As I previously wrote in my blog, I was waiting for a whole disk encryption solution to be made available for Mac OS X. Some months ago, Checkpoint released what I believe was the first solution ever to support full disk encryption on the Mac, including the boot disk. Recently, as I noted before, PGP Corporation release PGP Desktop 9.9 for Mac OS X, supporting full boot-disk encryption for the first time on this platform. I opted for trying PGP, as they made a demo version available (that will work for 30 days) and it’s possible to buy a license online. Checkpoint, on the other hand, doesn’t seem to have a downloadable demo, and doesn’t sell the product online. This was enough for me to forget Checkpoint solution at all, specially having the PGP demo ready to be downloaded from their site and installed. So, PGP it is.
Why should you care?
Today, you easily buy a laptop with a large hard drive. That drive will quickly be full of important data. Many people consider “important data” to be private emails, trip photos, holiday movies, and such. But that’s just the tip of the iceberg. Letting anyone read your email or pick at your photos can be a problem, but it’s nothing compared to really important data. I’m talking about company reports. Source code. Data about your customers. Intelectual property. Financial data. Anything that keeps your business going, and that can put it in a very delicate position if it gets to the wrong hands.
Also, there’s an even more important fact you should take into account: some data you are carrying on your laptop is not yours, but other people’s data. Confidential emails with clients or business partners. Marketing and product information that should not be disclosed before a certain date. Governmental and military information, including private data from citizens (as an example, recently some events like this one happened in UK, where laptops with sensitive official information were stolen or lost). This means that you are no longer responsible just for your data security, but also for other people’s.
On top of this, you must think about the consequences of letting this information be revealed to the wrong persons. Important information about your clients may leak. Intelectual property that keeps your company ahead of the concurrency may become public, destroying your company advantage or, in the worst case, destroying the company itself. Governmental agencies may be placed in the hot seat for letting private information about the citizens be stolen and accessed.
All this together should be more than enough to make you worry about your computer’s data security and convincing you to do something about it.
Whole disk encryption
Computer security is a very wide subject, and there are a lot of things to consider. Network security, host security, etc. In this article, I’m covering whole disk encryption. So, what is whole disk encryption?
Whole disk encryption is a technique where all the drive contents are encrypted using a secret key (which can be a password, a key stored in a USB dongle, etc). When I say “all the drive contents”, I mean it. Even the operating system is encrypted. This means that you will only be able to access that drive’s contents if you have the key to access them, and this includes booting the computer from that drive. If you don’t have the key, you won’t be able to read the data whatever you try. Mounting it on other computers of physically installing it on a different computer won’t work. For anyone who doesn’t have the key, the drive will be as good as an empty one. All the contents will appear to be random garbage.
For those who have the right key, the main advantage of whole disk encryption is that it won’t affect the computer usage at all. The only thing you have to do is to type in the password right after powering up your machine. After you type the password, the OS will boot normally and the machine will work as if nothing special was happening. The secret is that PGP runs between the hardware and the OS itself, intercepting all the data input and output from and to the hard drive. All the applications, and even the OS itself won’t even realize that the hard drive is encrypted because the PGP layer will decrypt data requested by the applications on the fly. This is great, because it makes very unlikely that some application won’t work because of the disk encryption process. All the magic happens below the OS itself, as close to the hardware as it can be.
This will protect your data against one of the attack vectors that is most hard to defend yourself against: someone having physical access to (and some time alone with) your machine. This included the machine being stolen (which is very likely to happen at some point to laptop computers), someone entering your home or office and remove a hard drive from a computer, and even accessing data centers and stealing hard drives or entire servers (and if you think that doesn’t happen… think again, it’s more frequently that what most people believe).
I want to make clear that this will not protect your mac against other types of attacks. As I stated before, the OS and the applications will run in the same way they did before. So, if you have a virus or a trojan horse on your system, the virus or trojan will work. If you have a compromised network service, hackers will be able to get in using it. If you download an application that erases all your files, all the files will be erased. The whole disk encryption system has the only purpose to keep all the data on your hard drive protected when the system is not running. As long as you type in the password and boot the OS, all the OS-level security weaknesses that were there before will be there again. PGP Desktop has some more security features but I won’t cover them here.
What about Apple’s File Vault?
Apple provides you with some “transparent” data encryption features on Mac OS X, namely File Vault. File Vault will encrypt all the files in your home directory and store them on an encrypted disk image. You will always be able to turn the Mac on, but you must provide your account password on the login for that disk image to be accessed. As with PGP, data will be encrypted and decrypted on the fly. So, why not use it? There are many reasons why using File Vault is impractical:
- It’s not whole disk encryption, only home directory encryption. One may argue that all the important files are in the home directory, but that’s not entirely true. Many applications write temporary files to directories outside of your home directory, like /tmp. This files may contain sensitive information, and that information will be recorded unencrypted on your drive. Also, software like databases of other kind of servers store their data outside of user’s home directories, and that data will also be stored in clear.
