Full disk encryption (FDE) Software Performance secrets

Bkjia.com integrated message] At present, full disk encryption FDE technology is well respected, and FDE based on full disk encryption is also widely used in the world. Whether it is the well-known Safeboot, Pointsec, or the only FDE software DiskSec in China, as well as DriveCrypt, Dekart Private Disk, PGP Desktop, and free open-source TrueCrypt, FreeOTFE 3.00, and 7-Zip, are gradually known to users and installed on the laptop to prevent data leakage after the laptop is lost, stolen, repaired or scrapped.

Full Disk Encryption), as the name suggests, is to encrypt and decrypt the data on the entire Disk, but this interpretation is not completely accurate, and a more accurate explanation is: dynamic encryption and decryption technology is used to dynamically encrypt and decrypt all data on the disk, including the operating system. FDE has been developing abroad for more than a decade, and its technology is quite mature. Many products based on FDE technology have been widely used. FDE technology in China started relatively late, but the DiskSec provided by Beijing yisaitong is very mature and widely used among military and enterprise users.

Next, I will give a brief introduction to the performance of FDE software. I mainly want to compare the FDE product with other software used to protect laptop data, and make a simple evaluation of some FDE performance. I use DiskSec, the only full-disk encrypted FDE software in China, as a representative product of FDE. Compared with other products,

I. Comparison between FDE software and hidden space Software

Figure 1

There is a type of product on the market that creates a hidden space on the disk and then places the target file in the hidden space, so that illegal operators cannot find the file to prevent data leaks. However, after my tests and comparisons, this type of hidden space software is actually very low in security and is easy to crack and find files. Even if the file is not encrypted, it is easy to capture the plaintext, resulting in leakage.

In comparison, DiskSec does not leave a backdoor and cannot be cracked. In addition, the data on the disk is encrypted with high strength, providing high security. The comprehensive evaluation performance is much higher than that of the hidden file software products.

Ii. Comparison between FDE software and virtual disk encryption software

The virtual disk is encrypted. It is obvious that a virtual space is created on the hard disk and files are stored in the virtual space for encryption to prevent data leakage. It can be seen from the principle that the virtual disk encryption software cannot encrypt the C disk and the operating system, leaving a huge vulnerability.

Figure 2

Virtual Disk encryption and full disk encryption both encrypt the disk. However, full disk encryption can encrypt all data on the disk, including the C disk and the operating system, so there will be no leakage. Moreover, the FDE software is started prior to the operating system, and illegal operators cannot crack the FDE software by cracking the boot password.

On the whole, the access control method of FDE is very strict, and its security is much higher than that of the virtual disk encryption product.

Iii. Comparison between FDE software and hard disk chip-level FDE

The so-called hard disk chip-level FDE is to implant the FDE function into the hard disk, the hard disk itself has the full disk encryption function, no longer through the installation of software to achieve encryption. Currently, mainstream hard drive manufacturers all support FDE hard drives. Hardware Encryption is completely isolated from the operating system and transparent to the operating system. The hardware encryption process is usually completed by an independent encryption control chip for Data Encryption/decryption operations. The entire process basically does not require CPU support, the principle is to convert the data to an unidentifiable data module, so the encryption/Decryption speed and security are better than those of the software.

The security level of hardware encryption is much higher than that of Software Encryption. In principle, the hacker attempts to "brute-force cracking" are eliminated, so it is more secure. However, hardware encryption relies heavily on encryption cards. If the encryption card is damaged or the USB encryption disk is lost, even the user cannot access the encrypted machine, however, the encryptor cannot copy the new key. However, the high implementation cost of hardware encryption also blocks its wider range of applications. For ordinary users who do not require high data security, they prefer Software encryption.

Figure 3

Iv. Comparison between DiskSec and foreign full disk encryption software

As you can see, you may have a rough understanding of FDE performance. If you have a good idea, you must know what it will do if FDE in China and FDE in foreign countries compete. Is it because FDE software in China is more advanced or FDE in foreign countries?

I am very responsible to tell you That FDE software at home and abroad adopts the same technical principles and functions, but I have also tested its performance. To satisfy your curiosity, I am also willing to list the relevant results.

Figure 4