A NOVEL APPROACH TO IMPLEMENT DISK SECURITY USING PARTIAL DISK ENCRYPTION
Anurag Sharma M L Smitha Tarun T Arya Minal Moharir Information Science and Engineering RV College of Engineering

The main objective of the paper is to develop an efficient and cost effective method for
Hard Disk Drive(HDD) Security. The task is implemented using Partial Disk Encryption (PDE) with Advanced Encryption Standards(AES) for data security of Personal Computers(PCS) and Laptops . The focus of this work is to authenticate and protect the content of HDD from illegal use. The proposed method is labeled as DiskTrust. FDE encrypts entire content or a single volume on your disk. Symmetric key uses same key for encryption as well for decryption. DiskTrust uses these two technology to build cost effective solution for small scale applications. Finally, the applicability of these methodologies for HDD security will be evaluated on a set of data files with different key sizes.

KEYWORDS- INFORMATION SECURITY, INTEGRITY,
CONFIDENTIALITY, AUTHENTICATION, ENCRYPTION.

I. INTRODUCTION
In today’s world information security is an important concern for every individual. People spend hundreds of dollars in protecting their data to stay in the competition, and any leakage of crucial data can result in unrecoverable loss. Information security is the most important form of security even before network security, as information stored securely can only be transmitted securely over a network, there by stating the importance of information security over network security. However, along with the convenience and easy access to information come risks. Among them are the risks that valuable information will be lost, stolen, changed, or misused. Disk encryption is a technology which protects information in the disk by converting it into unreadable form that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage by allowing access only to those with matching password. it comes to personal use, we don’t need to use full disk encryption technique where in all unwanted files will be encrypted and this is not cost effective. In Partial Disk Encryption individual files or directories are encrypted by the file system itself. It typically encrypt file system metadata, such as the directory structure, file names, sizes or modification timestamps. The algorithm described by AES is a symmetric-key algorithm. AES is based on a design principle known as a substitution-permutation network. It is fast in both software and hardware.
We aim to create a partition of our main disk and achieve the following information security criteria’s namely, Authentication, Confidentiality, Integrity, Non repudiation, Accessibility. On the fly encryption and decryption will make the system more efficient.

II. Related work

The related survey is divided into two parts. The first part is survey about Partial disk encryption. The second part is survey about advanced encryption standards.
In Partial Disk Encryption individual files or directories are encrypted by the file system itself. It typically encrypt file system metadata, such as the directory structure, file names, sizes or modification timestamps. This can be problematic if the metadata itself needs to be kept confidential. The algorithm described by AES is a symmetric-key algorithm. AES is based on a design principle known as a substitution-permutation network. It is fast in both software and hardware. Unlike its predecessor, DES, AES does not use aFeistel network. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. AES operates on a 4×4 column-major order matrix of bytes, termed the state (versions of Rijndael with a larger block size have additional columns in the state). Most AES calculations are done in a special finite field. The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. Secret key cryptography is used as only a single key is enough for encryption and decryption as it is shared by both the sender and the receiver.
Min Liang and Chao wen Chang (2010 IEEE) described a full disk encryption scheme based on XEN virtual machine which is stored in a security flash disk. XEN is used to encrypt
(decrypt) all the data in hard disk and manage the whole system. Li Jun & Yu Huiping ( 2010 IEEE) introduced the data encryption technologies of encrypting file system (EFS) and traditional full-disk encryption (FDE), and points out the problems of data encryption of EFS and FDE. Combined with the features of trusted platform module (TPM)[6], this paper constructed a trusted full disk encryption (TFDE)[7] based on TPM.
The second part of survey covers implementation of Encryption Algorithms. Many encryption algorithms are widely available and used in information security. They can be categorized into Symmetric (private) and Asymmetric (public) keys encryption. In Symmetric keys encryption or secret key encryption, only one key is used to encrypt and decrypt data. The key should be distributed before transmission between entities. Keys play an important role. If weak key is used in algorithm then every one may decrypt the data. There are many examples of strong and weak keys of cryptography algorithms like RC2, DES, 3DES, RC6, Blowfish, and AES. RC2 uses one 64-bit key . In Asymmetric keys, two keys are used; private and public keys. Public key is used for encryption and private key is used for decryption (E.g. RSA and Digital Signatures). Because users tend to use two keys: public key, which is known to the public and private key which is known only to the user. The proposed thesis uses symmetric key cryptography to implement HDD security.
Jyothi Yenuguvanilanka Omar Elkeelany (2008 IEEE), This paper addressed the performance of Rijndael AES Encryption algorithm of key length 128 bits. Two hardware models based on HDL and IP core are used to evaluate the performance of the algorithm. The encryption time and also the performance metrics such as size, speed and memory utilization are evaluated, using these models.
Dazhong Wang & Xiaoni Li (2009 IEEE) presented the design, implementation and performance of a FIPS – approved cryptographic algorithm – Advanced Encryption Standard (AES), which can be used to protect electronic data.

The Full Disk Encryption encrypts the entire contents of Hard disk Drive. However encryption of the entire HDD is expensive in terms of time and cost. The large scale industries needs this much of tough security, as well they can accommodate big cost. For small industries or institution or personal users the data security is needed for partial data, so need some cost effective security scheme. The Symmetric Key Cryptography(SKC) is best for the security of personal devices as no need to share the key.

III. Proposed Architecture

To develop HDD security technique labeled as DiskTrust. DiskTrust technology uses PDE, creates authorized invisible volume on HD & implements SKC to secure the data stored on secured volume using AES.

