1.0 FILE AND DISK ENCRYPTION GUIDELINES 1.1 Introduction This guideline was developed to support the CSU Polices, government regulations and audit compliance. This guideline provides support for the identification and implementation of encryption solutions for assets that have been determined to process Protected Level 1 data. 1.2 Purpose The following encryption implementation guideline is designed to supplement the CSU Policy and CSU draft standards which address encryption requirements for Protected Level 1 information in transit and in storage. Protected Level 1 information is particularly vulnerable to identity theft. Additional responsibilities for safeguarding Protected Level 1 information are imposed by law and policy due to the need to protect privacy and reduce risk and liability to the University. While units have been encouraged to eliminate unnecessary electronic storage of Protected Level 1 information, the need to protect Protected Level 1 information required to conduct University business still remains. Encryption can be used to protect Level 1 Information stored on devices in case of loss, theft, or compromise. 1.3 Scope This guideline applies to all users (e.g., executives, managers, faculty, staff, students, guests, business partners, all auxiliaries and others) of CSU or campus data, computer networks, equipment, or computing resources who process, transmit, or handle Protected Level 1 information in a physical or electronic format. This includes servers, workstations, laptops, tablets, phones or any other device which stores Protected Level 1 information. Page 1 of 10 2.0 ENCRYPTION STANDARDS A campus unit or association that uses encryption will need to have the permission of the Data Owner before deploying the encryption. The Data Owner will need to work with the Data Custodians and or Users to ensure procedures are in place for key management and secure key recoverability by the University. No single solution for encrypting stored data can address the University’s diverse computing environments and requirements. This guideline recommends a variety of encryption tools and practices following review and trial of a number of open-source and commercial tools. Native, Open Source, and proprietary options should all be considered when looking for an appropriate solution. Two types of encryption solutions are generally available: file encryption (referred to as “folder encryption” when a folder is encrypted) and full disk encryption. With file or folder encryption, the file or folder is encrypted and users must be sure to save Protected Level 1 information in the encrypted file or folder. Full disk encryption protects the entire hard drive, including the operating system. As the name suggests, the entire drive is encrypted and the user unlocks the decryption key before the operating system boots. 2.1 Recommended Standards Determine the computing environment so that the method of encryption that is needed for the environment can be deployed. The following standards are recommended for the corresponding environments: a. File encryption for desktops that remain on all the time. b. File or full disk encryption for desktops that are powered down at the end of the work session or day. c. File encryption for servers, including shared folders. d. Full disk encryption for mobile devices (e.g., laptops, PDAs, tablet PCs and smart phones), storage media (e.g., flash drives), and media for which adequate physical security cannot be guaranteed. e. Full disk encryption or native database software features for database servers. f. 2.2 Compatible encryption for dual boot systems and shared folders. Various Encryption Needs A unit may elect to implement any number of these to meet its varied needs. For example, a unit may select: a. BitLocker for laptops and desktops with a Windows Vista Ultimate or Enterprise operating system. b. TrueCrypt for full drive encryption of any Windows laptops with operating systems other than Windows Vista Ultimate or Enterprise, and Linux laptops. Page 2 of 10 c. TrueCrypt for file encryption of any Windows desktops with operating systems other than Windows Vista Ultimate or Enterprise, Linux desktops, and flash drives. d. FileVault for Macintosh systems. Note: Consideration should also be given to key management and data recovery options. See “Key Management Plans” below. Information specific to each of the solutions is presented below. 2.3 Recommended File/Folder Encryption Solutions and their Requirements With file or folder encryption, the user creates an encrypted file or a folder or disk partition where the user must store the data to be encrypted. 2.3.1 TrueCrypt TrueCrypt is a free, open-source software application that creates encrypted disk image files, similar to FileVault for Macintosh (see below). It uses on-the-fly encryption, meaning that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. It is not transparent to the user, who must mount the drive by entering a password. Training and support are highly recommended for users of TrueCrypt. A Beginner’s Tutorial is available on the TrueCrypt website. All versions are inter-compatible so that encrypted devices can be used between different platforms. The following operating systems (among others) are not supported: Windows 2003 IA-64, Windows 2008 IA-64, Windows XP IA-64, and Windows 95/98/ME/NT. Additional TrueCrypt considerations are below: Some Windows functions require administrator privileges (see http://www.truecrypt.org/docs/?s=version-history). For Linux, installation packages are available for OpenSUSE and Ubuntu distributions, but not for Fedora. TrueCrypt is particularly useful for encrypting removable media such as removable flash drives (see the Flash Drive Encryption Procedure). It will function on a dual boot system. More information: http://www.truecrypt.org System requirements for installation of TrueCrypt are detailed below: Windows 7 Windows 7 x64 (64-bit) Edition Windows Vista Windows Vista x64 (64-bit) Edition Page 3 of 10 Note: Windows XP Windows XP x64 (64-bit) Edition Windows Server 2008 Windows Server 2008 x64 (64-bit) Windows Server 2003 Windows Server 2003 x64 (64-bit) Windows 2000 Mac OS X 10.4 Tiger Mac OS X 10.5 Leopard Linux (kernel 2.4, 2.6 or compatible) Consideration should also be given to key management and data recovery options. See “Key Management Configuration Guidelines” below. Information specific to each of the solutions is presented below. 