22C3: COMPLETE Hard Disk Encryption with FreeBSD

actually freebsd and those who have taken a look at the schedule probably know that tomorrow theirselves a talk on disk encryption but in contracts that i’m not going to talk about legal issues or am given overview over what’s available tools operating systems or whatever the goal here work and the focus obviously is uncomplete disk encryption so I’m just to get a picture of the audience who is using a PSD operating system in here and who has experience with unix in general so you guys all use linux right well there’s a few difference between PSD and linux and probably a little bit elaborate on that before I chop all into the gory details of the implementation I would like to give a bit of background and motivation valve it would like to do this so am i would like to start with the most basic question basically why would we like to use in storage encryption now instead of asking rhetorical questions here I would like to make my point by am using some quotes of news articles I’ve collected all the time you can read them for yourself should I read them out that’s better okay well I’m sure you will find scary ones on the net but just give you a picture so I’m not interesting about this news well what they have in common is basically it doesn’t really matter whether the firewall was properly configured they had an antivirus software whether they use the Redmond operating system or not basically it doesn’t matter because the attacker had physical access to the medium in that case the heart is to tape or whatever so how do we solve this well it’s basically easy we just encrypt the data in storage while this old heart is not in transmission well there’s basically two ways to do that one is file based encryption and one is partition based encryption file based encryption as the name implies you can decide for each file individually whether you want to encrypt it or not and how and tools of this I’m sure you know PGP or clue peachy encrypt this maybe you know it maybe we don’t well I advantages of file based encryption well basically you can save CPU time on the stuff that you think is not really necessary the effort if you have a six hundred megabytes freebsd image well you can discuss whether it’s worth it creeping it or not there is also the advantage of having different keys for different files although reality souls show somewhat the opposite behavior and drawbacks metadata is not encrypted means stuff like filename size ownership and all this stuff that’s encrypted in the file system and its torrent file system is not encrypted we file based encryption file based encryption so if you’re being investigated on someone finds a file extortion letter on your hard disk then maybe it doesn’t really matter what storing the value in if it’s a corrupted file name already tails a lot and there’s also something that I call the leakage risk so what is it well the story goes as follows you know that it’s a risk to store your files not encrypted so what you do is use either file based

encryption or petition based encryption let’s assume that you encrypt the whole portation I’m coming to that later just let’s assume you have an encrypted petition you put all your stuff on there well you might think it’s safe because it’s encrypted but the problems basically start when you open a file for example takes document with well quite complex application such as open office the problem is a lot of these applications disord temporary data so you might have a temporary copying the temp directory of the actual file that’s a corrupted but the problem is if you don’t have to temp directory encrypt it then even if the file itself is encrypted on the portation it leaks to the unencrypted temp directory so even if the file is deleted afterwards it still resides physically on the medium until it’s over written that’s the problem and also this rotation which is by default not encrypted represents a risk because well you probably would be surprised how much interesting stuff you can find on there well the leakage risk to summarize it your encrypted data is leaked to an unencrypted part of the medium if for example the temp directory the water temp is on an unencrypted part of deportation and an application stores the temporary cope in there then well it’s a problem so implications file based encryption it becomes basically useless so I’m using PGP York New gpg to encrypt yourself with it doesn’t really am give you a lot of advantage because a lot of the stuff just leaks to an unencrypted part of the medium well there is not ready to it file a petition based encryption where you basically take a whole partition encrypted an advantage there is that the metadata such as file names eyes and stuff like that is encrypted and all of the data you put there is also encrypted by default so we don’t have to select for each file encrypt this leaf data encrypted encrypt this and basically it reduces a lot of the leakage risk but the problem is the leakage risk is still existent the main problem basically is what does actually go on to the encrypted partition letters not it’s not so easy to tell but we have far more serious problem than the leakage risk because so far we have assumed that the applications and the operator operating system itself are stored unencrypted on the hard disk I mean it doesn’t make any sense to store the operating system and the applications encrypted but the data not so let’s go on well i’m not saying complete disk encryption should be used by everybody here because there’s a lot of trade-offs and what you have to ask yourself is how secure do you consider your date and program code to from off unauthorized access to be in for example a hotel room your office you’re