GB2469141A - Protecting data from unauthorised access using one-time pad stored on removable storage device - Google Patents

Protecting data from unauthorised access using one-time pad stored on removable storage device Download PDF

Info

Publication number
GB2469141A
GB2469141A GB0905917A GB0905917A GB2469141A GB 2469141 A GB2469141 A GB 2469141A GB 0905917 A GB0905917 A GB 0905917A GB 0905917 A GB0905917 A GB 0905917A GB 2469141 A GB2469141 A GB 2469141A
Authority
GB
United Kingdom
Prior art keywords
key
data
drive
files
folders
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0905917A
Other versions
GB0905917D0 (en
Inventor
Peter Norman Panayi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0905917A priority Critical patent/GB2469141A/en
Publication of GB0905917D0 publication Critical patent/GB0905917D0/en
Priority to EP10717197A priority patent/EP2414984A1/en
Priority to PCT/GB2010/000660 priority patent/WO2010112869A1/en
Publication of GB2469141A publication Critical patent/GB2469141A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A system for protecting data held on a hard drive of a laptop or other personal computer from unauthorised access uses a one-time pad based encryption and decryption key stored on a removable storage medium, such a USB flash drive or memory stick. The key is produced by a random thermal electronic noise source subjected to entropy distillation to maximise the randomness of the data. The key is preferably in two parts, each a onetime pad, one located in the personal computer and the other on the removable storage medium. Driver software for implementing the method is provided on the removable storage medium for installation in the personal computer, wherein a virtual disk drive is created which the user drag folders or files into, thereby causing the folders and files to become encrypted. The encrypted folders and files may be backed up to other storage devices, and cannot be read without the key. Deleting folders or files from the virtual drive causes them to be either decrypted or deleted from the hard drive. The USB flash drive storing the key may be kept on a key ring.

