Time and again, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: Encryption. As President Obama put it earlier this year, speaking in between his administration’s attacks on encryption, “There’s no scenario in which we don’t want really strong encryption.” Even after helping expose all the ways the government can get its hands on your data, NSA whistleblower Edward Snowden still maintained, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
But how can ordinary people get started using encryption? Encryption comes in many forms and is used at many different stages in the handling of digital information (you’re using it right now, perhaps without even realizing it, because your connection to this website is encrypted). When you’re trying to protect your privacy, it’s totally unclear how, exactly, to start using encryption. One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. Full disk encryption not only provides the type of strong encryption Snowden and Obama reference, but it’s built-in to all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.
If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.
If you’re in a hurry, go ahead and skip to the bottom, where I explain, step-by-step, how to encrypt your disk for Windows, Mac OS X, and Linux. Then, when you have time, come back and read the important caveats preceding those instructions.
What disk encryption guards against
If someone gets physical access to your computer and you aren’t using disk encryption, they can very easily steal all of your files.
It doesn’t matter if you have a good password because the attacker can simply boot to a new operating system off of a USB stick, bypassing your password, to look at your files. Or they can remove your hard disk and put it in a different computer to gain access. All they need is a screwdriver, a second computer, and a $10 USB enclosure.
Computers have become an extension of our lives and private information continually piles up on our hard disks. Your computer probably contains work documents, photos and videos, password databases, web browser histories, and other scattered bits of information that doesn’t belong to anyone but you. Everyone should be running full-disk encryption on their laptops.
Encrypting your disk will protect you and your data in case your laptop falls into the wrong hands, whether because you accidentally left it somewhere, because your home or office was burglarized, or because it was seized by government agents at home or abroad.
It’s worth noting that no one has privacy rights when crossing borders. Even if you’re a U.S. citizen entering the United States, your Constitutional rights do not apply at the border, and border agents reserve the right to copy all of the files off of your computer or phone if they choose to. This is also true in Canada, and in other countries around the world. If you plan on traveling with electronic devices, disk encryption is the only way you have a chance at protecting your data if border agents insist on searching you. In some situations it might be in your best interest to cooperate and unlock your device, but in others it might not. Without disk encryption, the choice is made for you: the border agents get all your data.
What disk encryption is useless against
There’s a common misconception that encrypting your hard disk makes your computer secure, but this isn’t entirely true. In fact, disk encryption is only useful against attackers that have physical access to your computer. It doesn’t make your computer any harder to attack over a network.
All of the common ways people get hacked still apply. Attackers can still trick you into installing malware. You can still visit malicious websites that exploit bugs in Flash, or in your web browser, or in your operating system’s font or image rendering engines, or countless other ways. When you visit benevolent websites, network attackers can still secretly make them malicious by modifying them in transit. Attackers can still exploit services running on your computer, such as network file sharing, iTunes playlist sharing, or your BitTorrent client, to name a few.
And of course, disk encryption doesn’t do anything to stop internet surveillance. Spy agencies like NSA, who tap into the fiber optic cables that make up the backbone of the internet, will still be able to spy on nearly everything you do online. An entirely different category of encryption is needed to fix that systemic problem.
The different ways you can get hacked or surveilled are too numerous to list in full. In future posts I’ll explain how to reduce the size of your probably-vast attack surface. But for now it’s important to know that disk encryption only protects against a single flavor of attack: physical access.
How it works
The goal of disk encryption is to make it so that if someone who isn’t you has access to your computer they won’t be able to access any of your files, but instead will only see scrambled, useless ciphertext.
Most disk encryption works like this. When you first power your computer on, before your operating system can even boot up, you must unlock your disk by supplying the correct encryption key. The files that make up your operating system are on your encrypted disk, after all, so there’s no way for your computer to work with them until the disk is unlocked.