parked car how many people in here feel comfortable with leaving their laptop in their hotel room well her hat well the conclusion basically is unless you keep a notebook inside at all times you don’t really have a guarantee that someone hasn’t compromised added to appear operating system or some critical applications and so on well what is the solution we encrypt the operating system and the applications as well but there’s the next problem if you encrypt everything and I mean everything candle boot code and the whole stuff then we have a problem because today’s computers the can’t boot encrypted code you can’t have an encrypted MBR partition table and so on it doesn’t work so I’m to sum it up we have to load the operating system from an unencrypted medium but we can’t do it from the hard disk because it is too risky I mean you can’t remove the hard disk each time from the laptop

you want to leave it in a place so I’m what we’re going to do is basically because we have to store the operating system at least core parts such as food cotton Colonel on an unencrypted medium is that we use a medium that you carry with ourselves at all times so the best solution is basically to use a USB memory stick because they are really small and light and they also have a lot of space at least for what we need it for and also their rewrite will many times and the operating system recognizes them as a hard disk basically you can use alternative media such as c d—rom for example these small 8 centimeter disks there are bits harder to carry around but they work you don’t need readwrite access for operation of course you have to most the medium but if you use it you just have to read it out so I’m actually implementation what do you need well you need a bootable and a removable meeting this very important movable because you have to remove it from the laptop and carried with you at all times and of course that we bootable because the operating system is going to be booted from their minimum size well that’s really not a lot about five megabytes should do it but really that’s the absolute minimum if you want more kernel modules and stuff like that I’m going to elaborate on that later then about 20 to 25 megabytes should do it and as the title says the whole thing is going to be based on freebsd you probably can do it on other operating systems but here I’m going to focus on freebsd so what you need is a freebsd five or six you can’t do it before because and functionality is not there also what’s need this you already need running freebsd system 5x or later and freebsd installation discs they have a so-called fix it live file system under which you can boot from CD and basically you get whole freebsd system running without even having to install anything if you want the graphical environment you can take a look at frisbee that’s really you can put it from CD and you have complete graphical environment with basically everything you need and of course and the Machine notebook or whatever has to be capable of booting from the medium here and if you use a USB memory stick it might be a problem for all the machines but bootable CD ROMs should probably work on most machines so I’m those who are not so familiar freebsd just an overview of the namespace we have the device notes in / tail you probably that’s not something new and ATA hard disks Sadie sketchy hard disks ta and so on if you need more information please take a look at main pages in section for such as da for and if you want to get an overview over to device it the colonel has recognized you can take a look at this file here yeah well in freebsd and the ODSTs as well there’s difference to linux because what we call a portation in pc terminology is actually called a slice in freebsd and the so-called slice can be further partitioned inside so what in pc terminology might be the primary portation is a slice in freebsd and this primary partition can further be partitioned into em for example both partitions of operation and other partitions so you can have the swap petition to boot partition and up to another seven in total sound petitions inside a slice if you take for example an 88 is that’s 80 and starts of 0 then you have first partition in pc terminologies the slice as one and then you have to boot partition which is an agreed on the letter A so application is P and so on so da 1s 3b is the second sketchy disk on which we have the first slice and B is to swap rotation if

you’re not familiar if that please really stuff carefully before you start typing in stuff otherwise you will erase the wrong hard disk delete slice which is not supposed to be deleted and so on so if not familiar freebsd please check this out carefully let’s just know you and also usual disclaimer please back up all the date before you start so i don’t want to be responsible for any damages I mean the whole point is that we erase the entire heart is can set it up new well the assumptions I will assume that you have an 80 a disc in your hard disk that’s going to be a d0 and the removable USB medium that attaches what USB bus is at umass the USB mass storage medium and freebsd treats like sketchy hard disk that’s da 0 so you have a d 0 d a zero so please check twice before you hit Enter and you also have to adjust them if for example use the second ATA tsk which is going to be a d1 don’t type HDC 2 front 81 okay and before we start and the whole thing is basically pointless if you just erase your files on there set up the encrypted disk and then the encrypted data basically I’m stored while the unencrypted data still accessible on the second level of the disk so what we have to do is basically we have to clean the entire hard disk you can do this in two ways either you can override the whole