Description

1. Description of Invention
The Problem The nature of one aspect of the problem being addressed by this invention is partly illustrated by a type of occurrence frequently reported in the press. That is the loss or theft of a laptop, CL) or memory stick containing sensitive information. Closely related are the unease of ordinary computer users in the lack of security of personal or company data kept on the home or office computer or laptop. if your laptop is lost or stolen the thief has access to all of your data. In addition to loss or theft there is unease at the currently emerging technology whereby personal data is backed up to a virtual storage repository somewhere in cyberspace rather than a local hard copy.
Whilst most of such data would be of no interest to the average thief, some types of data are of very great interest These include bank details, bank statements increasingly transacted in paperless form, login details and passwords to all kinds of online services now too numerous to hope to remember them all correctly and personal details which could be used to support identity theft There is currently no suitable system available to the ordinary computer user which can protect this type of data in a foolproof way that is transparent to and requires no action or knowledge on behalf of the user. The invention being described aims to affordably and easily allow computer users absolute control over the security of their osii data The Solution What follows is a complete solution to the problem so long as one thing is assured.
The secret key remains safe. The invention is a solution to the problem because it does not require any action by the user to ensure that data written to the computer hard drive is encrypted. It happens automatically. Also so long as the key is kept safe it is perfect in that data cannot be decrypted without the key. It is theoretically impossible. Also by using two such random keys the system ensures that even if one key is stolen, data backed up to a remote and possibly insecure server is also safe.
Cheap mass storage flash drives, many of which have retractable plugs and are designed to be attached to a key ring, are now available with a capacity of up to E4 gigabytes.
The invention consists of such a device loaded with random data derived from a truly random source in conjunction with special driver software. Every key supplied is a very Large one time key which will contain different random data to any other key and will have encoded within it a unique identification number identifying the key. Each key is also supplied with a second key which will reside only on the computer to be protected. The first key is referred to as the portable key and the second the fixed key.
Encryption and decryption is automatic. All the user has to do is ensure the key is present and to drag files or folders into a window representing the files to be encrypted.
2 Detailed Description
Cryptography It will be helpful in order to understand this invention to briefly review some of the basic concepts of cryptography.
One of the simplest methods of encrypting data is a simple substitution cipher. An example that almost everyone knows is to substitute every letter in the alphabet by a different letter so that the message becomes unreadable. Again almost everyone knows how to break such a code. One simply looks at the frequency of occurrence of the various letters making use of the fact that the frequency is, in language, different for each letter. As more letters are found more can be found making use of the fact that recognition of words is possible even if some of the letters are missing, Of course such a cipher is quite useless and is never used.
At the opposite end of the scale of security is an equally simple scheme which at one time was widely used. It is the one time random key or "one time pad". An example of this would be to modify in some way each part of the message (say each character, each byte or each bit) by incorporating a random piece of data. This random data is the key. it is often said that all forms of cryptography are in principle decipherable given sufficient time and computing power. This is not actually true. In fact it is common knowledge that if a truly random key can be generated and kept secure a message encoded with such a key can never be decoded no matter how much computing power is available, in fact it is very easy to see why this is true. A non mathematical version of this argument might go roughly like this: Suppose you have a message encoded by a random key. The encrypted message appears to be just random data. It is obvious that the same random data could have been created from any other message by using a different random key. Since the key is random, these two random keys are equally probably the actual key and so the two messages are equally probably the real message. It follows that any message or part of message is equally probably a solution. Thus no amount of statistical analysis can ever lead progressively closer to the correct solution. All conceivable messages are equally probably the correct one.
This argument does not apply if the data is not truly random. For example, if it is generated by some form of pseudo-random number generating algorithm or if the data is biased in some way then this opens the door to possibLe attempts at decryption.
More seriously if some part of the key is used more than once for different message content then decryption becomes in principle very easy. That is why it is known as a one time key. It must be used only once.
One time keys are very rarely used for several reasons.
1. The key can only be used once and so the key needs to be as big as the data being encrypted. Thus to encrypt the whole of your hard disk you need another storage facility of the same size.
2. If used for secure communications it can only be used by one sender and any recipient also needs a copy of the key. This poses obvious security problems.
Ideally the sender should destroy the key after use, there should only be a single recipient who destroys the key after reading the message.
3. It has not been easy to envisage until now a system whereby the large key can be reliably guaranteed to be kept in a separate place to the data For example if supplied on a CD there is a high probability that the CD would get left in the computer by mistake.
With the availability now of very cheap and small mass storage devices the size problem has gone away.
Although generating large amounts of truly random data is not trivial, the techniques are well known and with modem electronics it is not a problem to generate such data in an economical time.
Modem communications technology mostly uses public key cryptography In this a prospective recipient makes available publicly an encryption key which anyone can use to send data to him. The highly mathematical encryption algorithm uses what is known as a "trap door function". This means that although it is theoretically possible to decrypt the data using the encryption key, there is an enormous discrepancy between the computing power needed for decryption and that needed for encryption.
So much so that decryption is impractical for the average would be hacker. The recipient uses a separate secret decryption key which allows computationally efficient decryption. Great care is needed in choosing the characteristics of the keys employed to ensure that decryption without the decryption key is not too easy. This is usually automated but it is not easy to know just how secure these systems are in reality.
