Safe Storage, Mac Style

Disk-level encryption provides a safety net without a hassle

I know that most CSO readers live in a world where Microsoft Windows runs on laptops, desktops and most of the servers. I live in a different world. On my desktop I run Windows because it has the best support for scanners, OCR and Quicken. But my servers run FreeBSD and Linux. My phone runs PalmOS. And my laptop runs Apple's MacOS—with Microsoft Windows occasionally running as a guest operating system inside in a virtual machine.

I am by no means a Macintosh bigot: I bought my first Mac in 1984 but sold it in 1985, regarding the machine as little more than a toy. I tried the Mac again for a few years in the 1990s but gave up because it crashed too much. I returned to Apple when Apple bought NeXT Computer and migrated to Unix—but only because I had written a book about NeXT and wanted to "port" it to MacOS.

In recent years, however, I've had a compelling reason to avoid Windows and use the Mac: security.

Apple has taken its legendary attention to detail and usability and applied it to eliminating some of the most important security threats facing computer users today. The reason that I use an Apple laptop even though there are other models that are lighter and faster is because of the added security that MacOS offers to mobile users. It's easier to use and more secure than any solution I could buy or build using Windows or Unix without purchasing extra software and doing a lot of customization.

This column won't convince any CSO to throw away her organization's Windows-based computers and move to the Mac. But by analyzing some of the significant security features that Apple has added to its operating system in recent years, I'll aim to show you why I've decided to use MacOS on my laptop and give you a list of features that you should be demanding from your vendor, whoever that may be.

Passwords Versus Encryption

Laptops, USB memory sticks and external hard drives have become a security headache for many organizations. As a result of mandatory notification laws, a single stolen device can force your organization to send embarrassing and potentially costly disclosure letters to thousands or even millions of people. You may not even be aware that you're at risk: Employees or consultants may be taking large quantities of personal data out of your company on laptops without even telling you.

There are two fundamental ways of protecting information on a mobile device. The most common is to protect with a password or pass phrase. The computer stores this word or phrase along with your data. When a user wants to access the computer, the system prompts the user to type in another copy of the word or phrase. The computer then compares what was typed to what is stored. Access is granted if the two words or phrases match.

The second approach for protecting information also uses a password or phrase, but instead of simply comparing what's typed with what's stored, the computer uses what's typed as an encryption key. The data is encrypted when it is written to the computer's hard drive, and it's decrypted when it is read back. The advantage of this approach is that the protection still holds even if the computer's hard drive is removed and attached to another system. That's because the stored data must be mathematically decrypted before it can be used. The computer's operating system isn't simply making a go/no-go decision.

Practically every computer, PDA and cell phone that's sold these days uses the first approach—passwords without encryption—to protect the information it contains. Some specialty systems use fingerprints instead of passwords. But even with biometrics, the computer's operating system is still making that go/no-go decision, which means it can be overruled by booting from a CD-ROM or removing the storage from one computer and reading it with another.

MacOS is an exception to this rule. Apple's operating system uses encryption throughout to protect user data. What's more, the encryption is transparent: Once you turn it on, you hardly know it's there.

The first and most powerful protection system built into MacOS is Apple's FileVault encrypted file system. You can enable FileVault by clicking a button labeled "turn on FileVault" that is in the "security" section of the MacOS control panel. This causes MacOS to create a virtual disk using a random 128-bit AES encryption key; your files are then copied into the virtual disk and the plaintext versions are securely deleted (so they can't be recovered with forensic software). Finally, the 128-bit key is encrypted with the user's log-in password and stored in a special file.

When a FileVault user tries to log in, MacOS takes his password and tries to decrypt the 128-bit AES key. If the key decrypts, MacOS uses this key to mount the user's home directory and the log-in process can proceed. If the password is wrong, the AES key won't decrypt and the would-be attacker is stymied. The same applies if the Mac is booted from a CD-ROM or if the drive with the encrypted home directory is plugged into another computer.

Because every modern MacOS program stores all of the user-specific information inside the user's home directory, FileVault provides iron-clad protection for this personal information without the trouble of encrypting the operating system or the applications. For example, the user's cookies, Internet history and e-mail are encrypted, but the Web browser application itself is not. Virtual Private Network settings that are set up for each user are encrypted, while the computer's general Internet configuration is not. The MacOS "preferences" database—Apple's equivalent to the Windows User Registry—is encrypted; systemwide preferences are not.

Of course, users have a tendency to forget their passwords. The problem with encryption is that encrypted data can't be recovered without a key. For this reason, FileVault allows any system administrator to set an optional systemwide "master password." This password serves as a backup or "safety net" for anyone using FileVault on that computer — but only if the FileVault is created before the master password is set.

Encrypted volumes aren't limited to home directories. Using Apple's Disk Utility, it's possible to create any number of encrypted "virtual disks." The virtual disk is a disk image that's stored in an ordinary file; when you double-click on the file, the operating system asks you for the encryption pass phrase, then mounts the encrypted image as if it were a separate USB drive. You can even put one encrypted virtual disk inside another, if you so choose.

More Disk Tricks

As noted above, MacOS also has a system for securely erasing files. The "secure empty trash" feature causes each file in the trash to be overwritten seven times (six times more than strictly necessary); it then overwrites the file's name in the containing directory. My research indicates that "secure empty trash" erases all traces, even if the Mac's "journaling file system" is turned on.

Should you accidentally choose "empty trash" instead of "secure empty trash," the Disk Utility program has a feature called "erase free space" that will overwrite all of the disk sectors that are not currently devoted to storing files.

In addition to securing files, MacOS allows system managers to enable "secure virtual memory."

Modern computers use the hard disk to augment the computer's semiconductor RAM with a technique called "paging" or "swapping." Whenever you try to run more programs than will fit inside your computer's RAM at once, the machine constantly swaps data from its fast but small RAM to the slow but large hard drive. Swapping slows down a computer dramatically, but it's better than the alternativ — not running the software at all. From a security point of view, the real problem with swapping is that it causes a process that is working with confidential information to leave that information on the hard drive. Worst of all, it can happen even if the process didn't explicitly open a file and write data, because swapping is controlled by the operating system. And once the data is on the hard drive, it can stay there for weeks or even years — the operating system makes no guarantees that the data will ever be overwritten again.

Apple's "secure virtual memory" uses encryption to eliminate this vulnerability. Each time the computer boots, it creates a random encryption key for swapping. Data swapped out to the hard drive is encrypted; the data is decrypted when it's read back. The encryption key itself is never written to the disk: It's kept in RAM and is destroyed when the computer is shut down or rebooted.

My big complaint with MacOS security is that things like FileVault and "secure virtual memory" shouldn't be option — >they should be defaults. I believe that it's unethical for the computer to give the appearance of deleting information while actually leaving that information on the disk; computers shouldn't lie (explicitly or implicitly) to their users. Still, these features are dramatically better and easier to use than what's built into Windows. Because of them, I know that if my laptop is ever lost or stolen, the thief will get the hardware only — not my data.

Simson Garfinkel, CISSP, is researching computer forensics and human thought at Harvard.

Copyright © 2006 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline