Data Integrity & Security, & Privacy

possibledisastrousSecurity

Dec 9, 2013 (3 years and 11 months ago)

88 views

Data Integrity &
Security, & Privacy
LILUG 2008-11-11
Ilya S. (AKA dotCOMmie)
Overview

Security

Disk Encryption Theory

Discussion of software

What to encrypt

Demo

Data Integrity*

Malicious Altering

Accidental Altering

Privacy

Data destruction

OpenVPN

TOR
Disk Encryption Theory Basics

Requirements

Efficient encryption / Decryption

Random Access

& more

ECB

CBC

CTR

ESSIV

XTS

XEX
ECB (Electronic Code Book)
C
i
=E
k
(P
i
)

C
- Cipher

P
- Plaintext

E
- encryption Fn()

k
- Key

i
- Index

Weakness

Stupid

Some information is
recoverable

Example below

& more

Strengths

Simple

Random Access

CBC (Cipher Block Chaining)
C
i
= E
k
(P
i

C
i-1
)

C
- Cipher

E
- Encryption Fn

P
- Plaintext

k
- Key

i
- Index


- xor

1100

1010 = 0110

Weakness

Possible to check for
existence of known
data (Watermarking)

Change P
x
requires re-
encryption of C
>x

Show Stoppers

No random access

Strengths

Who cares
CTR
C
i
=E
k
(P
i

V
N,i
)

C
- Cipher

i
- Index / Counter

k
- Key

N
- Nonce

V
- N merged with i

EG:
  +

Weaknesses

Watermarking

Strengths

Random Access

ESSIV

Introduces special per
sector IV

Solves the
watermarking issue

Using clever active
attacks data can be
decrypted
LRW, XEX (Xor Encrypt Xor), XTS
(XEX-TCB-CTS)

Details are beyond the scope of this discussion

Used in modern disk encryption

XTS

Yields strong security guarantee as long as key is not
used for much more than 1TiB

Possibility of successful attack 1 in 8E15
Software -- Forewarning
KNOW WHAT SOFTWARE YOU ARE USING
Software -- Overview

TrueCrypt

Easy setup (windows especially)

Not in kernel

Very portable

Cryptoloop (deprecated)

Watermarking issues

dm-crypt

Easy to setup

Native Linux support (no patching necessary)

Supports LUKS

Nice frontend (cryptsetup)
TrueCrypt VS dm-crypt

How to choose:

If you dualboot, use TrueCrypt

Similarities:

Multiple encryption algorithm support (AES, Serpent,
Twofish)

Support for XTS mode

Multiple password/key support

Key USB UMS / Smartcard support

Conclusion:

They are essentially the same but I like dm-crypt
better.

Dm-crypt wins.
What to encrypt

Whole disk encryption

Do you really care if someone gets a hold of your “ls”
program?

On the flip side

Adds unnecessary complications

initrd

servers & etc

Just put them in a vault

User data

/home, /tmp

SWAP!

Sensitive System data:

/var, /tmp, /etc
Dm-crypt cookbook -- installation

Compile in or Load following modules:

Device Drivers

Multiple Device Driver Support
(CONFIG_MD)

Device Mapper Support (CONFIG_BLK_DEV_DM)

Crypt Target Support (CONFIG_DM_CRYPT)

Block Devices (Optional, for loopback file encryption)

Loopback Device Support (CONFIG_BLK_DEV_LOOP)

Cryptographic API (CONFIG_CRYPTO)

AES cipher Algorithm (CONFIG_CRYPTO_AES)

Userspace:

Aptitude install cryptsetup hashalot

Emerge sys-fs/cryptsetup

Yum -y install cryptsetup-luks
Dm-crypt cookbook

fdisk/cfdisk and make your desired partition
# shred -n 1 -v /dev/sdb1

Optional, skip if you had no sensitive data on disk
# cryptsetup –version

cryptsetup 1.0.6
# cryptsetup luksFormat /dev/sdb1


WARNING!

========

This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES

Enter LUKS passphrase: blah

Verify passphrase: blah

Command successful.
Dm-crypt cookbook
# cryptsetup luksOpen /dev/sdb1 blah

Enter LUKS passphrase: blah

key slot 0 unlocked.

Command successful.
# mkfs.xfs /dev/mapper/blah

meta-data=/dev/mapper/rootfs isize=256 agcount=4, agsize=125826 blks

= sectsz=512 attr=2

data = bsize=4096 blocks=503303, imaxpct=25

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096

log =internal log bsize=4096 blocks=2560, version=2

= sectsz=512 sunit=0 blks, lazy-count=0

realtime =none extsz=4096 blocks=0, rtextents=0
Dm-crypt cookbook

Lets test mounting
# mkdir /tmp/blah
# mount /dev/mapper/blah /tmp/blah

It works – or maybe it doesn't – but it should!

