Data protection is the prime goal of computer security, and by far the best method developed for this is encryption. The idea is to change the contents of the data so that it remains unintelligible even if an attacker gains access. However, the traditional practice of software-based encryption is vulnerable to several types of attacks, such as side-channel attacks, hardware keyloggers, acoustic cryptanalysis, etc. This calls for a more secure and fundamental type of encryption – full disk encryption.
Full disk encryption, or whole disk encryption, works by building the encryption capabilities right into the hardware. That means the entire disk is kept encrypted, based on a pass-phrase, including the operating system and the swap space. This makes it very difficult for an attacker to gain access into the system. Because the system is not connected to any network when it boots up, working with hardware encryption makes a lot more sense.
Benefits of Full Disk Encryption
Here are some reasons why full disk encryption comes highly recommended:
- Encryption is comprehensive and complete. Even swap memory and temporary files get encrypted, plugging virtually all loopholes.
- Reduces vulnerabilities in cases where users forget to encrypt certain sensitive files.
- Allows the options of immediate data destruction, which can be achieved by destroying the key.
A fully-encrypted disk is an impregnable fortress once the system is powered off. The only way to compromise a fully-encrypted disk is to have access to a running system, the chances of which can be reduced by enforcing physical security.