U.S. Gov't To Use Full Disk Encryption On All Computers

To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers. "On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."

Re:Why Full-Disk??

[oohshiny]

Why full disk encryption and not just the home directory??

Because software frequently puts sensitive data in files outside your home directory.

Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??

Linux supports full disk encryption. If OS X doesn't, well, it should, since home-directory-only encryption is not particularly secure.

List as Text

[Anonymous Coward]

Apptis, Inc.
AT&T
AT&T Government Solutions
Betis Group, Inc.
CDWG
CipherOptics Corporation
CREDANT Technologies
David E. Sherrill & Associates
Decru, Inc.
Dell Inc.
Encryption Solutions, Inc.
EWA
General Dynamics
Green Hills
GuardianEdge Technologies
Halliburton Data Security
Harris Corporation
I.D. Rank
immixGroup
infoLock Technologies
Information Security Corporation (ISC)
Ingrian Networks, Inc.
Intelligent Decisions, Inc.
Kanguru Solutions
L-3 Communications
Liquid Machines
Mary Fuller & Associates, LLC
McAfee, Inc.
Meganet Corporation
Merlin International, Inc.
Microsoft Corporation
MITA Group
Mobile Armor
NetApp
Onix Networking Corp.
Plans, Programs & Policy (P3) Consulting LLC.
PointSec Mobile Technologies
Progeny Systems Corporation
Rocky Mountain Ram
SafeNet
SCO
Seagate Technology
SolCent Corporation\
Sprint Nextel
SPYRUS, Inc
Sybase, Inc.
TECHSOFT, Inc
Telos,
Trust Digital,
ViaSat
Vormetric, Inc.
Wave Systems Corp,
Zelinger Associates, Inc.

Re:Why Full-Disk??

[spellraiser]

Are they just concentrating on a Windows-only solution that will lock out OS X and Linux??

From the requirements:

SUPPORTED OPERATING SYSTEM, HARDWARE, FIRMWARE (NOTE: Vendors must support one or more of the following operating systems and it is important if you support multiple)

Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows XP
Microsoft Windows Vista
Sun Open Solaris
Mac OS X
Windows Mobile 5.0
Windows CE
RIM/Blackberry
Palm
Symbian
Linux to include Red Hat, SuSE

Truth be told, this doesn't really say that much ... 'It is important if you support multiple' - what does that mean?

NOT US Government

[Anonymous Coward]

Go to http://www.fbo.gov/ [fbo.gov] and search for FA877107R0001

US Air Force

Agency: Department of the Air Force
Office: Air Force Materiel Command
Location: ESC - Electronic Systems Center

Re:Don't lose your pass-key

[Frosty Piss]

In order to prevent the loss of pass-keys to these machines (and the resulting loss of important information,) users will be required to keep a copy of the pass-key taped to the bottom of their computers.

The Air Force currently requires ( in addition to the use of a "Smart Card" plugged into the machine to gain access ) a 15 char password consisting of 3 caps, 3 lower, 3 numbers, and 3 special char ( the rest is up to the user ), no proper names, dictionary words, more than 3 letters or numbers in sequence ( back or forward ), must not be the same or simular to your last 25 passwords, and you must change it every 90 days.

The net result is that most people are writing it down and storing it in some easy to access place. Previously, we had an 8 char pass that required 2 caps, 2 lower, 2 special, 2 numbers... It was short enough that you could actually remember it.

We've been doing this for 5+ years now

[Terje Mathisen]

I work for a multinational corporation with more than 10 K laptops, we decided to use full disk encryption more than 5 years ago.

At that time we found just 5 vendors who were qualified to deliver (after an initial pre-qualification round), and we invited them all to a specially setup testing lab: Of these 5 vendors, 3 were selling pure snake oil (encrypt the partition table and/or root directory only), it took less than 5 minutes to break into each of these.

Nr 4 seemed a lot better, but after 20 minutes work I found the crucial 'compare password, JE decrypt' sequence in the driver, and we were in. :-(

Only the final entry (from a german company) had understood how you design a product like this:

First you encrypt, using your preferred symmetric key algorithm (AES-256 these days?), all sectors on the disk. You use some form of hash of the logical sector number as a salt when encrypting, this makes each block unique, even those that contain the same 'FDFDFDFD' freshly formatted pattern. The key you use for this is the master disk key, it is a random number generated during installation.

Next you make a small table, with room for at least two entries: User and admin.

The user entry can be modified as often as you like (we default to slightly less than once/month), while the admin key/password is constant, but unique to this particular PC.

Each password (user/admin) is used as the key when encrypting the master key, which means that there is no way, even for the crypto architect, to recover the master key without knowing at least one of these passwords. (The passwords are never stored anywhere on the disk of course!)

The admin key/password is saved both as a printout and on disk on a secure system (without any form of network connection), so that you can use it each time a user manages to forget his/her user disk password.

