Design And Implementation Of Full Disk Encryption System Based On Truecrypt And Usbkey

With the rapid growth of digital information, the disk has become the cen ter of data storage and the last line of defense in data protection, so the disk encryption system is getting more and more attention from government and e nterprises. True Crypt is a widely recognized open source disk encryption syste m, Chinese scholars have conducted in-depth research on True Crypt, and they have implemented some more secure disk encryption system based on True Cr ypt. But these system still exist the following problems: using the lower securi ty authentication methods based on user-input password; not supporting Chinese encryption algorithm; the data-partition decryption process is cumbersome and opaque for ordinary users; encrypted data-partition is easily confused with oper ation failure.In order to solve the above problems, this paper introduce a new disk enc ryption system called Trust Disk Encrypt(TDE) which based on True Crypt and USBKEY technology, TDE have the following features: Trusted-password mech anism based on USBKEY technology, using USBKEY to ensure confidentiality of password; Designed a key architecture based on trusted-password mechanis m and also designed the key initialization process at all levels; Supporting syst em-partition encryption, decryption of the system-partition requires the use of tr usted-password mechanism in the BIOS layer, so TDE system contain a self-de signed USBKEY driver in the BIOS layer; Supporting Chinese encryption algor ithm, SM4 for data encryption and decryption, SM3 for the key derivation fun ction; Redesigned the existing module derived from True Crypt to work with th e new trusted-password mechanism and key architecture, implemented the encry ption and decryption of system-partition and data-partition; Optimized the datapartition encryption and decryption process, solved the problem that the encrypt ed data-partition is easy to be damaged and the decryption process is too com plex.Based on USBKEY technology and True Crypt system, this paper designedand implemented the TDE encryption system, compared to the existing disk e ncryption system, TDE has significant advantages in key protection, Chinese en cryption algorithm supporting, transparent using. TDE system can also be a reference for other scholars in the study of True Crypt encrypted system.