2.3.2 Windows Encrypting File System (EFS) Encrypting File System (EFS) encrypts files and folders stored on local computers. EFS uses encryption/decryption keys associated with the Windows user accounts. As a result, only the user keys used to encrypt the data are able to decrypt it again. A user must have a valid X.509 certificate to encrypt files and folders with EFS. EFS looks in the user’s personal certificate store for an EFS certificate. If it does not find one, it attempts to enroll the user for an EFS certificate with a Windows certification authority. If the user is not using a domain account or if EFS is unable to request a certificate through a certification authority, EFS generates a self-signed certificate. Additional Encryption File System considerations are below: Securing EFS depends on selecting a strong password for the Windows login account. The login account holder establishing the EFS folder can permit other login accounts to access the encrypted folder. Access to encrypted data may be lost if passwords for local Windows login accounts are changed. Traveling users of Active Directory generated encryption keys may lose access to encrypted data as cached credentials go stale or passwords are changed and the computer cannot authenticate to the Active Directory domain. If a user encrypts data using EFS and loses the key, the data cannot be recovered, so EFS should not be used for encrypting the only copy of critical University data without a key management plan. Page 4 of 10 Securing EFS depends on selecting a strong password for the Windows login account. The login account holder establishing the EFS folder can permit other login accounts to access the encrypted folder. Additional EFS resources http://technet.microsoft.com/en_us/library/bb457065.aspx http://technet.microsoft.com/en_us/library/bb457116.aspx Note: Consideration should also be given to key management and data recovery options. See “Key Management Plans” below. Information specific to each of the solutions is presented below. 2.3.3 FileVault for Macintosh FileVault is built in to Mac OS X. Unlike EFS, which encrypts individual files and folders, FileVault creates a single encrypted disk image file containing the user’s home directory. This disk image is mounted as the user logs in, allowing only that user access to the decrypted data. Additional TrueCrypt considerations are below: The user cannot select which parts of the disk to encrypt with FileVault. Only the entire home directories can be encrypted. The user cannot encrypt the whole disk. Specific files or folders cannot be encrypted using FileVault, although its underlying encrypted disk image technology can be used for this purpose via Apple's Disk Utility Application, included in the standard installation of OS X. The user must be an administrator on the computer, or obtain assistance from an administrator help, to set up FileVault and turn on FileVault for the computer’s home folder. A user who has forgotten both a login password and a FileVault master password will not be able to log in to the user’s account and access encrypted data. FileVault should not be used for the only copy of critical university data without a key management plan because of the risk of losing the key. Additional resources for FileVault http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1906.html System requirements for installation of FileVault are detailed below: Note: Operating System Required: Mac OS X v. 10.3 and later. Consideration should also be given to key management and data recovery options. See “Key Management Plans” below. Information specific to each of the solutions is presented below. Page 5 of 10 2.4 Recommended Full Disk Encryption Solutions and their Requirements Full disk or Whole disk encryption protects the entire hard drive, including the operating system. The entire drive is encrypted and the decryption key is unlocked by the user before the operating system boots. Because the whole disk is encrypted, users do not need to save Level 1 or confidential data in an encrypted file or folder in order to ensure that the data is protected. 2.4.1 Windows BitLocker BitLocker Drive Encryption is a whole disk encryption feature included as part of the Enterprise and Ultimate editions of the Windows Vista, Windows 7 operating system and of the Windows Server 2008 operating system. BitLocker encryption may be implemented by selecting one of three different configurations. Two of the configurations require a cryptographic hardware chip called a Trusted Platform Module (TPM). The third configuration does not require the TPM. A Trusted Platform Module (TPM) is a microchip that is built into a computer. It is used to store cryptographic information, such as encryption keys. Information stored on the TPM can be more secure from external software attacks and physical theft. The three different configurations are detailed below: 1. Transparent Operation Mode: With this mode, the TPM chip enables the user to log onto Windows Vista as usual. 2. User Authentication Mode: This mode requires the user to provide some authentication—either a PIN entered by the user or a USB key inserted by the user during boot—before being able to boot the operating system. This mode requires a TPM chip. 3. USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected operating system. The BIOS must be able to read USB devices in the environment from which the operating system boots. Additional BitLocker considerations are below: For BitLocker to operate, the hard disk must have at least two NTFS-formatted volumes, one for the operating system (usually C:) and another with a minimum size of 1.5GB, from which the Page 6 of 10 operating system boots. BitLocker requires the boot volume to remain unencrypted, so the boot volume should not be used to store confidential university data or personal information. BitLocker is sensitive to hardware changes, so that a user who swaps a CD or DVD drive for an extra battery will require the access key to unlock the system when the user attempts to reboot the system. EFS may be used in conjunction with BitLocker to secure data once the operating system kernel has been