1 / 52

Encrypt This!

Michael H. Warfield mhw@iss.net mhw@wittsend.com. Encrypt This!. If you think cryptography can solve your problem, you don’t understand cryptography and you don’t understand your problem. Bruce Schneier. Outline. Brief Introduction to Cryptography Uses of Cryptography Threat Models

mrinal
Download Presentation

Encrypt This!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Michael H. Warfield mhw@iss.net mhw@wittsend.com Encrypt This!

  2. If you think cryptography can solve your problem, you don’t understand cryptography and you don’t understand your problem. Bruce Schneier

  3. Outline Brief Introduction to Cryptography Uses of Cryptography Threat Models Events in the News Encrypting your hard drive Conclusion

  4. Quick URLs Quick references for those wanting this presentation http://www.wittsend.com/mhw/2005/encrypt-this/ Scripts, utilities, and resources http://www.wittsend.com/mhw/crypto-boot/

  5. Cryptography It's the art of "cryptic" or secret writing. Encryption is a form of reversible obfuscation. It can be used to provide confidentiality. It can be used to provide integrity. It can be used to provide authenticity. It can be used for authentication. It can be used for proof of Intent. Security must only depend on the secrecy of the "keying material".

  6. Symmetrical Key Cryptography Same key used for decrypting and encrypting Key is a "shared secret" (oxymoron?) Algorithms are very fast even on small CPUs Key exchange is notoriously difficult Key lengths of 64 bits or less can be broken by brute force (trying all possible combinations) Key lengths of 128 bits can not be broken by brute force (reference: Heat Death of Universe)

  7. Symmetrical Key Algorithms DES - 56 bit keys – Obsolete and Deprecated 3-DES - 112 / 168 bit keys - Generally secure but dated Blowfish - Nice algorithm from Bruce Schneier Twofish - AES Candidate from Bruce Schneier RC4/ARC4 - Stream Cypher from RSA Rijndahl / AES - Strong DES Replacement ROT-13 - Adobe E-Book Encryption /;-(

  8. Public Key Cryptography Also known as Public/Private Key Cryptography Uses a pair of keys, one of which is kept private Easy to derive the public key from the private key Hard to derive the private key from the public key Tends to be very slow Long complex "trap door" math algorithms Depends on very hard to solve problems such as factoring very large numbers or logarithms

  9. Public Key Algorithms Knapsack Problem (broken) RSA (prime factorization) Eliptic Curves Diffie Hellman Problem (general crypto problem) ElGamal (logarithms and the D-H problem) DSA / Digital Signature Algorithm Signatures Only (sort of)

  10. Cryptography in Communications Encrypted Transports - Virtual Private Networks Encrypted Application Protocols - SSL/TLS Short session key lifetimes Interactive key exchanges Public Key Cryptography in authentication Public Key Cryptography in session setups Symmetrical Key Cryptography in data transport

  11. Cryptography in E-Mail Long session (message) key lifetimes Non-interactive session key setups PGP Public Key Cryptography for identification and session keys encryption RSA or DSA algorithms in PK S/MIME Public Key Cryptography like PGP Uses X.509 certificates like SSL/TLS

  12. Cryptography in Storage Encryption keys have a very long lifetime No key exchanges Mostly symmetrical cryptography (notable exceptions) Encryption of persistent objects Files Directories File systems Partitions / Drives Backups

  13. Encrypting Individual Files Fine granularity Convenient to back up Inconvenient interfacing Need transparent encryption desktop? Can identify “high profile” files Information leakage from file names and sizes PGP symmetrical/conventional encryption (-c) Threat model – Attacks against live running systems

  14. Encrypting Directories CFS / TCFS encrypt entire directories CFS – NFS like user space cryptographic file system from Matt Blaze TCFS – CFS file system with Linux specific modules and optimizations Convenient encrypted backups Some (reduced) leakage of information from file sizes Directory names and file names encrypted as well CFS Available from Fedora Core “extras” Threat model – attacks against live running systems

  15. Encrypting Home Directories Unlock individual home directories when logged in Requires patches and system modifications Used with various other crypto systems (such as CFS) Protects files when user is not logged in Some lack of granularity Reasonable ease of backups Complicates sharing files Threat model – attacks against user data when user is off-line

  16. Encrypting Filesystems Encryption of directories on a grand (filesystem) scale Less granularity All data available when file system is mounted Reasonable ease of backup – files still look like files Threat model – attacks against systems with unmounted file systems or removable file systems or unpowered systems

  17. Encrypting Partitions or Drives Encrypting partitions or whole drives on the device level Poor granularity Difficult to backup Entire device (even unuses disk space) Decrypt and backup Good performance Good transparency Threat model – attacks against drives and unpowered systems

  18. Threats The Wiley Hacker against live systems Lost or Stolen Hard Drives Stolen Machines The Lost Tapes Confiscated Systems Returning Devices