hard disk with zero values or with entropy well 0 well it’s always the fastest but the problem is if you write 0 values over the whole hard disk then it’s immediately clear which parts of the disks or data which ones are unused some people who look for potential clues about the keys might exploit this fact but in most case it’s probably not much risk so you have to evaluate do I want more security or is the Machine really too slow to generate so much entropy if you want entropy then use device random so if you want to do complete description you have basically two toasted freebsd one is cheap DG embraced disk encryption and yoda one is scaling cheap d was released in five dot zero and kayla in 60 and there is a lot of interesting basically improvements in gayley because you have different cipher say yes Blowfish Triple DES you also have a variable key length I think the maximum is 256 bits in GV you only have a yes one eatin 128 bit and basically the most important difference between DVD and chilies that chhaliya last kernel to mount and encrypted root portation gbd doesn’t it does not allow to do this so we have to take a detour to make the whole thing work but explaining this will also show you some interesting aspects in the booting process and how this stuff can be solved so I don’t know whether we have enough time to discuss both but I will start with cheap d the solution one is to have an unencrypted root filesystem please note that this is not this doesn’t stay in contrary to complete description because the root file system does not have to be on the hard disk now the solution if having an unencrypted root file system works if both GV and chili but i’m going to take cheap deals an example here so we can discuss and the second solution which only applies to jelly and this way you have no uofl over both tools well gpd it’s available available since five dot 0 and 3 p.s divas and 5x branch hostess and declared stable since 25 to 3 release so please use the latest release because I’m five dot zero through five dot two are not really stable their development releases decipher is 128 bit a yes and a very important features basically that GBD

does not care what file system you put on there so you can have basically ms-dos FS you can have standard UNIX file system or what everyone obviously we’re going to use the UNIX file system free beast is default here and the passphrase that sounds very important if you change the pass phrase you don’t have to setup complete fing you you just change the pass phrase and you go on and a lot of file system crypto solutions they really require you if you want to change the pass phrase you have to basically wipe out the whole portation set it up new ones well it’s not really feasible to do that more information you can find in the man pages please read them carefully if you really want to do some stuff that’s not discussed here well now we can start GD in it you have to initialize the hottest first before you can use the whole thing here you specify the device ad0 that’s our hard disk and there is the l parameter and it’s used for the so-called log file i’ll discuss this in short then you enter the passphrase and confirm it not a log file it’s very important that you store this in a safe place because if it’s not available later date is lost so the log file what is it it’s 16 bytes of data and it’s required to get access to the master key and the log file is not the key it’s just it’s just that you need to get access to the master key which is then used to encrypt and decrypt our data well basically GD does not force it to use a log file instead if you don’t specify the l parameter chief deal just stories sixteen bytes in the first sector of the medium but this way you would only you you would also need a passphrase to get access to the data well since we need removable device anyway we can store the log file on the removable medium and this way we need to use a log file and the passphrase to get access to the data which is commonly refer to as two-factor authentication so if you boot machine up you insert a remove medium or attach it gpd will read out the log file data own to remove blue medium and you have to enter the passphrase if the passphrase is not available or the log files not available you don’t get access to the data even if you know the passphrase so let’s sum up in order to get access to the plaintext you need obviously they corrupted data itself the passphrase and the log file if the log file is lost even if it’s destroyed or lost or whatever then even if you know the passphrase you won’t get exited data the whole design of TVD is quite complex and if you really want to get a detailed detailed perspective of the whole thing then I suggest you read poland in Kem’s paper gin-based disk encryption which really goes into a lot of details now after you initialize the whole thing we can basically do what’s known as attaching you have to each time you want to get access to the decrypted data you have to attach it GD attached then you specify the device for this is an L here not night and again the path of the log file then you enter the passphrase and now what happens here is really interesting because it’s an example of good software design in my opinion what happens is if you enter the correct path phrase and you specify the correct log file then cheap d will create a second device note the original device note ad0 still exists and if you access it with you will actually see what’s on the hard disk which is the ciphertext encrypted data and the device note ad 0 dot bde is created by Gd and it’s basically an absolutely device that gives access to the plaintext and you can treat this device note like the original ad 0 so you can format it portation aids whatever now a warning