In most cases, typing your passphrase doesn’t unlock the whole disk, it unlocks an encryption key, which in turn unlocks everything on the disk. This indirection allows you to change your passphrase without having to re-encrypt your disk with a new key, and also makes it possible to have multiple passphrases that can unlock the disk, for example if you add another user account to your laptop.
This means that your disk encryption passphrase is potentially one of the weakest security links. If your passphrase is “letmein”, a competent attacker will get past your disk encryption immediately. But if you use a properly generated high-entropy passphrase like “runge wall brave punch tick zesty pier”, it’s likely that no attacker, not even the NSA or Chinese intelligence, will ever be able to guess it.
You have to be extremely careful with strong disk encryption that can only be unlocked with a passphrase you’ve memorized. If you forget the passphrase, you get locked out of your own computer, losing your data forever. No data recovery service can help you, and if you give your machine to the FBI they won’t be able to access your files either. Because that’s kind of the point of disk encryption.
Once your computer is on and you’ve entered your passphrase, your disk encryption is completely transparent to you and to the applications on your computer. Files open and close as they normally would, and programs work just as they would on an unencrypted machine. You won’t notice any performance impact.
This means, however, that when your computer is powered on and unlocked, whomever is sitting at it has access to all your files and data, unencumbered by encryption. So if you want your disk encryption to work to its full potential, you need to lock your screen when your computer is going to be on while you’re away, and, for those times when you forget to lock it, to set it to lock automatically after, say, 10 minutes of idling.
It’s also important that you don’t have any other users on your system that have weak passwords or no passwords, and that you disable the guest account. If someone grabs your laptop, you don’t want them to be able to login at all.
Attacks against disk encryption
There are a few attacks against disk encryption that are tricky to defend against. Here are some precautions you can take.
Power off your computer completely (don’t just suspend it) when you think it’s at risk of falling into someone else’s hands, like right before going through customs when entering a new country. This defends against memory-based attacks.
Computers have temporary storage called RAM (otherwise known as memory) which you can think of as scratch paper for all of your software. When your computer is powered on, your software is constantly writing to and deleting from parts of your RAM. If you use disk encryption, as soon as you successfully unlock your encrypted disk the encryption key is stored in RAM until you power your computer off. It needs to be—otherwise there would be no way to encrypt and decrypt files on the fly as you use your computer.
But unfortunately, laptops have ports that have direct memory access, or DMA, including FireWire, USB, and others. If an attacker has access to your computer and your disk is unlocked (this is true even if your laptop is suspended), they can simply plug a malicious device into your computer to be able to manipulate your RAM. This could include directly reading your encryption keys or injecting commands into your operating system, such as closing the screen lock program. There is open source software called Inception that does just this using a FireWire cable and a second laptop, and there’s plenty of commercial hardware available too, like this one, or this one. It’s worth noting that new versions of Mac OS X uses a cool virtualization technology called VT-d to thwart this type of DMA attack.
But there are other ways for an attacker to learn what’s in your RAM. When you power your computer off, everything in RAM fades into nothingness. But this doesn’t happen immediately; it takes a few minutes, and an attacker can make it take even longer by physically freezing the RAM. An attacker with physical access to your powered-on computer can use a screwdriver to open the case of your computer and then use an upside-down can of compressed air to freeze your RAM (as in the image above). Then they can quickly cut the power to your computer, unplug your RAM, plug the RAM into a different computer, and dump all of the data from RAM to a disk. By sifting through that data, they can find a copy of your encryption key, which can then be used to decrypt all of the files on your hard disk. This is called the cold boot attack, and you can see a video of it in action here.
The key takeaway is that while your encrypted disk is unlocked, disk encryption doesn’t fully protect your data. Because of this, you may consider closing all your work and completely shutting down your computer at the end of the day rather than just suspending it.
