Comparison of methods of encryption on the storage media
Because of increasing number of theft of data in digital format (USB devices, laptops, etc.), protection of data on computer and external storage devices has become a priority for many companies which are using the confidential and sensitive information in daily operations. Although today there are many free and commercial solutions for data protection on computers and other storage medias, many companies are still not familiar with the possibilities and advantages that they offer, or the risks that brings the potential theft of confidential information.
Because of listed reasons, Nobium made a brief overview of software solutions for encrypting data in storage media. Between many possibilities that these tools offer, we singled out those that are proved to be the most useful and most necessary in practice. In addition, there is a comparison of support for most common operating systems and different levels of data encryption for selected tools.
Table 1 shows a comparison of the tools by the possibilities that they provide to its users. Although those are not all the features that most tools on the market certainly have, they are the most important and significantly facilitate the use of this type of protection.
Options were compared in the table are:
- Encrypting system partitions
Most programs have the possibility of encrypting the partition where the operating system is installed. - Hidden operating system
This option allows deniable encryption. It is about creating a hidden encrypted partition that can’t be detected by attacker. This hidden partition can be activated by typing a special code when you create a certain one. - Support for TPM devices
Some software solutions support the ability to use the so-called TPM (Eng. Trusted Platform Module) chip. This is a special cryptographic processor that is used to accelerate the process of encryption. - Hardware acceleration
Some of the software on the market allows using of special cards to speed up the process of encryption. - Support for multiple keys
Encrypting data using multiple keys allows using of master key for administrators. - External Authentication
Some software packages support the possibility of authentication with other applications. - Two factors authentication
The ability to use two-factor authentication is quite important. It is usually the use of various security tokens for user authentication.
* only on Windows OS
Table 1. Comparison of services
As already mentioned, except by its capabilities, tools for encrypting data were compared by the support for various operating systems (Table 2) and the level of encryption of data (Table 3).
Possible level of data encryptions are:
- Full disk
Encrypt the entire physical disk. - Partition
Encrypt individual partitions on the physical disk. - File
The possibility of encryption of individuals file. - Swap file
The possibility of encryption of swap files ("pagefile" in Windows). - Hibernate
Encryption of file that contain information from working memory during computer hibernation.
* only on Windows OS
Table 2. Comparison of support for operation systems
* only on Windows OS
Table 3. Comparison of encryption of encryption of data encryption level