The methodology used for the 4 modules of our project is as follows.
• Creation of hidden partition
• Check for Authentication
• Store/ Retrieve
• Encryption/ Decryption

IV AES IMPLEMENTATION

1. Initial Round
_ AddRoundKey: each byte of the state is combined with the round key using bitwise xor
2. Rounds
_ SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table. _ ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
_ MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column
_ AddRoundKey
3. Final Round (no MixColumns)
_ SubBytes
_ ShiftRows
_ AddRoundKey

V SIMULATION & DESIGN

This section describes design and GUI implementation, some of the important results that were found as part of the implementation.

A Implementation of Hidden Volume

List disk
Select disk #
Create partition logical size=*
Assign letter=@
Select volume %
Remove
Exit

• We take in the input from user as to what alphabet must be assigned and the disk on which he/she wants the partition.
• Shrink the disk if the space for new partition is not available as free space.
• Create a new partition of appropriate available size.
• Hide the created partition from view, after allocating the alphabet to it.

B Check for Authentication
First Level Authentication
Case 1: Existing User

The username is entered and a request to generate password is made. The dynamically generated password will be sent to your inbox. Using that password we can sign in to our hidden volume.
Case 2: New User

The registration includes assigning a name to the hidden volume that will be created and the username. The password will be automatically sent to your inbox.

Once we enter the password we can access the hidden volume.
Method: using dynamic password generation.
• We dynamically generate a password of required length using the algorithm; we have developed using random function.
• We send the dynamically generated password to the user through the mail service which the system offers. Mail is sent to the registered email ID.
• Authenticate the user to grant access (If the password entered is matching).

Second Level Authentication

This pattern recognition system helps in providing a secondary authentication system. After passing the first level of authentication, the file can be stored in the partition where it will be encrypted automatically once we choose which algorithm we can use. To view the files in Decrypted form we have to pass through the pattern recognition system and provide the three points that can provide access to the files.

C Encrypt/ Decrypt files using Different Algorithms like AES, DES, Blowfish

This shows the main menu which will be visible when the user successfully Log’s in to the system, wherein he has a choice to select the encryption algorithm.

This is the file before encryption.

This is the file after encryption

For our experiment, we use a laptop with i5 processor and 2.2 GHz of CPU in which performance data is collected. In the experiments, the laptop encrypts a different file size ranges from 10MB to 700 MB. Several performance metrics are collected:
1. Encryption time based on file siz
2. Overall Speed of the algorithm

The encryption time is considered the time that an encryption algorithm takes to produce a cipher text from a plaintext. Encryption time is used to calculate the time taken by an encryption scheme. It process time is the time that a CPU is committed only to the particular process of calculations. It reflects the load of the CPU. The more CPU time is used in the encryption process, the higher is the load of the CPU. The CPU clock cycles are a metric, reflecting the energy consumption of the CPU while operating on encryption operations. Each cycle of CPU will consume a small amount of energy.

VI SIMULATION RESULTS

The performance of of the algorithms AES, Blowfish and DES was recorded for 1MB, 10MB, 175MB, 350MB and 700MB. As expected the time required for encryption increased with increase in size.

Fig 6.1 Performance of algorithm based on file size
The performance of the algorithms was tracked. According to the results, Blowfish with 56 bit key proves to perform slightly better than AES 128 but the margin is negligible. DES with 56 bit key proved to be slower than both AES 128 and Blowfish. This proves that Blowfish and AES 128 are powerful algorithms. Fig 6.2 Performance of algorithm based on speed

VII Conclusion

The project has revolutionized Disk Security by using Partial Disk encryption to protect the data from third parties. AES 128 algorithm used as the encryption/decryption algorithm has been proven to be a very powerful algorithm and to prove this we encrypted a 700 MB video file.
The performance of the Blowfish, AES 128 and DES was measured and found that AES and Blowfish are very fast and powerful algorithms where as DES is much slower in encryption.

Collision Attacks on AES", FDTC 2006, pp.
106-120.
2. J. Blomer and J-P Seifert, "Fault Based
Cryptanalysis of the Advanced Encryption
Standard (AES)", CHESS 2003, pp. 162-181.
3. C.-N. Chen, S.-M. Yen, “Differential Fault
Analysis on AES Key Schedule and Some
Countermeasures”, Australasian Conference on
Information Security and Privacy 2003, LNCS
2727, Springer-Verlag, pp. 118–129.
4. C. Giraud, "DFA on AES”, 4th International
Conference on AES, Springer publisher, pp. 27-
41.
5. C. H. Kim, J.-J. Quisquater, "Faults, Injection
Methods, and Fault Attacks", IEEE Design &
Test of Computers, Nov.-Dec. 2007, Vol.24,
Issue 6, pp.544-545.
6. A. Moradi et al. "A Generalized Method of
Differential Fault Attack Against AES
Cryptosystem ", Cryptographic Hardware and
Embedded Systems - CHES 2006, pp 91-100.
7. G. Piret and J.-J. Quisquater, "A Differential
Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD",
CHES 2003, pp 77-88.
8. FIPS-197 , "Advanced Encryption Standard
(AES)", Federal Information Processing
Standards Publication 197, http://csrc.nist.gov/publications/, November 26,
2001
9. Karri, R.; Wu, K.; Mishra, P. & Kim, Y.,
"Concurrent Error Detection Schemes for Fault-
Based Side-Channel Cryptanalysis of
Symmetric Block Ciphers", IEEE Trans. on
Computer-Aided Design of Integrated Circuits and Systems, Vol. 21, N. 12, December 2002, pp. 1509-1517.
10. Maistri, P.; Vanhauwaert, P. & Leveugle,
R., "A Novel Double-Data- Rate AES
Architecture Resistant against Fault Injection",
Workshop on Fault Diagnosis and Tolerance in
Cryptography, FDTC.2007.8, pp. 54- 61.
11. Monnet, Y.; Renaudin, M. & Leveugle, R.
"Designing Resistant Circuits