Data encryption is a familiar concept and common practice among PC users. The
goal of data encryption is to prevent unauthorized access to computer data.
There are different techniques for achieving this goal, but all the techniques
embrace a simple idea -translates data into another form, or code, so that only
people with access to a secret key (formally called a decryption key) or password
can access it. Reboot Restore, as Windows time machine software,
provides instant recovery of computer data. On the surface, Reboot Restore Rx
Pro technology appears to have nothing to do with data encryption. But in
practice, Reboot Restore brings a unique and effective way securing data
from unauthorized access. This whitepaper explains how Reboot Restore
achieves data encryption through its unique, simple and effective way; which
comes as serendipity of Reboot Restore's instant data recovery design.
How standard Data Encryption Works
Before explaining the Reboot Restore way of data encryption, we would
like to have a quick elevated review of standard data encryption. The purpose of
data encryption is to protect digital data confidentiality as it is stored on
computer systems. In order to understand the different technique of data
encryption, we need to first have a basic understanding of how data is stored and
accessed on computer systems.
The overall process of computer data storage is a complex subject. In a Windows
based computer, it’s one of the Windows O.S.’s main responsibilities, processing
stored data through its file system manager. But the overall process can be
broken down into 2 basic steps: First, finding the store data (the indexing system).
Second, read/write the stored data (the actual data). The standard data
encryption’s focus is on the 2nd step of the process, the actual data. Using various
encryption algorithm such as DES and AES encryption. The encryption software
takes the data and transforms it through a series of complicated operations into
another fixed-length cipher text. This is a very efficient process. But it takes time
to encrypt each bit of the store data. In practice, it’s common to see an
encryption software takes up to hours to fully encrypt or decrypt a drive-full of
data.
How Reboot Restore encryption works
The focus of Reboot Restore data encryption is on the 1st step of the data
storage process, the indexing system. As we know, Reboot Restore is
data protection software; it was not designed as a data encryption software. The
data encryption aspect of the software only comes as an unintended
consequence of the data protection design.
On a Windows system without Reboot Restore, the IO file manager’s view
of data storage is “a black and white” layout. Black as used space and white as
free space.
On the same system with Reboot Restore, the IO file system’s view of data
store is still “black and white”, but this black and white is only a small piece of the
total colorful layout.
From using Reboot Restore, we notice in one Reboot Restore
snapshot, we do not see data from other snapshots. That’s because the current’
snapshot’s file system does not have the “indexing” of the files in other snapshots.
This is the result of Reboot Restore's philosophy for data protection: the
best way to protect data from corruption is to make it invisible from corruption
forces.
The same philosophy can be expanded for data encryption: the best way to
prevent unauthorized access to data is to make the data invisible from
unauthorized users.
This is the foundation of data encryption with Reboot Restore.
The question is, how do we achieve the data invisibility to unauthorized access?
The data stored in Reboot Restore snapshots are only visible within the
snapshot; the access to the snapshot is the key to access the data. The access or
loading of a Reboot Restore snapshot is done by Reboot Restore
pre-OS subsystem which reads the snapshot information from invisible snapshot
tables (the tables do not exist as a file in the file system). In addition, the content
of snapshot tables is encrypted using AES encryption. To prevent authorized
users from loading a snapshot table, the loading and decrypting the snapshot
tables is protect by a pre-OS password; which makes the “access” to the
protected data totally secure.
Now, to a critical user, he still has doubts about the security of his actual data.
How does Reboot Restore prevent unauthorized access to the actual data
if an unauthorized user somehow finds a way to the data? Reboot Restore
takes care of this concern by doing nothing, other than what it does already for
its instant data protection and recovery. This is where the beauty of Reboot
Restore Rx Pro design comes into play. In a quick test, we can see Reboot Restore
Rx Pro is able to create or restore a snapshot of 1TB disk in a few seconds. That
tells us Reboot Restore data protection and recovery does not backup or
restore the actual data; which could take much longer than then a few seconds.
The entire practice of how Reboot Restore writes and reads protected data
can be viewed as an “encryption” technique.
The definition of data encryption is that Data, or plaintext, is encrypted with an
encryption algorithm and an encryption key. The process results in cipher text,
which only can be viewed in its original form if it is decrypted with the correct key.
Reboot Restore protects stored data on PC with a subsystem and a kernel
system. The subsystem and kernel system create a sector map and virtual shield
rendering the operating system unaware of data movement at the sector level.
Given that all data located on sectors has a corresponding entry on the sector
map, Reboot Restore designates each sector that has sector map entry as
“Used”. Conversely all sectors that do not have data with a corresponding sector
map entry are designated as “Free”. Upon installation, the hard drive is classified
by the kernel system protecting the “Used” sectors under the virtual shield. This
classification is completely independent of the operating system.
Any changes after the installation of Reboot Restore are classified as
“Snapshot Used” sectors. The “Snapshot Used” sector classification renders all
changed data uniquely identifiable. “Snapshot Used” sectors are an extension of
the “Used” sectors with linked pointers. The operating system is not aware that
there is a two-stage link pointer between the data (between the used and
snapshot used sectors).
We can see from the diagram above, on a system with Reboot Restore, the content of the sector 40 is not encrypted, but without accessing the RebootRestore Rx Pro snapshot tables and re-interpretation of the sector links, we have no way to know the real content of the sector 40 is in sector 41. The data stored in sector 40 is affectively, unintentionally ciphered through a link of redirections.
This is the beauty of Reboot Restore design, unlike the standard
encryption software, which cipher the actual data into another form, Reboot
Restore Rx Pro chops up the data that makes up file into small pieces and links
them up through redirection and indexing of the snapshot tables; as the result,
the data is effectively “ciphered” into another form without the ciphering process.
Without the map of the snapshot tables, it’s impossible to put together all the
links that make up the data stored in snapshots (in a way, cipher the data), and
the map of the snapshot tables, as explained above, is encrypted and
conveniently protected.
Summary
Reboot Restore achieves data encryption through a unique and effective
angle by serendipity. It overcomes the shortcoming of the standard encryption
which is a time consuming process. Reboot Restore encryption of data is
instant and secure. It’s a nice add-on to its already stunning instant data recovery.