diff options
Diffstat (limited to 'security/crypto/pres_crypto_filesystems.tex')
| -rw-r--r-- | security/crypto/pres_crypto_filesystems.tex | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/security/crypto/pres_crypto_filesystems.tex b/security/crypto/pres_crypto_filesystems.tex new file mode 100644 index 0000000..f43c181 --- /dev/null +++ b/security/crypto/pres_crypto_filesystems.tex @@ -0,0 +1,161 @@ +\input{configpres} + +% ---------------------------- +\subsection{Crypto Filesystems} + +\title{Crypto Filesystems} +\maketitle + +% ---------------------------- +\begin{frame} +\frametitle{Overview} +\tableofcontents +\end{frame} + +% ---------------------------- +\subsubsection{Filesystem Overview} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Filesystem Overview} +\begin{itemize} +\item General Purpose + \begin{itemize} + \item Ext4 + \item F2FS + \item ZFS + \end{itemize} +\item FUSE based + \begin{itemize} + \item encFS + \item lessFS (Blowfish only) + \end{itemize} +\item Kernel based + \begin{itemize} + \item eCryptFS + \end{itemize} +\item Block device Encryption + \begin{itemize} + \item Linux Unified Key Setup (LUKS) + \item dm-crypt + \item can be used as base-layer other filesystems + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{F2FS} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{F2FS} +\begin{itemize} +\item optimized for controller-based Flash-Devices +\item log structure based +\item atomic operations +\item Encryption + \begin{itemize} + \item as in EXT4 + \item transparent + \item file-system based + \item AES128/256, XTS/CBC/CTR + \item support encrypted keys + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{EncFS} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{EncFS} +\begin{itemize} +\item Userspace Filesystem (FUSE) +\item OS independent +\item Container: encrypted data and encrypted datakey +\item Mountpoint: transparent overlay +\item Encryption + \begin{itemize} + \item transparent + \item file-system based + \item AES128/256, CFB + \item separate keys for access and data encryption + \end{itemize} +\item Disadvantages + \begin{itemize} + \item lots of known attacks + \item weak default configuration + \item paranoid configuration still allows some known attacks + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{eCryptFS} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{eCryptFS} +\begin{itemize} +\item widely used for encrypting home directories (e.g. Ubuntu) +\item part of Linux Kernel +\item Encryption + \begin{itemize} + \item filesystem based + \item use Kernel keyring + \item use Kernel encryption layer + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{LUKS/dm-crypt} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{LUKS/dm-crypt} +\begin{itemize} +\item transparent block device encryption +\item filesystem independent +\item empty block handling +\item highest security level + \begin{itemize} + \item full disk encryption + \item use Kernel keyring + \item use Kernel encryption layer + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{Summary} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Summary} +\begin{itemize} +\item Encrypt private files in public Cloud + \begin{itemize} + \item EncFS + \end{itemize} +\item Encrypt data on USB-Stick/SD-Card/eMMC + \begin{itemize} + \item F2FS + \end{itemize} +\item Encrypt data in Homedirectory + \begin{itemize} + \item eCryptFS + \end{itemize} +\item Encrypt data on enterprise-level + \begin{itemize} + \item LUKS/dm-crypt on block-devices + \item Ext4 (full disk) + \item ZFS (full disk) + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsection*{} +\input{tailpres} |