  19. Losses Loss of system Cost of replacing system Down time from loss Data Destruction Cost of replacing data You did have backups? Compromised Confidentiality You can’t get it back Notify the victims

  20. Lost or Stolen Computer Systems Laptops or Full Systems may be stolen or lost Personal Data Stolen in Las Vegas DMV Breakin Burglars made off with a computer containing info on 9000 people 'Highly classified' State Department computer missing “Department officials don't know whether the computer was stolen or simply misplaced”

  21. Stolen / Missing Hard Drives Investors Group says customer information on missing hard drive Up to 750,000 customer files may have been on the missing drive Drive was later recovered. It had been stolen. Can’t assume it was just lost A computer hard drive missing from the University of Northern Colorado contained personal information about thousands of employees and their families. The missing equipment includes the names, birth dates, Social Security and bank account numbers and other information about employees' beneficiaries as well as about 15,790 current and former workers. The total could be more than 30,000 people.

  22. Lost Backup Tapes Info on 3.9M Citigroup customers lost UPS lost the tapes while shipping Bank of America lost tapes contining 1.2 million accounts Time Warner lost 40 backup tapes Information on 600,000 current and former employees were lost in transit to a storage facility. Ameritrade Holding Corp. in Omaha lost a data tape with the names of 200,000 clients.

  23. Confiscated Systems On April 19, 2005 Chip Salzenburg notifies his employer about possible ethics violations over web scraping. On April 21, 2005 CEO of company files a police complaint against Chip resulting in search warrants and confiscation of all his equipment. Company is granted access to all contents of his computers Computers still remain in the hands of company analysts even though criminal investigation was dropped.

  24. Erasing / Returning Drives Recent ALE discussion (frequent topic of discussion) How do I erase my hard drive? Overwrite 7 times? More? Utilities such as shred? Bulk Demagnetize? Crush and Destroy? If it was encrypted, you could overwrite once and be done

  25. Encrypting a Hard Drive Objective: Encrypt all or some of the partitions on a hard drive Boot from alternate media No boot from a fully encrypted system Something physical you carry R/W - USB disk / pendrive / flash memory / key R/O – CD-Rom / BBC (Bootable Business Card) Catch-22 - Encrypting a running system

  26. Design Considerations - 1 Optionally Encrypt All Partitions Boot Root Swap Enter Boot Passphrase Only Once Minimize Exposure of Passphrase Two Factor – What you have and what you know... Ability to add and change passphrases

  27. Design Considerations - 2 Multiple Boot Media USB Key Hard Drive CD-Rom Different pass phrases on different media Boot consistency checking Backups Recoverability – Multiple layers of failsafe and error checking

  28. Design Considerations - 3 No patches to existing scripts packages or utilities Minimize update headaches Modified busybox handled through an additional package Scripts should handle all modifications internally Minimize number of manual operations Adds complexity to scripts Minimizes mistakes Support scripts (crypto-boot) installed in /boot/crypto/

  29. Requirements BIOS Boot from USB (or CD-Rom) 2.6 Kernel (or 2.4 with lots of backports) dm_mapper dm_crypt Lvm Udev Cryptsetup-luks (not installed by default) Modified busybox (needs different feature set)

  30. 2.6 Kernel Many new features in the 2.6 kernel In-kernel crypto Device Mapper and dm_crypt Transport crypto – IPSec Crypto algorithms – AES, SHA1, MD5, etc... Init-Ramfs

  31. Linux Kernel HD Crypto Add on patches for 2.4 and earlier kernel and utilities Crypto-loop (Kerneli project) Ppdd Loop-AES Built into 2.6 kernels Crypto-loop (for compatibility and transition) dm_crypt None of the Cryto-loop support problems or bugs Uses the generic device mapper mechanism

  32. Initrd vs Ramfs Initrd originally based in Initial “Ramdisks” Ramdisk predetermined size and preformated Init-Ramfs based on in-core Ramfs Initrd image is a cpio image No predefined size or initial file system formating Multiple images can be specified and stacked Initialized earlier in kernel boot sequence Used for early initialization of kernel modules and in-kernel code File system is in core (no root file system)

  33. Boot Drive Options Nice handy utility device (boot and otherwise) Basic Crypto Boot Adios (or similar) USB bootable Distro DOS Boot (maintenance such as BIOS flashing) Additional File Systems (ext2/ext3) PAM_USB Encrypted File Systems Forensics Tools (Linux and Windows)

  34. Create USB Boot Key Three USB Drive Formats (USB HDD, USB FDD, USB Zip) Format under Windows (recommended) HP USB Storage Format Tool – USB HD Format (It just works) Dos files needed for Dos Boot option (Handy) Format under Linux No Dos Boot option (AFAICT – FreeDOS, maybe) Use MBR images from any of several bootable projects Repartition and format additional partitions