- It conflicts with some applications, specially backup solutions. For any application executed by another user, including the OS itself, a user home directory will be a single, huge file, the encrypted disk image. The backup software will not be able to peek inside your home and only backup the files you changed since the last backup operation, so it will try to copy the entire file. Worse yet, if you change the file during the backup, you can corrupt the backup, making it hard or impossible to restore it if needed.
- For the same reason, remote services will not work because they won’t be able to decrypt your home directory. This is the case of a remote shell, for instance. If you ssh to a Mac with your home directory under the domain of File Vault, you won’t be able to access your files.
- It’s slow an unreliable. File Vault works by creating an encrypted virtual file system inside a file that grows and shrinks as needed that is itself stored in the real file system on your drive. There’s a huge load of things that can go wrong with this. This is corroborated by the fact that every time I tried to create disk images with many (hundreds of thousands) of files, the disk image inevitably corrupted and I could not access it’s content any more. Don’t forget that your entire home directory will be really a single huge file with some complex data and mechanisms that make it work. Now compare this with the simplicity of the PGP solution: just insert a layer between the OS and the drive, and don’t ever think about it again. It just works, it doesn’t need to care about files, folders, file systems, or anything else. It’s just raw data. OS asks it to write a sector on the drive, PGP layer encrypts the sector, and the sector goes to the drive. No complex processing, no complex data modeling, no complex code to fail. The PGP layer doesn’t even need to know what’s doing, it blindly encrypts and decrypts data on the fly. The OS will know what to do with that data.
For these reasons, I believe whole disk encryption is a much better solution than File Vault. I strongly believe Apple should provide this with their Macs right out of the box, but judging by the way the company handles security issues, I don’t believe that will happen any time soon.
What can you say when a product that is supposed to do what it does in the background and be totally transparent to the user actually works fine? Well, nothing. That’s precisely the point – providing security without being a pain to the user. So far, that’s my experience with PGP. I really have nothing much to say, except that it works.
I installed PGP, rebooted and typed in my demonstration registration key, valid for 30 days. Then, I read the manual, skipped all the “please verify your file system consistency before proceeding” warnings (what could go wrong?), set a password for my MacBook Pro drive, and fired up the encryption. You can use your mac normally while the initial encryption is done, as PGP is smart enough to know what disk sectors are already encrypted and which ones are not, allowing the system to work normally during the whole process. You will probably notice a very high loss of performance during the initial encryption process because the hard drive will be in really heavy usage (after all, PGP has to read and rewrite the entire disk surface).
After that, you won’t notice a thing. The only signs your mac will show you related to PGP are the small PGP icon on the menu bar, and, of course, the password window before the system boot. You won’t notice any performance degradation due to the real time encryption, at least I didn’t. Based on the UNIX “top” tool, it appears that PGP doesn’t use more than 2 or 3 percent of the CPU, which is negligible (remember that we are talking about 100% per CPU, which means that in a modern laptop with a Core 2 Duo processor, PGP is using 3%… of 200%).
You can create several “users” for your hard drive, with different passwords for each one. Please keep in mind this is only a way to avoid sharing the passwords. This is NOT a real accounting feature like in a normal UNIX system, where each user has different permissions and credentials to (supposedly) access only what he should. Here, any password will provide access to the entire drive contents. The normal access permissions will be granted by Mac OS X, of course, but PGP offers no data protection as soon as someone – whoever it is – types in a valid password.
There are some important things to keep in mind when using PGP to encrypt your drive:
- PGP asks for the password on system boot, but not on system awake. So, make sure to turn on the system awake password in the System Preferences, or you can allow a burglar to access your data if he stoles your Mac while it’s sleeping (and at least I always carry my laptop in sleep mode). If you want absolute security, turn off your mac before taking it with you.
- Target mode (using your mac as a firewire drive) will work, but the drive contents will not be decrypted on the fly by the machine in target mode itself. You have to install PGP on the host machine so that it’s able to decrypt the contents of the target disk.
- You have to be careful if you need to clone an encrypted drive. The most reliable way to do it is to decrypt it before cloning. If you want to clone an encrypted drive, check this thread in the PGP Forum for more details.
- I haven’t tested this, but from what I recall from the manual, you may install PGP on a machine and use it unlicensed to read the contents of an encrypted drive (assuming you know the password, of course).
- BootCamp won’t work. If you need Windows, you have to run Parallels, VMWare or any other virtual machine software. Those will work fine, providing that the Windows disk image is a file on the OS X file system, and not a dedicated Windows-formatted partition.