WHY WOULD ANYONE WANT TO ENCRYPT COMPUTER FILES?
The simple answer is the same answer that has been given for thousands of years - so that only the intended recipient/owner of the information has access to it.
Times change - tattooed heads give way to quantum encryption but the underlying need remains the same - privacy. In this day and age information truly is power - and as States attempt to control more of what their inhabitants say - often in the name of 'The War on Terror' - it is arguable that the need for privacy becomes more and not less.
After all, whilst one might trust a freely elected Government would one be quite so willing to trust a computer tape operator paid $15,000 pa and working under contract from an IT firm to a central Government?
'If you have nothing to hide then you have nothing to fear' is the oft quoted retort but even if one truly has no 'dirty laundry' do you really want anyone and everyone knowing you opinions, likes, dislikes and so on?
Here in the UK - as part of the European Union we now have laws in place which mandate internet service providers to store the details - but not - yet - the contents - of all e-mail messages which pass through their systems. And also legislation to make them log details of which web sites you visit. Both so that the State can see what you have been doing and who you have been doing it with.
(Now please don't say that how does this work with webmail sites like Hotmail which are outside of the UK and where no 'emails' flow from subscriber to recipient if both use Hotmail.. after all, politicians are not the best people to get to grips with complex technical issues - they like to be seen to 'act'... and 'respond to the citizens' demands.. don't they?)
So, introduction over, let's assume we've proven the case for privacy and accept that encryption of emails is a sensible step and that encryption of hard disks - or the files there on - makes sense for laptops and possible desktop PCs as well.
HOW DO WE DO IT?
I would suggest 'simply' and 'Open Source' - if possible.
Simple because simple is always better than complex and Open Source because
(i) it's free and
(ii) it is 'open' so you - or a knowledgeable chum - can check that the source code really does do what it says on the tin and no, it doesn't have any hidden 'back doors'
So assuming we want a quick solution 'off the shelf' then what (as of April 2009) is available?
Cutting to the chase, clipsecure is an OpenSource package available as source and binaries which uses AES encryption which is a symmetric key method. In the Windows world, clipsecure binaries are less than 150kb in size and do not need to be 'installed' and so leave no footprint.
Clipsecure works well with Outlook and Webmail and appears stable and easy to use. Like all symmetric key systems it suffers from the 'shared secrets' problem - that is, transmitter & recipient have both to know the common crypt and decrypt key. Clipsecure will also work on small (less than 10GB) files. It also works with Rich Text format emails
If 'shared secrets' is a problem for your operational needs then an asymmetric key algorithm would be a good solution.
PGP - GNUPG
With these programs users have a private and public key - the private one is kept secret but the public one is made freely available. Of course, the two keys are related mathematically, but it is not feasible (note I do not say 'not possible') to calculate the private key from the public one.
Typically these types of systems use a ‘hash’ function to derive one key from then other. These trapdoors functions typically are easy to do one way but very hard to do the other way. Systems based on the factorisation of primes are typical of this class.
Probably the best example of a public private key system is PGP – Pretty Good Privacy, which was developed by Phil Zimmerman. This started life as an Open Source product but has since become commercial and ‘closed’ – hence defeating one of our prerequisites, that is, the ability of users to be sure that there are no hidden functions, weaknesses etc in the system. Today, (2009), PGP is still available but a better substitute of GNUPG, which builds on the last Open Source version of PGP and extends it. It is also interoperable with the current commercial PGP versions and can and does share the same key servers.
What’s a key server I hear you ask? Well, a key server is one solution to the exchange of public keys between correspondents. It allows users to upload their public keys to an open server and for recipients of messages to then independently obtain the senders public key from the server. There currently exists a global web of several hundred such servers. See http://www.pgp.net/pgpnet/wwwkeys.html Another solution is just to email ones public key along with a message, but there are obvious issues of verification and authentication over this approach.
This brings us onto the next part of the problem. How can we be sure that a correspondent is who they say they are? Just because I claim to be the Emperor of Mars does not mean I really am him. So PGP (& GNUPG) use a web of trust to reinforce users’ verifiability. One way to help with this is the ability to let users add images to their keys – so a recipient can see if it looks like the person they expect.
PGP/GNUPG also has numerous other features to enhance security and to verify both users and messages. Highly recommended but a little tricky to both install and mentally get to grips with. But if you care about security it’s well worth it.
PGP/GNUPG can also be used to 'sign' a message to reveal if it has been edited. Look at the three screen shots below...
In the sample above we 'sign' it and then verify it show all is well.
Note that when we remove the red higlighted character in the message and reverify it it fails, showing that the message is no longer as the sender intended.
One problem with PGP is that it is so obvious. Look at this message...
It might be unreadable but you sure know there is probably something in there worth reading!
Clipsecure gives a similar, rather obvious encoded block of text, but without any identifying tags. With blocks of cyphertext like this it obvious to any third party that there is something of interest here and so the next question is how can we hide the fact that there is a message at all? Actually, in the more general sense, one might phase this as ‘plausible deniability’. That is, if asked, or pressed, it is possible for the originator of the cypertext to deny any knowledge of it and for the enquirer to be unable to prove it.
This is important for in most of the EU local legislation makes it an offence for a user not to give up encryption keys to the Authorities when they demand them.
So how about this message?
The one on the left carries a hidden message – the one on the right is the original untouched image.
This is Steganography – or hidden writing.
In this case the hidden message says:
This is the plaintext which will be encrypted. Flee! - All is revealed and we have been discovered!
Not only is it hidden inside the picture but is is also encrypted as well. The technique uses various ways of hiding data in the least significant bits o0f the image so as to avoid any obvious visual artefacts. Looking at the carrier image with a hex editor reveals no fingerprint or other sign of the hidden content. As with clipsecure, the encryption password must be agreed and exchanged in advance and although unlikely it is possible that future computer techniques might be able to use statistical analysis to suggest that the images does carry a message.
Of course, rather then hiding plain text in the image one could use clipsecure or some other program to encrypt the plaintext and then steganogrphy to conceal it. But, and there is always a but….
The Open Source program we used for this demonstration of steganography is called OpenStego and it needs the input message file to exist as plain text on the PC so it can be loaded into the image. Which means that even if it’s deleted by the users after encryption elements of it will remain on the hard disk and can be easily discovered and recovered by any forensic expert who gains physical access to the computer.
So this brings us onto the final stage of the process, which is how we ensure that even if the PC is compromised it is not possible for an investigator to prove that it has been used for encryption purposes. Like stage magic, one of the best methods would be in fact, I suggest, to misdirect the observer. That is, to allow – under duress – the human user to confess that the PC had in fact been used for encryption but then to mislead the investigator as to the purpose of the concealment.
A mistress, a collection of pornographic images, medical records, traces of gambling etc all are plausible and suitable for being hidden from work colleagues, family members and so on. So technically, one solution would be to use a virtual machine (VMWare) which is used for cipher traffic and which never saves it’s state and so whilst it will reveal cipher tools it will never reveal remains of messages etc.
A more subtle approach is to use an Open Source product such as Truecrypt whose designers have given considerable through to the whole issue of plausible deniability. It is possible to set Truecrypt up in such a way as to make it difficult to find in the first place and then if and when found, the user under duress can ‘confess’ and reveal a password which opens a Truecrypt volume which contains, say, pornographic images, but has hidden inside it another totally hidden Truecrypt volume which contains the real secret files.
There is no known means of revealing the presence of this second TrueCrypt volume and so it’s security can be guaranteed.
So confess to a minor crime and escape the major one.