after you have attached the device Nodin you have to doubt be the device note then you have access to the Playtex it doesn’t matter whether it’s already mounted or not and you have access to the plain text as soon as you’ve attached the device and it remains this way until you either shut the system down or you explicitly detach it so in the time between attaching and detaching the device there is no additional protection by DVD because you have access to the plaintext and key material is available so please keep this in mind it doesn’t matter whether the encrypt petition is mounted or not as soon as it’s attached you have access to the plaintext now I’m slicing and partitioning usually freebsd uses notice view says install for that unfortunately citizens tel is quite old and isn’t really able to handle the speedy e device notes correctly so what we have to do is we have to manually use the tools in order to petition its last disc we can’t use this install now since this is complete description and we assume that only free PSD will be used on the hard disk we can basically escape slicing which in pc terminology is used as partitioning and start them using free FPS deportations on the hard disks so use PST label and w rights first standard level on it and with you can edit it and please notice this is a d0 thought PDE don’t use device ad 0 because that’s the ciphertext and if you do that you overwrite and the initialized artist and you have to start new if you enter the e parameter with PSD label then you get an editor and basically you have to specify now and deportations it’s the boot partition PSD swap and so on you just them well you have to consider what’s useful for you the second and first columns are thousand offset that’s in sectors then FS type you can use either for the two PSD and for all partitions that users standard you a fast file system and the swap petition uses just swap US FS type and stuff here you can just leave the default values are ok that’s example of a 100 megabyte disks to keep numbers debate down you have a boot partition as well portation and you have notational portation d and the sea partition is the whole disk please don’t edit anything on the sea portation now what’s really interesting is I’m device name we already know access to the plaintext state that is a t0 thought pde now the boot partition on the encrypted hard disks is now a d0 thought pde a the swap rotation speed and so on in the top part is basically if you first and croak the hard disks and then you partition it you can also do it the way around you can first partition the hard disk and then you basically would have to encrypt each partition individually and in that case and the names of the device notes they change if you first partition and Daniel crib then you have a d0 a dot B de so you have to encrypt each partition individually what we are going to do is we first a the hard disk and teleportation it well the funny thing basically about is that you can also use multiple operating system on the same hard disk you just have to use one slice for each operating system you can have on one slice you can have free PSD on second class you can have linux and the slice where freebsd resides is basically you can encrypt the whole thing so even if you three nukes and you get routed the partition on which free PSD resides is still completely encrypted so the attacker won’t be able to modify the

data to anything useful this is but this is a bit out of the scope of this lecture so I’m going to really focus on complete description very encrypt the whole art disk now we’ve encrypted the hard disk and we have portation date so we have to device notes what we have to do now is we have to create file systems so new file system device ID 0 dot pde a boot partition to swap obviously it doesn’t need system d and so on for each partition you must create file system now the actual installation of freebsd usually would we would use again says install but seasons silicon and well gives us the finger and says you can’t do that the reason for that is that the PT devices those are not listed by sitting style so you can’t even select them so what this means is we have to the virus distributions that make up the freebsd installation we have to manually install them does do some post installation is issues such as them time stone keyboard web and stuff like that we have to set up manually while installing it yeah well after going to see it’s not that much work but I agree it should be done a lot easier the problem is this install is a quite agent tool in freebsd probably one of the oldest and its really am well I’m told that it requires a lot of changes to make it work and there is awesome stuff that people want to integrate and which just puts a lot of a lot of work to developers and seasoned cells really not up to the task there is now a project that that people work on a completely new installer for freebsd so maybe there is some hope but it’s not that much work yeah well if you is there another question a backup but you mean just copy an existing system on the portation well you can do that well just let me go on it’s not that much work to and install the system well if you used to fit to fix it live file system I assume you have distribution of freebsd mounted on taste and the encrypted and encrypted boot partition and fixed so the way that the freebsd installation disks are laid out in the file system is you have a director in the root of the cd-rom which is named after the release for example five dot for release and six dot 0 beta and so on and in there you have directors which are named after two distributions such as space man pages games and so on what you really need is space you have to install that distribution actually I’m tinsel scripts in inside these distributions the early am programmed smarter so all you have to do is you have to export an environment variable which is called taste here and you have to set it to the location where you have mounted the encrypted boot partition which is in our case device Atzerodt PDEA which is marked on fake so we just type in this one change into the directory and base is the distribution we need which is mandatory and then you execute install SH and this basically installs used to hold all files that are necessary for running a freebsd system if needed ish additional and distribution such as man pages and so on just replace them base directory with man pages games or whatever and reacts acute you install script it’s not that much work I agree

