GBDE-GEOM Based Disk Encryption on FreeBSD

← Back to Stories (view on slashdot.org)

GBDE-GEOM Based Disk Encryption on FreeBSD

Posted by michael on Saturday September 27, 2003 @08:33PM from the as-long-as-men-are-capable-of-evil dept.

BSD Forums writes "The ever increasing mobility of computers has made protection of data on digital storage media an important requirement in a number of applications and situations. GBDE is a strong cryptographic facility for denying unauthorised access to data stored on a 'cold' disk for decades and longer. GBDE operates on the disk(-partition) level allowing any type of file system or database to be protected. A significant focus has been put on the practical aspects in order to make it possible to deploy GBDE in the real world. FreeBSD's Poul-Henning Kamp says in an email to freebsd-current that he has uploaded this paper and slides which he presented at BSDcon 2003, California, USA."

3 of 210 comments (clear)

Min score:

Reason:

Sort:

Interoperability issues by chrysalis · 2003-09-27 22:36 · Score: 4, Insightful

This is not a new idea.

OpenBSD (vn* devices) and Linux (crypto-loop) have this for years. NetBSD also has it. Windows XP also has it.

Now FreeBSD introduces yet another implementation of the same thing.

This is great, but what about interoperability?

Right now, all operating systems I can use encrypted partitions, but the way they do it is different on every system.

If I encrypt my USB memory key on FreeBSD, I won't be able to use it on Linux. Even if the actual file system is the same, even if the encryption algorithm is the same.

This is illogical. Encrypted partitions are nice for small, portable devices, that you can plug on various hosts running various operating systems. That's the theory. But because everyone reinvents the wheel, you can't do that. It won't work.

Now that we have filesystems that almost any operating system out there has support for (ext2/ext3 and vfat), maybe it would be nice to use a common format for the encryption layer.

--
{{.sig}}
Re:rubberhose by kasperd · 2003-09-27 23:55 · Score: 3, Insightful

How is this like rubberhose?

AFAIK rubberhouse works on the filesystem layer, while what is described here work on the block layer. That actually means you can easilly use the two on top of each other (assuming they are available for the same OS). Some of the security properties rubberhose aims for are impossible to do on the block layer. OTOH doing encryption on the block layer is simpler than doing it on the filesystem layer, and you are free to put whatever filesystem you prefer on top of that. Of course even encryption on the block layer can get complicated if you want to make it as secure as possible. Maybe performance can be improved by doing encryption in the filesystem, but proving security gets really tricky.

--

Do you care about the security of your wireless mouse?
Re:Poul-Henning replies... by ssimpson · 2003-09-28 06:24 · Score: 2, Insightful

Hi Poul,

The comment about the "plausible denial" setup being useless because an intelligent adversary would always take a mirror copy first: That does not affect the plausible denial aspect.

I assume you're referring to my comment - which wasn't that plausible deniability was not possible because of mirror copies, my exact comment was:
From the paper: "A truly paranoid setup would leave the computer con-figured to boot the Windows system by default, and locate the GBDE data in such a way that it would be destroyed by the act of doing so."

It's likely this wouldn't work - the first thing a half-competent adversary would do is image all disks in a system before booting....It's forensic 101.

E.g. having windows "break" a GBDE volume if it's booted just isn't feasible if you consider your adversary to be skilled.

--
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."