It’s also important to make sure your laptop is always physically secure so that only people you trust ever have access to it. You should consider carrying your laptop with you wherever you go, as inconvenient as that may be, if your data is extremely important to you. When traveling, bring it with you in a carry-on bag instead of checking it in your luggage, and carry it with you rather than leaving it in a hotel room. Keep it with a trusted friend or locked in a safe when you can’t babysit it yourself.
This is all to defend against a different type of disk encryption attack known, in somewhat archaic language, as the “evil maid” attack. People often leave their laptops in their hotel room while traveling, and all it takes is one hotel housekeeper/elite hacker to foil your disk encryption.
Even when you use full disk encryption you normally don’t encrypt 100% of your disk. There’s a tiny part of it that remains in plaintext. The program that runs as soon as you power on your computer, that asks you to type in your passphrase and unlocks your encrypted disk, isn’t encrypted itself. An attacker with physical access to your computer could modify that program on the tiny part of your disk that isn’t encrypted to secretly do something malicious, like wait for you to type your passphrase and then install malware in your operating system as soon as you successfully unlock the disk.
Microsoft BitLocker does some cool tricks to make software-based evil maid attacks considerably harder by storing your encryption key in a special tamper-resistant chip in your computer called a Trusted Platform Module, or TPM. It’s designed to only release your encryption key after confirming that your bootloader hasn’t been modified to be malicious, thwarting evil maid attacks. Of course, there are other attacks against TPMs. Last month The Intercept published a document about the CIA’s research into stealing keys from TPMs, with the explicit aim of attacking BitLocker. They have successfully done it, both by monitoring electricity usage of a computer while the TPM is being used and by “measuring electromagnetic signals emanating from the TPM while it remains on the motherboard.”
You can set up your Linux laptop to always boot off of a USB stick that you carry around with you, which also mitigates against evil maid attacks (in this case, 100% of your disk actually is encrypted, and you carry the tiny unencrypted part around with you). But attackers with temporary access to your laptop can do more than modify your boot code. They could install a hardware keylogger, for example, that you would have no way of knowing is in your computer.
The important thing about evil maid attacks is that they work by tampering with a computer without the owner’s knowledge, but they still rely on the legitimate user to unlock the encrypted disk. If someone steals your laptop they can’t do an evil maid attack against you. Rather than stealing it, the attacker needs to secretly tamper with it and return it to you without raising your suspicions.
You can try using bleeding-edge tamper-evidence technology such as glitter nail polish to detect if someone has tampered with your computer. This is quite difficult to do in practice. If you have reason to believe that someone might have maliciously tampered with your computer, don’t type your passphrase into it.
Defending against these attacks might sound intimidating, but the good news is that most people don’t need to worry about it. It all depends on your threat model, which basically is an assessment of your situation to determine how paranoid you really need to be. Only the most high-risk users need to worry about memory-dumping or evil maid attacks. The rest of you can simply turn on disk encryption and forget about it.
What about TrueCrypt?
TrueCrypt is popular disk encryption software used by millions of people. In May of 2014, the security community went into shock when the software’s anonymous developers shut down the project, replacing the homepage with a warning that, “Using TrueCrypt is not secure as it may contain unfixed security issues.”
TrueCrypt recently underwent a thorough security audit showing that it doesn’t have any backdoors or major security issues. Despite this, I don’t recommend that people use TrueCrypt simply because it isn’t maintained anymore. As soon as a security bug is discovered in TrueCrypt (all software contains bugs), it will never get fixed. You’re safer using actively developed encryption software.
How to encrypt your disk in Windows
BitLocker, which is Microsoft’s disk encryption technology, is only included in the Ultimate, Enterprise, and Pro versions of Windows Vista, 7, 8, and 8.1, but not the Home version which is what often comes pre-installed on Windows laptops. To see if BitLocker is supported on your version of Windows, open up Windows Explorer, right-click on C drive, and see if you have a “Turn on BitLocker” option (if you see a “Manage BitLocker” option, then congratulations, your disk is already encrypted, though you may want to finish reading this section anyway).