it could be done a lot easier but we just have to lift that for now so after you’ve installed distributions you want to install you basically have well a fully functional system on the encrypted hard disk and the boot partition and to boot this rotation is also set up but the problem is now since everything is encrypted we can’t boot from the hard disk which is what I mentioned at the beginning so we have to basically set up to remove blue medium now which is the USB memory stick or if you want the cd-rom image or whatever now I’m the removable medium since this one is not going to encrypt you can you say since tell for that so just use fdisk and the devices device da 0 so please again no difference sighs about eight make bad should do it if you want all kernel modules use 25 megabytes or more but them with current memory sticks it shouldn’t really be a problem if I am now I’m on the removable medium we do not need a swap petition because we’re going to use the one on the encrypted hard disk I’m going to assume that the file system on the removal medium is now mounted on removable so if you around the whole season sale process you’ll create the slice partitions and create the file system so in order to boot from the removable medium we basically have to just copy on the boot directly from the other at install system on fixed hard disk total removable medium so copy and the whole thing fix this now the hard disk the encrypted put to an remove the medium now I’m the kernel modules Linux also has kernel modules so I assume you’re already familiar with that and on freebsd it works as follows you have basically executable which is called the loader you have an if you switch on the computer and the by OS will read out the most Boot Record on the hard disk then depending on which slice or partition pc terminology you select then if you select the freebsd slice then the boot code will will read out disk label this label will read out the loader until Audrey finally give control to the colonel so am the loader executable will first read out the file bootloader cones which lists the kernel mode modules which have to be loaded when the colonel is loaded the problem is if you use TD you can’t load and you can’t load kernel module of you’ve executed DVD there is a kernel module for tivity and also a useful and utility but you have two loads and kernel module before you execute and use the lander tility so you have to just an add an entry for GD load into boot loader cons now I’m the modules which you don’t need and you can delete them if space is a problem one cool thing about freebsd booting processes that you basically can gzip everything you can even choose if the colonel and all the modules and it will still work the problem is not so much on the space but the loading time if you boot from a USB removable medium length even if you have USB 2 and the protocol here and that by OS peaks is just USB one and the loading times really am a bit slow so it’s important to really compress them the whole boot code as much as you can and one important thing is please do not mix and different versions on the removable medium and the fixed hard disk so if you put five dot for Colonel from the removal medium please don’t load m620 modules from the hard disks or vice versa whatever you will get into problems now I’m GD has a problem and that’s it cannot it doesn’t allow the colonel to

mouth encrypted partitions route partitions so the way it works is if you want to attach an encrypted partition you have to run the cheap d userland utility but well the problem if you run a useful and utility then first in it has to be called first process and in it is created by the colonel but the problem is the root file system is mounted by the kernel before in it is created so we have typical and boot process problem so the only conclusion basically we can make is that we cannot use an encrypted root filesystem if you use DVD now the solution well we create memory disk and this memory disk we can use as the as the root filesystem and on this memory disk we basically put all the stuff that’s necessary to run the GBD userland utility intend to mount encrypt partitions in a director of the memory disk and then we load the whole staff of the encrypted hard disk so that’s basically the idea if we have to use GD well the memory disk just create an image first about 10 megabytes should do it then we need a device notices freebsd specific i guess and after you have to devise notes just an create a file system on it and then mount it I will assume that the memory disk is now mounted on mem disk / memories now what you need sins and memory disk is going to be mounted as the root filesystem you obviously need directory where we can route the encrypted boot partition so I will assume that we use the director is safe for that now you need additional data directors which surface mount points such as cd-rom very important device disk amount