Slashdot Mirror

← Back to Stories (view on slashdot.org)

Basics of Cryptographic Filesystems

Posted by michael on from the don't-forget-the-password dept.

mix_master_mike writes "Found a good article over at security focus: cryptographic filesystems: design and implementation. Nice piece on this level of security that isn't being used very effectively in the industry."

3 of 24 comments (clear)

  1. encrypted swap space by TheSHAD0W · · Score: 5, Interesting

    I know I'm going off on a tangent, but I think it's relevant... One of the big problems with PC security is swap space. Unencrypted data often finds its way onto the disk when memory space is swapped out. The simplest solution would be to just load the system up with a huge amount of RAM and disable swapping entirely, but that can get expensive.

    Are there any crypto schemes designed specifically for use on swap files and volumes? They'd need to be blazingly fast so as not to slow the machine down, but would also have to be strong enough to protect anything that gets dumped to the drive. Maybe a big (2 meg plus) hash table generated randomly on boot, with a few extra operations to keep block comparisons from working?

  2. encrypted swap space - question by BortQ · · Score: 2, Interesting

    Wouldn't any OS disallow random programs from accessing the swap files? And when the OS is shut down all the swap files get destroyed.

    So then the OS is the only thing that can get to the swap space, where is the security issue? If you're running a hostile OS then you're pretty much fucked anyways.

    But I'm no swapspert, so please explain if I'm being stooopid.

    --

    A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
    1. Re:encrypted swap space - question by ComputerSlicer23 · · Score: 3, Interesting
      Pulling the plug on a machine, makes it really hard to get the bits off the disk. Destroying a filesystem takes a really long time ( I mean making it unreadable to a determined person who has access to the drive).

      The point of encrypting a drive is so that if the drive mechanism itself is stolen your safe. There is some saftey in having data encrypted on a life filesystem, but the saftey of the files is limited unless you encrypt each file/directory/partition with a different key. If they all use the same key, I'll just compromise the OS and read it if the filesystem is mounted. Otherwise, I just compromise the OS and wait around for you to access the encrypted filesystem, and steal it after you put the key in.

      Encrypting the filesystem is also handy for drive disposal. If you always write to the encrypted drive, then you can just give the drive to anyone you want and they can't get any data off it. Which means that hospitals or other places with sensitive could feel a lot safer that medical data isn't being given away every time they auction old computers off, or everytime a laptop gets lost.

      Swap has a lot of stuff on it. Lets say I know that your using ssh-agent, this stores the decrypted private keys in memory so it's never written on the disk (the private key is normally stored encrypted via a password on disk). So if I pull the plug on the computer, it was in RAM so it's gone now I have to know your password. However, if I can load up enough stuff into memory to force that to be written to swap, now if I pull the plug, I just steal the swap disk (or boot into single user mode and copy the swap partition). Granted this is predicated on me having physical access to the machine, but if swap isn't secured, I've got a legitimate attack on your machine to get me enough information that I can be you, and all I had was a regular user account (or access to an open console), and physical access.

      Kirby