Secure disk encryption


Do you want to encrypt the data stored on your hard drive? Already use disk encryption software but want to secure it further? You can secure your data in a easy and secure manner using two-factor authentication with the YubiKey.

Background


Full-Disk-Encryption (FDE) technology protects data at rest by transparently (to the user) and at low level encrypt all data stored on the hard drive of a protected computers and is considered the most complete protection of such data.

Most FDE solutions implement a Pre-Boot Authentication environment (PBA), frequently implemented as a hardened – not network connected – lightweight operating system kernel, to which the user must successfully authenticate at boot time in order for the key to be recreated and provided to the encryption driver or to the encrypting disk so that the normal host operating system can start.

There are various two-factor authentication options available in commercial FDE products. However, most of the options require installation of additional hardware e.g. smart card readers and/or special drivers. YubiKey on the other hand is simple to use and has following distinct advantages:

• Does not require any additional hardware to be installed
• Uses standard USB port that is virtually ubiquitous on all personal computers used today
• YubiKey in Challenge-Response mode does not require network access in the pre-boot environment


Requirements


• YubiKey Hardware
• Personalization Tool

How to implement YubiKey + FDE


• Implementation Guideline (pdf)

This guide shows how YubiKey two-factor authentication in Challenge-response mode can be implemented to work seamlessly in FDE products.

Background


TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. TrueCrypt supports the YubiKey with static password mode in both Volume mode and System Partition mode.

Required


• YubiKey Hardware
• Personalization Tools
• TrueCrypt


How to enable YubiKey + TrueCrypt


To add YubiKey static password support to TrueCrypt, follow the instructions listed in the pdf below, the Yubico Wiki entry or watch the video:

• How to enable Disk encryption with YubiKey and TrueCrypt (pdf)
• Wiki: Guidelines and documentation

Yubico

Go to top EV SSL