There are lots of nice to have features as well, one of the more important is the ability to use a challenge/response setup to safely regenerate a user password remotely, without ever having to transmit the relevant admin key. This does require some kind of side channel to verify the identity of the user who owns the particular laptop: We use a combination of RSA's SecureID cards and the user's cell phone for this (each user has such a card to be able to use the corporate VPN connection which requires strong authentication).

Terje

Re:Eh.

[throx]

In this era of high bandwidth connections and VPN, why can't the data be accessed from home or via laptop without it existing physically on the hard drive?

Because not every government employee has access to high bandwidth connections, especially if they are stationed outside the US. Disconnected operation is essential.

Re:This is a no brainer!!! Try these:

[Lawrence_Bird]

I have been using this on my laptop; its free and seems to work well with no noticable
loss of speed.

http://www.freeotfe.org/docs/index.htm

Re:But why?

[WED Fan]

And, you'd be the first one to cry to the f*&king heavens as soon as the Government let YOUR secrets out in the open. Or when a government, controlled by a political party other than your chosen favorite, screwed up in a major way when Intelligence is released into the wild.

Find a government on the planet that does as you desire, I'll show you mythology. Only those seeking the downfall of a political system, or governing body require that body to release all its secrets. When that body is your government, then you meet the definition of "Traitor".

Whether controlled by Republicans, Democrats, Libertarians (mythological political party), The Raving Loons of Parump, the government must keep secrets and protect select information from release until such a time that its release is no longer a harm to the citizens and country.

Re:Why Full-Disk??

[Fred_A]

In most orgs nowadays users no longer have admin rights on their machines and therefore cannot write outside of their $HOME (or whatever it's called in Windows). Granted there are still lots of places where this basic security policy isn't implemented but they are thankfully fewer every day (although their number will likely never drop to zero).

However as other contributors rightly pointed out, /tmp and the swap file(s) are two problematic areas that should be addressed by a comprehensive cryptographic solution. I wouldn't be surprised if several Windows products neglected to encrypt those.

Re:Eh.

[CohibaVancouver]

Why would government people need to be dragging this stuff home on their laptops anyway?

It's not 'dragging this stuff home', it's people who go out in the field to do their job - One simple example is FEMA. When they go to a disaster they take along thousands of laptops in order to register people who need aid. There isn't a LAN they can "SSH into" and they can't phone this stuff in. Another example might be the IRS who would visit individuals and businesses to perform audits.... The list goes on.

Re:I predict

[Anonymous Coward]

I predict the government will lose more data this way than when storing data unencrypted. And, when they lose it this way, they won't be able to get it back. At least when they lose a stolen laptop and get it back, they usually still get their data.

Anything important that originates from the laptop should already be backed up, and anything else can be retrieved from another source.

And, stealing laptops isn't how people are trying to steal data from the government... stealing laptops is how people are trying to steal laptops. Those going after government data have better ways to approach it than stealing laptops.

But they still get the sensitive data when they steal the laptops. This isn't aimed at stopping enemy agents, it is aimed at accidental loss of sensitive data, which can be just as damaging and even more embarrassing.

Re:But if users don't run as Administrators

[Anonymous Coward]

If users don't run as administrators this can't happen.

Wrong. Swap, /tmp, and /usr/tmp all contain user data, as does /var and other locations used by system daemons.

And I don't know of any Linux app that puts stuff outside home...

That's merely a testament to your ignorance.

and only a few Macs app do

The Mac is no different in that regard from UNIX.

(and none should)

They don't have a choice; it's part of normal operations. It happens even if they don't explicitly open any files themselves.

Re:Don't lose your pass-key

[Cthefuture]

Even better is to physically store it on something like a smartcard. Even with a simple 4 digit PIN it offers substantial security over plaintext. Then the card can authenticate the user using extremely complex methods if desired (PKI or very long/complex passwords). Plus it can store authentication for multiple systems easily.

Then you have decent physical security as well. Don't get me wrong, it's not perfect but it is still very effective.

Re:unpopular data/facts, not "personal data"

[Martin Blank]

Among the requirements is "For FDE, allows multiple users of same laptop or device using DoD CAC for boot authentication by each user," "Allows administrators to provide remote assistance to users who are locked out, and "Allows for decryption and uninstallation of encryption solution by a system administrator only." This means that every device will have multiple keys protecting the data (a user key and an administrative key at the very least) to allow the data to be retrieved. Otherwise, the government could not pursue its own employees in the situation where it needs to develop a case such as espionage.

Re:start your own company

[tayhimself]

Seriously though, google Terje Mathisen before mouthing off about who he works for or what he should do with his life. He is an extremely highly regarded authority on computer architecture and program optimization. Hell, his name was one of the first that John Carmack thought of when asked about the fdiv() function in Quake. Check comp.arch for more...