  35. Busybox Busybox is a multifunction utility for embedded systems Busybox from RedHat lacks several features Need Ash instead of Msh Need losetup Need fdisk Rebuild or download updated version Busybox-ash-losetup Available where scripts are available

  36. Cryptsetup Basic cryptsetup sets up parameters for dm_crypt Takes passphrases from prompt or file or pipe Only creates device mappings Various algorithms and hashes available Encryption may be converted in place for basic mapping dd if=/dev/realdev of=/dev/mapper/cryptodev bs=16M Do no interrupt or partition will be unrecoverable Can take hours on large drives

  37. Luks Linux Unified Key Setup Installs a key header at head of partition ~512K Multiple passphrases (key slots) supported Passphrases may be changed No “in place” conversion possible All data must be copied off and then back on Integrated into “cryptsetup-luks” on Fedora Core

  38. Keyblob A keyblob is a mini encrypted file system with detailed keys Using a keyblob gives us the best of all possible worlds Use Luks encryption on the keyblob Multiple passphrases May change passphrases with changing individual keys Individual basic AES keys for each partition Only requires entering the passphrase once Unencrypted keys are only exposed momentarily in cache

  39. Initialize Keyblob Script - keyinit.sh Creates a 756K Luks image, encrypts, and builds file system 256K ext2 file system Encrypted to master boot passphrase Passphrases in the Luks headers are your access control Creates a 256 byte random key for each partition Actual partition keys for encryption Can not be changed after without re-encrypting impacted drives

  40. Passphrases We no longer need “Mickey Mouse” passWORDS Use long, strong, passphrases Use multiple words Misspell one or more words Mix capitalization Convert letters or words to numbers Separate with punctuation Make it something mnemonic

  41. Initrd Script - cryptodrive-init.sh Rebuild initrd / init-ramfs image Add USB modules Add dm_mapper, dm_crypt, and aes modules Add cryptsetup Add busybox and links to utility functions Add crypto-setup.sh script and hook Update initrd in boot and crypto directories

  42. Initializing Crypto USB Drive Script – cryptodrive-init.sh (continued) Copy syslinux components to drive Copy kernel and initrd to drive Copy keyblob to drive Backup dos.bss (if dos option present) Run syslinux (if not previously installed) Add optional components manually

  43. Backup and Test Boot from either media or HD All should prompt for a passphrase Should be able to boot to “busybox” prompt Should be able to continue boot to unencrypted run mode BACK UP ALL DATA BEFORE ENCRYPTING A PARTITION Encrypt a few non-critical partitions first Do not encrypt boot until multiple boot keys have been built and tested! You have been warned!

  44. Encrypting the Partitions Boot from USB or main HD Boot to “busybox” No drives are encrypted (yet) “encrypt-drives.sh [partitions]” Encrypting boot prevents booting from Hard Drive Additional USB key partitions may be encrypted as well SWAP is a special case

  45. Encrypting SWAP Encrypting SWAP first time Uses the static partition key from keyblob Allows for software suspend to swap Re-encrypting encrypted SWAP Double encryption is a “Magic cookie” SWAP now encrypted to a random key Each boot results in a new key No software suspend to swap possible

  46. Boot of Last Resort Recovery using an out-of-date backup boot key No matching kernel in root BoLR (Boot of Last Resort) Boot to busybox Decrypt ONLY the boot partition Copy MBR from boot partition to drive MBR Reboot to Hard Drive May still need to decrypt all if crypto is missing from boot

  47. Updating Ongoing updates and maintenance Yum updates operate on encrypted systems Each kernel update requires update to keys Rerun cryptodrive-init.sh for each key ASAP First time updates initrd on hard drive plus USB drive/key Subsequent updates copy files to the USB drive/key System upgrades from boot install media require decrypting

  48. CD-Rom Boot Crypto-boot works with CDs equally well Building CD boot images is currently a semi-manual process CD uses isolinux instead of syslinux Allows for chainloading Avoids problems with “boot image” and floppy sizes Most modern BIOS will handle no-emulation boot (isolinux) Dos support handled with MEMDISK and a Dos boot image (up to you)

  49. ToDo LVM support (should work but make need tweaking) XEN (testing – will need mods to update XEN initrds) Expanded drive and file system support (raid, reiserfs, etc) Get rid of RedHat nash entirely (shrink initrd) BoLR integration Multiple overwrites when encrypting Forensic packages (WOLF) Integration with other bootable crypto projects

  50. Conclusion Linux 2.6 makes encryption easier than before. Communications, E-Mail, files, and drives may be encrypted. Multiple layers of encryption may be used to address multiple threat models. It is now practical to encrypt entire hard drives. Do you need to do this or really want to do this? You need to understand your problem to know if this is a solution to it...

More Related