Tech Features

Lock up your laptop data with the latest encryption software

Apr 19, 2009, 10:34 GMT

Bonn - For years now retailers have been selling more notebooks than PCs and thanks to the success of ultra-portable net books, more people than ever before are carrying their computers - and their valuable data - around with them the whole time.

Needless to say, this increases the risk of data being skimmed, stolen or of it simply falling into the wrong hands. Fortunately, confidential information on portable computers can be reliably secured using state-of-the-art encryption techniques or biometric authentication.

'If you are looking for a high level of protection it is no use simply denying access to the system', said Detlef Huehnlein, an expert on biometrics and electronic signatures at the Bonn-based Society for Information Technology. 'After all, someone can just physically steal the storage medium'. This means users should encrypt their most important files or indeed their entire database.

Windows Vista now offers complete data encryption security with an improved Encrypted File System (EFS) and the new BitLocker feature. It will be available too on the upcoming Windows 7-operating systems Enterprise and Ultimate. Mac OS fans can turn to FileVault although the drawback here is that the system does not allow users to select which parts of the disk to encrypt since only entire home directories can be encrypted.

'This makes it unsuitable for particularly sensitive information', said Huehnlein who has his doubts about the effectiveness of the Apple Mac encryption technology.

Under Windows the free open-source encryption software TrueCrypt encrypts not only individual boot partitions but entire boot drives. It can also set up and run a hidden encrypted operating system. According to specialists at Germany's heise security portal, 'The encryption algorithms used are virtually impregnable, provided a sound password is used.'

Meanwhile, there are several companies offering encryption processors integrated into intelligent USB sticks, as Huehnlein points out. These enable users to create secure files on the device and the host computer. Similar applications are based on the MicroSD and SD cards used in smart phones.

Nowadays, encryption does not necessary slow down the computer and Huehnlein says performance remains unaffected when the applications are in use.

There are plenty of USB stick encryption devices on the market but heise security advises against using bargain basement solutions. 'Cheap hardware means cheap encryption', experts warn. Such devices represent poor value for money since the manufacturers cut corners where it matters most, namely on developing reliable encryption.

In all cases, the user needs a key to access the encrypted data and this can be provided in a number of ways, typically in the form of a password. 'This means the degree of security comes down to the password', said Huehnlein. For particularly data-sensitive areas so-called authentication tokens or chip cards can be used to boost the degree of confidentiality.

A password can be combined with biometric authorization which typically compares and matches the irises of an individual's eyes, facial features, hand geometry or handwriting. Voice recognition can also be used.

Fingerprint sensors are currently the most widespread method and they can be found in products ranging from notebooks to computer mice and USB sticks. Unfortunately, they are fairly easy to spoof using anything from duplicates to jelly babies.

The standard facial recognition software solutions supplied by many notebook manufacturers are also easily fooled. Programmes designed to match faces using a webcam are often unable to distinguish between the real thing and a simple photograph held up to the lenses

While biometric protection may not be bombproof, it is certainly better than no security at all. 'It all depends on what level of data security you are looking for', said Huehnlein. User friendliness plays a major role and fingerprint sensors score high on that level.

The Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt is currently working on a new biometric system designed to make paying at the cash till safer by boosting the authentication process. The technology could have other applications such as limiting access to sensitive data, said SIT Thomas Kniess.

A forged signature is not enough to trick this system which does not compare the signature image but the way in which it was written.