Other systems are also in use in which a secret key is typically generated from a pass phrase or password. Encryption is then carried out by an algorithm of some sort.
There are many such standard methods. In this product the option to use such a method for the fixed key only is left open but the following description relates to the situation where both keys are one time pads.
The Key The key is in two parts both of viiich are, in the implementation being described here, one time pads, The keys are initially loaded onto a flash drive, the size of which depends on the requirements of the specific user. The product is not intended for encrypting large files such as photos or videos and so the requirement of the average user will be no larger than 1 gigabyte. However with current technology the size could be up to 32 gigabytes.
The key consists of' random data organised into files, The data is produced by a random thermal electronic noise source which has been subjected to a process known as entropy distillation to maximise the randomness of the data.
On installation of the key the user must go through the steps necessary to create a copy of the original key for backup purposes and then the fixed key is extracted and installed on the target computer. The original copy of the fixed key on the flash drive is then securely shredded.
The user must decide where the fixed key is located. If the user intends to allow automated backup of the whole disk then the key must be located elsewhere, for example on another USB device, a memory card or other plug in card which the computer may accept such as an SI) card. The user may decide that he is not worried however about the security of backed up data in the event of theft of the portable key and so these precautions will not be necessary. In this case the user will be given the option of not using a fixed key at all and therefore having access to a portable key of twice the size.
The User Interface The user must install prior to first use driver software which implements the above and the following functionality. The installation is automated and made as transparent to the user as possible.
On installation of the driver software an artificial disk dnve will be created. We will call this the virtual drive. On opening this drive the user initially sees an empty drive whose capacity (free space) is the remaining encryption capacity of any key present.
At the same time a disk drive on the computer is assigned as the target drive for encrypted files. This is normally the main hard drive on the computer but may be any drive or a folder. The user is prompted to accept the default or change it. Encrypted files are created in one of two ways: They are always double encrypted with the portable and fixed keys unless the user has chosen the option of no fixed key.
By dragging files or folders from the target drive to the virtual drive. When an item is dragged to the virtual drive it does not disappear from the target drive as in a normal move operation but the item on the target drive will now become encrypted. To read or modify files in an encrypted folder they must from now on be accessed via the virtual drive. When an item is dragged into the virtual drive the directory (folder) structure above the item on the target drive is duplicated on the virtual drive but the contents of folders above the dragged item will be empty. If the item is a folder the user will be asked whether to include flies and sub folders. Nothing is actually ever written to the flash drive but a virtual mirror of the dragged items appears to be on the virtual drive.
Files or folders can be created on the virtual drive in exactly the same way as any other files. The only difference is that they are not really there. When an item is created on the virtual drive the real data is created on the target drive in the corresponding part of the directory structure but in an encrypted form.
When an encrypted file is modified it will be re-encrypted with afresh part of both keys.
If it is desired to permanently decrypt a file or folder it can simply be deleted from the virtual drive. The user Will then be prompted as to whether the data should be reinstated on the target drive in an unencrypted form or deleted altogether.
Of course if the key is removed decryption is impossible and the encrypted data can not be accessed. in this case on attempting to open an encrypted file the user Will be prompted to insert the key with which it was encrypted. The encrypted data can and should however be backed up in the same way as any other important data to another flash drive, a CD/DVD, USB or network hard drive or a server on the local network or the internet. The only difference is that the encrypted data cannot be read Without the key so that if the backup flash drive or Cl) is left on a train there is no way on earth that even the most sophisticated criminal could ever read it. The only possibility of risk comes if the key is left unattended with the laptop. That is why the seemingly trivial point about flash drives being designed to be kept on a key ring is in fact very important. Almost everybody carries a car key or door key of some description and peop'e tend to keep their keys separately from their computer peripherals thus making accidental loss of both together much less likely. Also if the key is stolen, backed up data on a server, CD or flash drive which the thief might have access to cannot be decrypted. Because the fixed key is also needed the thief needs also to steal or access the computer itself
5. Prior art
Techrnques The component parts of this invention are not in themselves novel. There is no intention for example to claim ownership of the idea of a particu'ar type of encryption technology. The idea of automatic encryption using a virtual drive is also used in several encryption products.
It is putting the ideas together in the product described which constitutes the invention and completely solves the problem which was to be solved.
Similar products Despite a determined search the author has not found any similar products on the market. The closest are a couple of encrypted USB flash drives which use hardware encryption to encrypt data stored on them. These are fundamentally different in that the encrypted data is stored on the flash drive. The computer itself still has the original unencrypted data. In the invention described here the unencrypted data no longer exists, it has been overwritten by the encrypted data and no user data is stored on the flash drive encrypted or otherwise.
GB0905917A 2009-04-04 2009-04-04 Protecting data from unauthorised access using one-time pad stored on removable storage device Withdrawn GB2469141A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
GB0905917A GB2469141A (en) 2009-04-04 2009-04-04 Protecting data from unauthorised access using one-time pad stored on removable storage device
EP10717197A EP2414984A1 (en) 2009-04-04 2010-04-01 A data protection system
PCT/GB2010/000660 WO2010112869A1 (en) 2009-04-04 2010-04-01 A data protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0905917A GB2469141A (en) 2009-04-04 2009-04-04 Protecting data from unauthorised access using one-time pad stored on removable storage device