and et Cie now what we need on the memory disk on ET c is basically the RC script and again here comes the log file we have to copy the log file from the location wherever you started at the beginning now on to the memory disk because i’m the memory is going to be rooted as the root filesystem and we execute all the stuff on that and provide the log file to TBE and also very important please notice each time you change the pass phrase of TVD the contents of the log files of the log file changes so it’s going to be 16 bytes but the content changes so if you change the pass phrase to the encrypted hard disk or petition or whatever then you have to update the log file own memory disk otherwise you won’t have access to your data anymore now after the colonel has booted up and loader passes control to the colonel and colonel in turn and execute in it which is the first process in it in turn calls RC and important thing about RC is it’s not a binary binary executable it’s a txt script with which we can easily edit so what we do is basically we modify the RC script we add a few commands and only the stuff necessary to attach the encrypted partition mounted and then load all stuff basically RC and we’ll continue loading the whole staff of the encrypted artist since we have attached and mounted it in DRC script what we need for that is an GT binary mount of course and some other stuff well all these important tools can be found in the soap rescue directory which is part of any free PSD installation and the important thing about that is that it’s statically linked boundaries so you don’t have any dependencies and libraries if you execute cheap de binary then you only have that binary you don’t have dependencies on libraries and whatever so we can just copy on the whole rescue directory on to the memory disk but since the whole tools are just hard links we have to use tor we can’t just copy them onto the memories go to rise

we have about 470 megabytes of code all the same batteries now I’m after we’ve done that basically we have the removable medium is now bootable the loaded calls the colonel colonel calls in it in it cause RC and RC then mounts and attaches the encrypted hard disk but after that the memory disk is still the root file system itself and is always going to be until the system is shut down so what we need on the memory disk is basically symbolic links pointing from the root on memory disks told the actual directories on the encrypted hard disk so we have to just them create symbolic links to wear safety encrypted boot petition is mounted so for example we have to make sure that then the S bin directory which is now in safe espen has an entry in the root so all applications Colonel finds the files now we have to glue the whole thing together now I already mentioned that we have to modify or see yours these great features on the memory disk now you have maybe it changes with them to release but in 45 dot for release it slide 51 you have to insert the following commands as i already said we’re going to use them the executables in the rescue directory gpd attach a d0 device and then specify the log file the log file is now on the memory disk after we’ve attached the whole thing we obviously have to mount it ad0 that be DEA is the encrypted boot partition on the hard disk and the amount is unsafe which is a directory on the memory disk after that and this one is six dot zero specific I don’t know why but for some reason you have to enforce write access to the memory disk I don’t know why but it’s got to be now after that we can basically remove the EDC directory from the memory disk all that’s in dec et Cie director on the memory disk is the log violent erc script but of course you have a lot of other stuff in the et Cie directory so we just linked tetc director on the hard disk to the entry in the root directory on memory disk so what basically happens is after the colonel calls in it in it cars RC and these commands are executed and after we’re here we have the encrypted boot partition basically mounted on safe and since we have symbolic links in the root on the memory disk all these links point to the actual and directors on the encrypted disk so after am the script has executed here we can just resumed normal operation and all the rest of booting processes is loaded from the encrypted hard disk now after we’ve done that the memory disks basically we have all the stuff we need just unmounted and detach the memory disk and the image this is now the image for the memory disk you can also gzip that and save a lot of space now the memory disk image here this one is going to be on the removable medium but we have to tell the lottery executable that it has to load the memory disk therefore we have to specify an entry in bootloader confer we already had them the GPT module m FS route load yes and then all the stuff that’s necessary especially important is the type II this is not an ordinary kernel module but just maybe disk image so we have to specify that authorized colonel will probably panic or whatever now how does the whole thing work so we boot from the removal medium after an loader is executed and it will read out the contents of the bootloader file in there we told that the cheap decon remotely has to be loaded and the memory disk

