Information Leakage Prevention Using Virtual Disk Drive

Full Text (PDF, 510KB), PP.19-27

Views: 0 Downloads: 0

Author(s)

Tarek S. Sobh 1,*

1. Information Systems Department, Egyptian Armed Forces, Cairo, Egypt

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2013.08.03

Received: 16 Sep. 2012 / Revised: 5 Jan. 2013 / Accepted: 22 Mar. 2013 / Published: 8 Jun. 2013

Index Terms

Information Leakage, Virtual Disk Drive, 3-D image CAPTCHA, Authentication, Encryption

Abstract

The worst news for information technology people are computer has been stolen or lost. The actual problem is the loss of the data stored on the hard drive that can fall into the wrong hands. However, users of information system and laptops computers are facing real problems with due to intruders using attack techniques when they are connected to the network and lost or stolen computers. In order to protect your organization against information leakage you should encrypt this data by only allowing the user with access to the encryption key to view the data, authorized application usage, and control who gets access to specific types of data.
This work focuses on confidentiality of secure information storage. In addition, it presents the model to create of a Virtual Disk Drive (VDD) on MS Windows, that appear to the user (after the mounting process) as hard disks, but that are really stored as ciphered files on a file system. The proposed VDD prevents dictionary attacks and brute force attacks by incorporating a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) in the login mechanism. The authentication method for the VDD login is based upon a 3-D image CAPTCHA. All components of this work are integrated in one security VDD tool called "SecDisk".

Cite This Paper

Tarek S. Sobh, "Information Leakage Prevention Using Virtual Disk Drive", International Journal of Computer Network and Information Security(IJCNIS), vol.5, no.8, pp.19-27, 2013. DOI:10.5815/ijcnis.2013.08.03

Reference

[1]A. Furche and G. Wrightson, Computer Money: A systematic overview of Electronic Payment System, pp. 456, dpunkt Verlag Fuer digital technology Gmbh, Heidelberg, FDR, 1996.
[2]C. E. Phillips, T. C. Ting, and A. Steve, "Information sharing and security in dynamic coalitions," in ACM SACMAT'02, California, USA, 2002
[3]Dhillon and j. Backhuose, "Current directions in IS security research; towards socio-organisationl perspectives," Information Systems Journal, vol. 11, pp. 127-53, 2001.
[4]D. McCullagh. Security guide to customs-proofing your laptop. http://www.news.com/8301-13578_3-9892897-38.html, 2008.
[5]Hsi, Sherry, and A. Agogino, "Scaffolding Knowledge Integration through Designing Multimedia Case Studies of Engineering Design" Engineering Education for the 21st Century: Proceedings of Frontiers in Education, FIE'95, ASEE/IEEE, pp. 4d1.1-4d1.4.
[6]J. Granick. EFF answers your questions about border searches. http://www.eff.org/deeplinks/2008/05/ border-search-answers, 2008.
[7]S. Tsujii, Y. Itakura, H. Yamaguchi, A. Kitazawa, S. Saito and M. Kasahara, "Public-key Cryptographic scheme having a structure in which biological information is embedded into a secret key," IEICE Symposium (SCIS2000), D07, Jan. 2000.
[8]Faisal Nabi, "Virtual Invisible Disk Design for Information System Security", International Journal of Network Security, Vol.8, No.2, Pages.131-138, Mar. 2009
[9]D. Dong, Using SSL as an encryption tool, June 7, 2002.
[10]CREDANT Technologie, Advances in Endpoint Data Security: New Technology to Meet Security, Operations and Compliance Needs", February 2008, www.CREDANT.com
[11]Tarek S Sobh, Yasser Aly," "Effective and Extensive Virtual Private Network", Journal of Information Security (JIS), Vol.2 No.1, PP. 39-49, 2011
[12]A. Narayanan, T. Shaman, "The secure virtual computer on your keychain", Network Security, Volume 2008, Issue 7, July 2008, Pages 11-14
[13]M. Geiger and L.F. Cranor, "Scrubbing Stubborn Data: An Evaluation of Counter-Forensic Privacy Tools", Security & Privacy, IEEE Volume 4, Issue 5, Pages: 16-25, Sept.-Oct. 2006
[14]Tarek S. Sobh, "Wi-Fi Networks Security and Accessing Control", International Journal of Computer Network and Information Security (IJCNIS), Vol. 5, No. 7, PP. 9-20, 2013
[15]Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, and Tadayoshi Kohno, "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications", http://www.truecrypt.org/
[16]Carsten Schnober, "Encrypted Virtual Filesystems with BestCrypt Locked Up Data", www.linux-magazine.com, Pages: 31-31, August 2003
[17]Joseph Belsanti, "Protecting Data-at-Rest Compliance with data and security regulations", WinMagic Inc, www.winmagic.com
[18]R.R. Sahoo and G.S. Rath, "Designing a cryptosystem by implementing reversible sequential switching M/C- a symmetric approach", International Journal of Computer and Communication Technology (IJCCT), 2(2010), 173-175.
[19]C. J. Hernandez-Castro and A. Ribagorda, "Pitfalls in CAPTCHA design and implementation: The Math CAPTCHA, a case study", computers & security Volume 29(2010), Pages: 141 – 157, 2010
[20]K. Chellapilla, K. Larson, P.Y. Simard, and M. Czerwinski, "Building segmentation based human friendly Human Interactive Proofs (HIPs)", Proceeding of The Second International Workshop on Human Interactive Proofs, 2005, pp. 1-26.
[21]M. Greg, M. Jitendra. "Recognizing objects in adversarial clutter: breaking a visual CAPTCHA". In: Conference on Computer Vision and Pattern Recognition (CVPR 03). IEEE Computer Society; 2003. p. 134–41.
[22]S Snedaker, IT Security Project Management Handbook, Chapter 10 General IT Security Plan, Pages: 261-343, June 2006, www.syngress.com
[23]J. Yan and A. El Ahmad, "Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms", Twenty-Third Annual Computer Security Applications Conference, 2007, pp. 279-291.
[24]J. Yan and A. El Ahmad, "A low-cost attack on a Microsoft CAPTCHA", ACM Conference on Computer and Communications Security,pp.543-554, 2008.
[25]Philippe Beaucamps, Daniel Reynaud-Plantey, and Jean-Yves Marion "On the use of Internet Voting on Compromised Computers", Army Signals Academy Virology and Cryptology Laboratory, Rennes (France), March 27, 2009
[26]Michael G. Kaplan, "The 3-D CAPTCHA", http://spamfizzle.com/CAPTCHA.aspx, Browsed 2 Jun, 2010
[27]Rick Wu and Rebecca Chen, "Integrating CAPTCHA authentication technologies with WebSEAL A reference implementation by using WebSEAL EAI", 12 Feb 2008, http://www.ibm.com/developerworks/tivoli/library/t-captcha/index.html