loaded. Because BitLocker decrypts on-disk files before the operating system has loaded, all file operations from the perspective of the operating system will precede as if there is no encryption on the files being accessed by the operating system. Files within the operating system can only be protected using encryption software that operates within Windows, such as EFS. No passphrase recovery is available. BitLocker should not be used to encrypt the only copy of critical data without a key management plan. See “Key Management Plans” below. Additional resources for BitLocker: http://technet.microsoft.com/en-us/windows/aa905065.aspx System requirements for installation of Windows BitLocker are detailed below: 2.5 Windows 7 Enterprise Edition Windows 7 Ultimate Edition Windows Vista Enterprise Edition Windows Vista Ultimate Edition Windows Server 2008 TrueCrypt TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. TrueCrypt offers full disk encryption with pre-boot authentication for Windows in addition to its file/folder encryption capability. TrueCrypt encrypts an entire partition or storage device such as USB flash drive or hard drive. Additional TrueCrypt considerations are below: In full drive encryption mode, no passphrase recovery is available. TrueCrypt should not be used to encrypt the only copy of critical data without a secure retrieval key management plan. Page 7 of 10 Some users have experienced difficulty in creating a copy of the restore disk. With no method to skip the process, and no work-around to simply check the rescue disk image against what it expects, the user may find it difficult to move past the CD/DVD check screen. Additional resources for TrueCrypt: See above section 4.2.1 TrueCrypt. System requirements for installation of TrueCrypt are detailed below: 2.6 Windows 7 Windows 7 x64 (64-bit) Windows Vista Windows Vista x64 (64-bit) Edition Windows XP Windows XP x64 (64-bit) Edition Windows Server 2008 Windows Server 2008 x64 (64-bit) Windows Server 2003 Windows Server 2003 x64 (64-bit) Windows 2000 Key Management Configurations Guidelines Many Universities may currently have no central infrastructure which supports the sharing of keys. If your unit does not have this infrastructure, consideration needs to be given to these general and solution-specific guidelines for key management and data recovery: Copying keys and recovery files to offline media and storing the media in a physically secure location (such as a safe or locked cabinet) known and accessible to more than one authorized person with a right to know. Recording passphrases on paper, placing the paper in a sealed envelope and securely storing the envelope in a physically secure location or with a supervisor. Configuring Windows computers using EFS to allow access by a second login account. Encrypting data using a “chain” of multiple EFS keys, giving more than one individual the ability to decrypt data. Setting up and sharing with a supervisor a master password for FileVault or for TrueCrypt as a centrally managed, standalone encrypted volume. Page 8 of 10 2.6.1 For BitLocker, producing the optional recovery key (or mandating recovery keys with Group Policy) and sending it to a supervisor or printing it and storing it in a secure location. Unit Specific Key Management Guidelines Units must document, communicate and test procedures for management of keys and recovery of data if passwords are forgotten, encryption keys are lost or unavailable, or keys or passwords are compromised. An encryption key management plan should: Ensure data can be decrypted when access to data is necessary, by requiring implementation of backup and other strategies—such as key escrow or recovery agents—to enable decryption, and should include strategies for changes to passwords Address handling of a compromise or suspected compromise of encryption keys, including actions to be taken in the event of a compromise with respect to system software and hardware, reissuance of private keys and re-encryption of data Address the destruction or revocation of encryption keys that are no longer in use (such as when the user has left the University) or that are not associated with a key management program. Ensure that IT staff can obtain access to supported computers when the users are not present. It is the responsibility of management, supervisors and employees to ensure that all access passwords have been deactivated and all University data has been returned when an employee leaves the University’s employment. Note: Contact the Virtual Information Security Center immediately at visc@calstate.edu if a computer storing encryption keys for personal information is compromised. In those circumstances, the system should be examined to determine whether the personal information or the encryption keys were accessed by an unauthorized party. In addition, the key must be revoked or destroyed and a new key generated. 2.6.2 Recovering and Preserving Encrypted Data Recovering encrypted data requires the use of a key, or corresponding key pair, used to encrypt the data. The key is often unlocked with a password or passphrase. Managing encryption for stored data is complicated by the need to preserve security of the key. When an unauthorized party obtains an encryption key and the password required to unlock it, that party can gain access to all data accessible by that key. As a result, prevention of unauthorized access to encryption keys and passwords is of utmost importance. Setting strong passwords or passphrases and periodically changing passwords and keys is crucial. Page 9 of 10 Note: If a key is lost or a password is forgotten, the encrypted data is permanently lost because it can never be decrypted. Any key management plan needs to address the risk of unintentional data loss, consistent backup and secure encryption key management practices. 3.0 DEFINITIONS All definitions from the Integrated CSU Administrative Manual glossary (http://www.calstate.edu/icsuam/glossary/) are incorporated here by reference. 4.0 REFERENCES Appendix A: Northridge 2007 Hard Disk Encryption Solution Survey California State University, System-wide Information Security Policy Senate Bill 1386 SEC. 2 Section 1798.29 Audit Reference: Procedures for the encryption of application databases and network transmissions. Page 10 of 10