image has to be loaded now now if the after the colonel has booted up and routes mounts the root filesystem then if you have the env root option compiled in then the memory disk image will automatically be marked as the root filesystem if you’ve loaded one then we execute in it RC and dozed off attached and bounced encrypt disk and we can complete the whole booting process and what we need now is I’m an entry for the swap rotation and the file et CFS step you have to do it on the hard disk note on the removal medium once we have attached encrypted hard risk we don’t have to access to remove to meet him again you can even remove it from computer now what if basically now is a running freebsd system all you have to do is adjust some stuff such as root password time stone and so on the reason for this is that we haven’t done the installation if says install so we have to manually justice after that you can basically I’d patch packages such as the x server and whatever you want now I’m the second solution is with kaylee but I don’t think we have time to do it if you understand the first solution it’s basically a lot easier to to also understand this because I’m cheap the approach is a lot more complicated just like to focus now on some on some implications which are were important so now you’ve got the system complete disk encryption you feel completely safe right well not exactly I want to really tell you and what’s protecting what is not so how does the whole thing work well I already told you attach the remove medium we boot from it and we used to remove the medium because we cannot trust the unencrypted boot code on the hard disk we have to boot unencrypted code but for that reason we have to put it on a medium which you can carry on ourselves at all times so after you booted from then remove the medium amount encrypt hard disk and the hard disk is encrypted because I’m we do not want to look after the whole thing all the time so basically after you booted from the removable medium you have to really detach it and back in your pocket because um the whole gold is unencrypted on the boot medium and if someone manages to compromise their back where we started so the problem hasn’t really been solved so it’s really important that you look after the removal medium because the code on there is not encrypted you have to curdle and a lot of other critical code on there that if it gets compromised we’re back where we started yeah now for your own safety this is very important and again you need to pass phrase and the log found or is it data to get access so if you are afraid that um forget to pass phrase it’s very important that you choose a strong one but if you are afraid that you forget it then please write it down it’s better to write it down tend to not have X to date anymore but please notice that you keep it apart from remove the medium and the Machine detail itself so please lock it in a safe place and also the log file if it’s destroyed or lost or whatever you don’t have access to date anymore so if that’s it’s a risk so you should make a copy of the file but you shouldn’t put it anywhere near and machine or wherever someone has access to to it basically if someone manages to em get access to the log file all they need now is an machine they have to steal the laptop and they have to know the passphrase well the passphrase and its bit difficult to keep that secret if you have a mobile device each time you boot up the machine you have to type into passphrase and if someone manages to look over your shoulder then well it’s I’m just saying it’s very difficult to really keep the past for a secret and mobile device so the log file basically gives the additional protection because you need to access it to data so keep the log

file save so what does complete complete description not protect from well you have to hold hard disk encrypted button the problem is really and what happens without the other media if you have an external hard drive attached then you mount it into an the whole UNIX namespace and the problem is in UNIX if demand facility you can’t it’s hard to tell which made medium actually holds what a there’s a it’s very easy to forget for example that this directory might be actually an NFS share on that server that’s an encrypted with a connection that’s encrypted so it’s very easy that data still leaks actually to a different place than the encrypted hard disk so always considerate now I’m I’ve already mentioned disk as soon as a petitioner hard disk is attached it’s um vulnerable it’s and you have the whole plain text available and those means you can compromise it you don’t have to mount it it just has to be attached so as soon as it’s attached it’s vulnerable to local and remote text now as the O’s the operating system partition the boot partition must always be mounted it’s always vulnerable to compromise local and remote so as soon as you put the system up the boot partition on the encrypted hard disk is not really and does not really have any additional protection so please consider that the main protection you have is when the machine is turned off so it’s also important to consider that you can’t really am prevent data destruction by encrypting it there is no there is no to any protection from data destruction either accidental or intentional now cheaply and reality cannot protect against attacks that are aimed at hardware so if someone installs a hardware keylogger then the whole problem well you don’t have any protection and they’re not trying to address this because it’s a really difficult issue to solve so what it does protect well if the hard disk is not yet attached or already has been detached then the key is not available and the plaintext device notice are also not available so even if the system is up and running but you have an additional petition such as home for example you have it attached it and you haven’t mounted it then the plaintext device know does not exist and the data on it can’t be changed to anything useful so that’s a protection you have it’s not attached now also since the whole hard disk is encrypted you don’t have and the risk that anything might leak to an unencrypted part so we don’t have to worry about