Publications (2)

Publication Number Publication Date
GB0905917D0 GB0905917D0 (en) 2009-05-20
GB2469141A true GB2469141A (en) 2010-10-06

Family

ID=40750158

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0905917A Withdrawn GB2469141A (en) 2009-04-04 2009-04-04 Protecting data from unauthorised access using one-time pad stored on removable storage device

Country Status (3)

Country Link
EP (1) EP2414984A1 (en)
GB (1) GB2469141A (en)
WO (1) WO2010112869A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102207913B (en) * 2011-06-09 2019-05-31 中兴通讯股份有限公司 The control method and device of write-protect in embedded system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5802175A (en) * 1996-09-18 1998-09-01 Kara; Salim G. Computer file backup encryption system and method
US20060041934A1 (en) * 2004-08-17 2006-02-23 Microsoft Corporation Physical encryption key system
US20070011469A1 (en) * 2005-07-11 2007-01-11 Simdesk Technologies Secure local storage of files
US20080181412A1 (en) * 2007-01-26 2008-07-31 Microsoft Corporation Cryptographic key containers on a usb token

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2449410B (en) * 1992-10-30 2009-04-08 Commw Of Australia Communications trusted path means
US7962755B2 (en) * 2006-04-28 2011-06-14 Ceelox, Inc. System and method for biometrically secured, transparent encryption and decryption
US20080181406A1 (en) * 2007-01-30 2008-07-31 Technology Properties Limited System and Method of Storage Device Data Encryption and Data Access Via a Hardware Key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5802175A (en) * 1996-09-18 1998-09-01 Kara; Salim G. Computer file backup encryption system and method
US20060041934A1 (en) * 2004-08-17 2006-02-23 Microsoft Corporation Physical encryption key system
US20070011469A1 (en) * 2005-07-11 2007-01-11 Simdesk Technologies Secure local storage of files
US20080181412A1 (en) * 2007-01-26 2008-07-31 Microsoft Corporation Cryptographic key containers on a usb token

Also Published As

Publication number Publication date
EP2414984A1 (en) 2012-02-08
GB0905917D0 (en) 2009-05-20
WO2010112869A1 (en) 2010-10-07

Similar Documents

Publication Publication Date Title
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
US8315394B2 (en) Techniques for encrypting data on storage devices using an intermediate key
US20080104417A1 (en) System and method for file encryption and decryption
US8204233B2 (en) Administration of data encryption in enterprise computer systems
US10592641B2 (en) Encryption method for digital data memory card and assembly for performing the same
Deshmukh et al. Transparent Data Encryption--Solution for Security of Database Contents
US20080016127A1 (en) Utilizing software for backing up and recovering data
US20080235521A1 (en) Method and encryption tool for securing electronic data storage devices
US8200964B2 (en) Method and apparatus for accessing an encrypted file system using non-local keys
JP2008505571A (en) Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation
JP2009225437A (en) Secure disposal of stored data
CN114175580B (en) Enhanced secure encryption and decryption system
CN103745162A (en) Secure network file storage system
US20080313473A1 (en) Method and surveillance tool for managing security of mass storage devices
US9697372B2 (en) Methods and apparatuses for securing tethered data
US11163892B2 (en) Buffering data until encrypted destination is unlocked
CN110855429A (en) Software key protection method based on TPM
US8738531B1 (en) Cryptographic distributed storage system and method
US11283600B2 (en) Symmetrically encrypt a master passphrase key
US20090077377A1 (en) System and method of protecting content of an electronic file for sending and receiving
GB2469141A (en) Protecting data from unauthorised access using one-time pad stored on removable storage device
Halcrow Demands, solutions, and improvements for Linux filesystem security
KR20200082187A (en) Secure usb dongle for usb memory without security
CA2563144C (en) System and method for file encryption and decryption
JP4899196B2 (en) Data management system, terminal computer, management computer, data management method and program thereof

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)