Lets undo the test mess now
# umount /tmp/blah
# cryptsetup luksClose blah
Dm-crypt

Now we are familiar with how things work

Home dir example

Simple method – mount on boot

You have to type in your partition password on boot.

Not typing password is nasty!

Annoying

Consider enabling auto-login in KDM/GDM/XDM

Pam plugin – mount on login

pam_mount

2 birds with one stone

Same password for system account + encryption
Dm-crypt Cookbook
WARNING THE REST OF DEMO MIGHT
CONTAIN DEBIANISMS
Dm-crypt home mount on boot
# cat /etc/crypttab
# <tgt name> <src device> <key file> <options>

blah /dev/sdb1 none luks,
auto
# cat /etc/fstab |grep blah
/dev/mapper/blah
/home/blah
xfs
defaults
0
0
# adduser --home /home/blah blah
Dm-crypt home mount on login
# cat /etc/crypttab
# <tgt name> <src device> <key file> <options>

blah /dev/sdb1 none luks,
no
auto
# cat /etc/fstab |grep blah
/dev/mapper/blah
/home/blah
xfs
defaults
0
0
# adduser --home /home/blah blah
In the following files:
/etc/pam.d/sshd
/etc/pam.d/login
/etc/pam.d/kdm (or gdm or xdm)
Find the line:

@include common-session
and after it insert:

@include common-pammount
Why use LUKS

Does your password look like this:
oST1\lSxt7>imUn?ycZnGwix~?
hAf/5E~BtnH&#pxH^Kwo9xjJLB$m^a&MvpO>LJi
GoQfy3-
zu+\4V>_Tk1sLRZcZ<caxbULF3pwa46uc_Y
%LwSZEq3
LUKS

Linux Unified Key
Setup

Practical implementation
of TKS1 & TKS2

Allows for:

Multiple credentials

Multiple forms of
authentication

Smart Card, USB UMS
(Flash Drive)

Credential
revocation/alteration
Demo discussion

Why use LUKS?

Dm-crypt & cryptsetup don't strictly need it

Dm-crypt + LUKS on windows & PDAs

FreeOTFE

http://www.freeotfe.org/

Cryptsetup luksDump
HD crypto – Its Perfect

.. In certain cases

.. In others:

Cold boot attack

hibernate/suspend

Binary Substitution

Whole disk encryption!

Not quite.

TPM?

SWAP

Rootkits, exploits...

LuksDump backups

$5 wrenches
Data Integrity

Your data is only as secure as your binaries

Protecting your binaries

Checksums

Debsum (debian-like)

Veriexec (netBSD)

http://www.win.tue.nl/hashclash/SoftIntCodeSign/

Md5 collisions

SHA-1 better but not perfect.. There are powerful machines out there.

SE Linux

Read only /
Data Theft

Physical vs Virtual theft

Is your valuable data:

Backed up?

RSYNC/AMANDA/....

Encrypted?

Tracking stolen laptops

Data recovery/Destruction

Installing a secure backdoor

Talk to your laptop after its stolen
Privacy

Encryption of personal data

Concealment of internet traffic

Browsers

TOR

Anonymity

OpenVPN
OpenVPN bridging VS routing.

Bridging advantages

Broadcasts traverse the VPN -- this allows software that
depends on LAN broadcasts such as Windows
NetBIOS file sharing and network neighborhood
browsing to work.

No route statements to configure

Works with any protocol that can function over ethernet,
including IPv4, IPv6, Netware IPX, AppleTalk, etc.

Relatively easy-to-configure solution for road warriors.

Bridging disadvantages

Less efficient than routing, and does not scale well.
OpenVPN bridging VS routing.

Routing advantages

Efficiency and scalability.

Allows better tuning of MTU for efficiency.

Routing disadvantages

Clients must use a WINS server (such as samba) to allow
cross-VPN network browsing to work.

Routes must be set up linking each subnet.

Software that depends on broadcasts will not "see"
machines on the other side of the VPN.

Works only with IPv4 in general, and IPv6 in cases
where tun drivers on both ends of the connection
support it explicitly.
OpenVPN example configs
Sources & more reading material:

LUKS:

http://cryptsetup.googlecode.com/svn-
history/r42/wiki/LUKS-standard/on-disk-format.pdf

http://clemens.endorphin.org/TKS1-draft.pdf

http://clemens.endorphin.org/nmihde/nmihde-letter-
os.pdf

Veriexec:

http://www.netbsd.org/docs/guide/en/chap-veriexec.html

http://www.users.on.net/~blymn/veriexec/

XTS:

http://www.cs.ucdavis.edu/
%7Erogaway/papers/offsets.pdf

OpenVPN

http://openvpn.net/index.php/documentation/faq.html