openoffice leaking your secret document to the temp directory or whatever it goes you also don’t have to worry where browser crashes are actually stored and how much state there is so and you have the whole heart is greatly encrypted and also the swap partition is now encrypted so a lot of critical data you might find it there cannot really be recovered unless you have to key the passphrase and the log file and you also cannot simply am remove the hard disks or the hard disk and read it out in a different system because you have the whole thing encrypted now you have few trade-offs performance obviously and decrypting is not a big deal but encrypting data requires quite a lot of CPU cycles so the problem we have basically is that input and output operations which were previously mainly independent in pendant lay down of the CPU or not now I’m tightly coupled to an the CPU power because each read and write operation has attitude to be decrypted or encrypted so the maximum performance may notes p.m. the extra bandwidth of the device but the power of the processor and administrative work obviously you have to em to set up the whole thing you also have to maintain it if a if you do a system upgrade you have to do a lot of steps and that were initially down you have to repeat them

and there’s also the convenience putting off for removal medium is typically slower then booted off the hard disk and you also have to type in the passphrase each time which may be a bit inconvenient but it’s a trade-off so you really have to consider is it worth it now complete description and protects against two specific attacks the oneness that you just and remove the hard disk from the system and installed in a different system and read out the contents you can’t do that anymore if the whole hard disk is encrypted the problem is another problem is if you have only one part just the data crypt it but note on the operating system and the applications you can compromise the catch that the operating system in order to leak actually the encrypted data the encryption key now if complete artistic encryption you can’t do that anymore because the operating system and the applications are now encrypted too so you don’t really have that problem anymore but really these two basic and threats they are really the only one which complete artistic encryption protects you have a lot of other issues that are not solved so keep that in mind well summing up yeah first determine whether I’m there is actually a risk to your data if you just use it at home keep it locked in a safe and use it for and checking the weather then you probably don’t need to encrypt the whole hard disk so determined according to your own situation environment whether it’s really necessary to do completed disk encryption it’s very important to determine the weakest link is the weakest link relate that and encrypt and Tecna Tech has physical access to the hard disk if the machine is still very vulnerable to network text and doesn’t make a lot of sense that encrypt the whole hard disk so if you say yes it’s a problem someone might have physical access to the machine and I don’t want to leave my data to that risk you say well complete this encryption I need to do it then be aware of the capabilities and limits of the hardware so is the machine capable of booting from USB memory stick if that’s okay then please understand the trade-offs as we discussed then implement with great care you really have to be careful because typist can well basically destroy your data view and choose and the wrong device notes oh really take your time if the implementation and then you also have to maintain the whole thing if you do a system upgrade you have to do a lot of work to really keep it up-to-date and last thing really understand what does it actually protect what does it not so I’m study these things carefully that you have discussed yeah maybe we have some time for Q&A yeah if you compare this with things like loop is or things like that you I think that the log file is a consensus symmetric cipher and you need an automatic cipher to decipher the lock the symmetric cipher that Cyprus your disk actually is it do i understand it right or is it something different I’m sorry can you repeat last sentence okay I will we asked another way normally you have a symmetric cipher mine maybe is or something and you have a key for this and this key is encrypted with another key with a symmetric cipher and the key file is stored somewhere and I understand it I know as soon understood this in the way that the log file is the symmetric cipher that is a group that Ryan as a metric cipher is it correct well then the whole TV thing is quite complex and I haven’t really got into the details of the implementation but the log file is certainly not the master key the log file as I understand it is and one part of an of the hash of the passphrase and if I’m informed correctly and the past four aces hash divan sh5 sha-512 bait cipher and then the log file is one part of that 512 bits and this is used to locate and the master key on the disk somewhere but what the

buzzer he has to be encrypted under this otherwise we would easily compromised it yeah well if you’re interested in the details of gpd and then I such as to-read pull any camps paper and I really don’t know the details of how the whole thing is programmed and organized the design of jeepneys quite complex you just have to remember that you need the log file to get access to the master key which is stored on the hard disk obviously it’s encrypted but i can tell you and details you really have to read Paul hand in camps paper for that okay we have to finish now in favor for the next workshop maybe you can just answer two questions outside you