Pre-boot authentication: Difference between revisions
m Bot: Converting bare references, using ref names to avoid duplicates, see FAQ |
Two typos |
||
| Line 32: | Line 32: | ||
===Linux-based Pre-Boot Authentication=== |
===Linux-based Pre-Boot Authentication=== |
||
Linux uses a well-known and proven UNIX-based security model. The enormous pool of developer talent is linked to this subject as a large number of individuals with different desires for an environment are pushing and pulling for the most extensible environment possible. The has made Linux remarkably flexible, with the ability to configure a Linux kernel to easily suit individuals needs. |
Linux uses a well-known and proven UNIX-based security model. The enormous pool of developer talent is linked to this subject as a large number of individuals with different desires for an environment are pushing and pulling for the most extensible environment possible. The has made Linux remarkably flexible, with the ability to configure a Linux kernel to easily suit individuals needs. This was key reason that the NSA used Linux as the basis for creating a secure operating system. <ref> [http://www.nsa.gov/selinux NSA & Linux OS] </ref> |
||
As an open source solution, there are a great variety of developers seeking to use Linux for a variety of purposes, and that means a large amount of driver development often available for free. [[Smartcard]] or [[biometric]] vendors can have their devices ported to Linux at no cost to themselves. That means greater compatibility and flexibility for future development. In addition, Linux is well-known for playing nice with installed OSes and BIOS, as well as being widely accepted worldwide by both large and small entities. |
As an open source solution, there are a great variety of developers seeking to use Linux for a variety of purposes, and that means a large amount of driver development often available for free. [[Smartcard]] or [[biometric]] vendors can have their devices ported to Linux at no cost to themselves. That means greater compatibility and flexibility for future development. In addition, Linux is well-known for playing nice with installed OSes and BIOS, as well as being widely accepted worldwide by both large and small entities. |
||
| Line 38: | Line 38: | ||
There are at least five common CPU architectures, and Linux runs on all of them. Proprietary OSes have advantages, but are limited to those architectures they are actually designed for. By virtue of the fact that its developers have wide-ranging interests and use cases, Linux has been developed to be completely portable to any widely distributed CPU architecture. <ref>[http://kroah.com/log/2007/01/29/ linux kernel monkey log<!-- Bot generated title -->]</ref> |
There are at least five common CPU architectures, and Linux runs on all of them. Proprietary OSes have advantages, but are limited to those architectures they are actually designed for. By virtue of the fact that its developers have wide-ranging interests and use cases, Linux has been developed to be completely portable to any widely distributed CPU architecture. <ref>[http://kroah.com/log/2007/01/29/ linux kernel monkey log<!-- Bot generated title -->]</ref> |
||
The number of potential conflicts from various security vendors providing their own proprietary operating systems and methodology can interfere with each |
The number of potential conflicts from various security vendors providing their own proprietary operating systems and methodology can interfere with each other and the main Operating System, mean a chaotic mess of race conditions. BIOS incompatibilities, and bootstrap failures. |
||
==Authentication Methods== |
==Authentication Methods== |
||
Revision as of 17:51, 20 August 2008
 | This article needs additional citations for verification. (April 2008) |
 |
Pre-Boot Authentication (PBA) serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.[1]
Benefits of Pre-Boot Authentication
- full disk encryption outside of the operating system level [1]
- encryption of temporary files
- data-at-rest protection
How Pre-Boot Authentication Works
Generic Boot Sequence
1) Basic Input Output System 2) Master Boot Record Partition Table 4) Pre-Boot Authentication 5) Operating System Boots
A PBA environment serves as an extension of the BIOS or boot firmware and guarantee a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the door. That trusted layer eliminates the possibility that one of the millions of lines of OS code can compromise the privacy of personal or company data.
Misnomer
Sometimes pre-Boot Authentication is a misnomer since a basic OS can be loaded prior to the main operating system in some implementations. Pre-boot authentication can take on a number of forms, it can be a start up (BIOS) password implemented on the Motherboard, or in on the boot volume itself. In the latter instance the boot sector of a hard drive is overwritten with a small executable which starts the decryption of the drive and hands off the credientals to Windows to continue booting. While, the Truecrypt[2] is an full disk encryption system it is also pre-boot authentication since you need to enter a password for the drive to boot.
Pre-Boot Authentication Technologies
Combinations with Full Disk Encryption
Pre-Boot Authentication is generally provided by a variety of full disk encryption vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection.
Linux-based Pre-Boot Authentication
Linux uses a well-known and proven UNIX-based security model. The enormous pool of developer talent is linked to this subject as a large number of individuals with different desires for an environment are pushing and pulling for the most extensible environment possible. The has made Linux remarkably flexible, with the ability to configure a Linux kernel to easily suit individuals needs. This was key reason that the NSA used Linux as the basis for creating a secure operating system. [3]
As an open source solution, there are a great variety of developers seeking to use Linux for a variety of purposes, and that means a large amount of driver development often available for free. Smartcard or biometric vendors can have their devices ported to Linux at no cost to themselves. That means greater compatibility and flexibility for future development. In addition, Linux is well-known for playing nice with installed OSes and BIOS, as well as being widely accepted worldwide by both large and small entities.
There are at least five common CPU architectures, and Linux runs on all of them. Proprietary OSes have advantages, but are limited to those architectures they are actually designed for. By virtue of the fact that its developers have wide-ranging interests and use cases, Linux has been developed to be completely portable to any widely distributed CPU architecture. [4]
The number of potential conflicts from various security vendors providing their own proprietary operating systems and methodology can interfere with each other and the main Operating System, mean a chaotic mess of race conditions. BIOS incompatibilities, and bootstrap failures.
Authentication Methods
The standard complement of authentication methods exist for Pre-Boot Authentication including:
- Something you know (i.e. username / password)
- Something you have (i.e. smart card or other token)
- Something you are (i.e. biometric data)
References
- ^ a b >"Pre-Boot Authentication". Secude. February 21, 2008. Retrieved 2008-02-22.
- ^ http://truecrypt.org
- ^ NSA & Linux OS
- ^ linux kernel monkey log
 | This software article is a stub. You can help Wikipedia by expanding it. |