Key - Instead of remembering the PIN, key can be stored on a USB key, what will have to be plugged in to boot the computer.
TPM, USB Key, PIN- Most secure method to use BitLocker
USB Key only - If the computer does not have TPM chip
Boot file?
FileVault 1 encrypted the files only NOT the whole drive.
FileVault 2 allows to encrypt the core storage
This allows to have both encrypted and decrypted partitions on same physical drive
When boots, MAC will start with the decrypted partition to access the boot files and the other tools to unlock encrypted partition
Mac boots, when right authentication has been provided
Points to be noted..
FileVault Encryption will work along with user ID / Password
Only the authorised users will be allowed to login or to use the encrypted drive
Three attempts of login with wrong password will requires to provide the "Encryption Key (Recovery Key)" which has been generated by the FileVault when started encryption
With FileVault 2, data is safe and secure — even if the Mac falls into the wrong hands.
FileVault 2 encrypts the entire drive on your Mac, protecting your data with AES encryption.
Initial encryption is fast and unobtrusive.
It can also encrypt any removable drive, helping you secure Time Machine backups or other external drives with ease.
Instant wipe removes the encryption keys from your Mac — making the data completely inaccessible — then proceeds with a thorough wipe of all data from the disk.
The BlackBerry Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting data. By default, the BlackBerry Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server and the BlackBerry device support for BlackBerry transport layer encryption.

If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry Device Software version 3.7 or earlier or BlackBerry Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device transport keys of the BlackBerry device using Triple DES.
Encrypting File System (EFS)
Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure.

Some key features of EFS:
Encrypting is simple; just select a check box in the file or folder's properties to turn it on.
You have control over who can read the files.
Files are encrypted when you close them, but are automatically ready to use when you open them.
If you change your mind about encrypting a file, clear the check box in the file's properties.
Comparison between BitLocker and EFS
BitLocker encrypts all personal and system files on the operating system drive, fixed data drives, and removable data drives.
BitLocker is NOT dependent on individual user account
BitLocker uses TPM
Only the Administrator can turn on BitLocker

EFS encrypts personal files and folders one-by-one and doesn't encrypt the entire contents of a drive.
EFS encrypts files based on associated user account. Individual user can encrypt their own files.
EFS does not requires any special hardware
It is not required to be an administrator to encrypt the file by using EFS. Any user can encrypt their OWN files.
An open source encryption software, what used to use AES 256 encryption and provided the opportunity to encrypt on Windows, Linux and Mac OSs; which made this tool quite popular among the users. This tool could encrypt the volumes or removable storage devices. TrueCrypt has stopped the service since Microsoft's latest OSs provides the option to encrypt the drive by using BitLocker, which is a strong tool for disk encryption. All the other popular OSs also providing similar functions. Still this tool can be used to migrate any encryption from TrueCrypt to BitLocker.
Like other large vendors, Android offers some interesting way of authentication including face recognition, pattern recognition, using PIN etc. We will briefly go through with the encryption technology used by Android 5.
Android disk encryption is based on dm-crypt, which is a kernel feature that works at the block device layer.
Encryption works with Embedded MultiMediaCard (eMMC) and similar flash devices that present themselves to the kernel as block devices.
The encryption algorithm uses Advanced Encryption Standard (AES) with cipher-block chaining (CBC).
Any disadvantages?
All information taken from Microsoft
Full transcript