Home

Encrypted File Systems

Issue 51

From Issue #51
July 1998

Jul 01, 1998  By Bear Giles
 in
Here's a good way to protect your files. Mr. Giles explains how to encrypt your entire file system rather than individual files.
Encrypted File Systems: Ready, Set, Go!

Find a couple of blank floppies on which to test an encrypted file system. Then, create an encrypted file system using DES encryption:

# dd if=/dev/urandom of=/dev/fd0 bs=1k count=1440
# losetup -e des /dev/loop0 /dev/fd0
Pass phrase: des test
# mke2fs /dev/loop0
# losetup -d /dev/loop0

A couple of notes about this example:

  • The first command initializes the floppy disk with random data. Initializing the disk to zeroed data reduces a blank disk to a “known plaintext” cryptology problem—not a good idea.

  • The second command specifies that we want a loopback device to cover the floppy device driver with a DES encryption layer. We could replace /dev/fd0 with the name of a file. The pass phrase is not echoed. Also, the pass phrase can be 120 characters long—and should definitely be more than 8 characters!

  • The third command is the normal mkfs(1) utility.

  • The fourth command releases the loopback device.

We also want to create an encrypted file system using IDEA; the same idea, only replace des with idea.

Finally, create one more pair of disks which use different passwords. (If you want to be unusually perverse, use your previous IDEA test pass phrase on your second DES test disk and vice versa.)

Now we're ready to mount these disks. First, try to mount the floppies using a standard mount command:

# mount /dev/fd0 /mnt -text2

These commands should fail with “can't find an EXT2 file system.” Now try mounting each floppy again: 

# mount /dev/fd0 /mnt -text2,loop,encryption=idea
# mount /dev/fd0 /mnt -text2,loop,encryption=des
In each case you should be prompted for a pass phrase. Needless to say, you should not be able to mount the DES encrypted disk when specifying IDEA encryption, and vice versa. Likewise, you should not be able to mount the DES encrypted disk 1 with the second password or vice versa, and you should be able to mount the file system when you specify the correct encryption format and password.

This is another area where gremlins have appeared on my system. Once IDEA encryption worked fine but /dev/urandom failed; in another case, /dev/urandom worked but IDEA encryption produced kernel warnings on every even sector.

Now a few more tests. Edit the /etc/fstab file to add these entries:

/dev/fd0 /mnt/des  ext2
        defaults,noauto,loop,encryption=des  0 0
/dev/fd0 /mnt/idea ext2
        defaults,noauto,loop,encryption=idea 0 0

Try to mount your test disks on /mnt/des and /mnt/idea. Once again you should be prompted for a pass phrase and will be successful only when encryption algorithm and pass phrases match.

Finally, reboot your system and repeat these tests. If possible, install the modified kernel on a second system and verify that you can exchange media between the systems. Such is life on the bleeding edge of technology.

Applications

Now that we have encrypted file systems, what can we do?

  • We can add strong encryption to programs which don't support them natively, and we keep their files on an encrypted file system.

  • We can add strong encryption to distributed media. Some people already build ISO-9660 images in a file via a loopback device; producing an encrypted image would be trivial.

  • CD-ROM-based back-up protocols become more attractive. Outdated back-up discs can be discarded without fear of a dumpster diver gaining access to crucial information.

  • We can improve system security. Programs such as Tripwire, which record cryptographic signatures of key files, traditionally require read-only media to prevent attackers from modifying the reference information. It is still conceivable that an inside attacker could replace this critical disk. Now, we can easily keep this crucial information in an encrypted form, making a spoofed disk much harder to produce.

  • We can add a measure of strong encryption to entire systems which don't support them natively. Encrypted file systems should be exportable via NFS or SMB—packet sniffers remain a problem but the disk would be protected.

Long-Term Applications

Even taking a cursory glance at the trends of security software, one notices recurring themes. Encrypted file systems protect the data on disks. SSH (Secure Shell) encrypts and authenticates communications. Secure-RPC (remote procedure call) encrypts interprocess communications. RPM authenticates software upgrades.

Is there any question that encryption and authentication routines belong in the kernel? Encryption keys could be stored with each device and process, and with negotiations for unique session keys automatically mediated between any process within and without the system that desired it. There would not be needless duplication of identical routines, or worries about export restrictions since these issues would have already been addressed. If necessary the encryption routines could be localized to a loadable module, although that raises certain security issues.

The downside is anyone with root access can grab the encryption keys from the system tables; however, once root is compromised all bets are off anyway. On the other hand, supplying strong encryption and authentication services in the kernel should reduce the risk of root becoming compromised. Also, DH key negotiation means that my keys aren't compromised even if I'm talking to someone who is compromised.

Bear Giles bear@coyotesong.com, of Coyote Song LLC, is a UNIX Consultant with almost 15 years of experience. He has used Linux at home since pre-0.99 days.

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions