Ontrack Data Recovery

Resources > Encryption decrypted

Encryption decrypted

 

What Is Encryption?

Encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a “key”. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).

What is a Key?

A key is a piece of information (or parameter) that controls the operation of the encryption process. In encryption, a key specifies the particular transformation of plaintext into encrypted text.
The ‘emergency disk’ that customers send Kroll Ontrack contains this key, which enables us to decrypt the data. In turn, this key contains the ‘cipher’, which dictates how the data is encrypted.

What is a Cypher?

A cipher is an algorithm for performing encryption and decryption — a series of well-defined steps that can be followed as a procedure. There are many different ways in which plaintext can be encrypted, but essentially there are two main processes used: symmetric key algorithms and asymmetric key algorithms (and these are shown below):

  • Symmetric Key Algorithms

This uses the same key to encrypt and decrypt the plaintext in to cyphertext.

  • Asymmetric Key Algorithms

This uses different keys to encrypt and decrypt the plaintext in to cyphertext.

Levels of Encryption

In addition to different ciphers and key structures, there are also different levels of encryption; depending on the security requirements of the user.
There are two main types of encryption, and these are shown below:

File-Level Encryption

This type of encryption only encrypts user files or directories, and not any system files. In this case, the operating system is unsecured, so data is vulnerable from unauthorised users.

Sector-Level Encryption

This type of encryption encrypts all user files, directories and system files. In this case, the operating system is secure, so data is safe from unauthorised users.

Problems with Sector-Level Encryption

Full disk encryption for the boot disk has the issue that you have to decrypt the blocks where the operating system is stored before you boot the OS (i.e. before you load Windows, for example) meaning that the key has to be available before there is a user interface to ask for a password. This also means that an attacker may be able to use the same mechanism to recover the key, rendering the encryption software useless.

Possible solutions to this include:

  • Using a dongle to store the key, assuming that the user will not allow the dongle to be stolen with the laptop/desktop
  • Using a boot-time driver that can ask for a password from the user
  • Using a network interchange to recover the key, for instance as part of a boot environment that does not need to access the hard disk

What can Kroll Ontrack do?

As with any other job, if the drive/tape etc, is not too severely damaged then a recovery may be possible. However, if there has been some kind of corruption whereby the data has not been encrypted correctly, then in this case there is nothing we can do. This is because applying the decryption cipher will not translate the encrypted information correctly.

What do we need?

Once we have the storage device in-house, and it is determined that the encrypted data is recoverable, we will then need to use the emergency disk supplied by the customer to decrypt the data.

At this point, it may also be useful to have some contact details for the person in the customers company who is responsible for implementing the encryption software. This is because occasionally, some customers are unwilling to give out confidential passwords via emails or over the phone, so a direct contact will often help to resolve any issues that may arise.

In conclusion

As you can see, encryption is not a simple subject to tackle. There are many different ways data can be encrypted (and decrypted), but the most important thing to remember is that engineers cannot decrypt a drive unless they have the emergency disk.

Furthermore, if the data has been corrupted in the process of being encrypted, there is no way of recovering this information, as the emergency disk will not correctly translate the corrupted data.

References / sources

All information, pictures and text in the above article are adapted from: http://en.wikipedia.org/wiki/Encryption , and http://computer.howstuffworks.com/encryption .

Learn more about Kroll Ontrack's encrypted data recovery services