\input{configpres} % ---------------------------- \subsection{Crypto Filesystems} \title{Crypto Filesystems} \maketitle % ---------------------------- \begin{frame} \frametitle{Overview} \tableofcontents \end{frame} % ---------------------------- \subsubsection{Filesystem Overview} % ---------------------------- \begin{frame}[fragile] \frametitle{Filesystem Overview} \begin{itemize} \item General Purpose \begin{itemize} \item Ext4 \item F2FS \item ZFS \end{itemize} \item FUSE based \begin{itemize} \item encFS \item lessFS (Blowfish only) \end{itemize} \item Kernel based \begin{itemize} \item eCryptFS \end{itemize} \item Block device Encryption \begin{itemize} \item Linux Unified Key Setup (LUKS) \item dm-crypt \item can be used as base-layer other filesystems \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{F2FS} % ---------------------------- \begin{frame}[fragile] \frametitle{F2FS} \begin{itemize} \item optimized for controller-based Flash-Devices \item log structure based \item atomic operations \item Encryption \begin{itemize} \item as in EXT4 \item transparent \item file-system based \item AES128/256, XTS/CBC/CTR \item support encrypted keys \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{EncFS} % ---------------------------- \begin{frame}[fragile] \frametitle{EncFS} \begin{itemize} \item Userspace Filesystem (FUSE) \item OS independent \item Container: encrypted data and encrypted datakey \item Mountpoint: transparent overlay \item Encryption \begin{itemize} \item transparent \item file-system based \item AES128/256, CFB \item separate keys for access and data encryption \end{itemize} \item Disadvantages \begin{itemize} \item lots of known attacks \item weak default configuration \item paranoid configuration still allows some known attacks \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{eCryptFS} % ---------------------------- \begin{frame}[fragile] \frametitle{eCryptFS} \begin{itemize} \item widely used for encrypting home directories (e.g. Ubuntu) \item part of Linux Kernel \item Encryption \begin{itemize} \item filesystem based \item use Kernel keyring \item use Kernel encryption layer \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{LUKS/dm-crypt} % ---------------------------- \begin{frame}[fragile] \frametitle{LUKS/dm-crypt} \begin{itemize} \item transparent block device encryption \item filesystem independent \item empty block handling \item highest security level \begin{itemize} \item full disk encryption \item use Kernel keyring \item use Kernel encryption layer \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{Summary} % ---------------------------- \begin{frame}[fragile] \frametitle{Summary} \begin{itemize} \item Encrypt private files in public Cloud \begin{itemize} \item EncFS \end{itemize} \item Encrypt data on USB-Stick/SD-Card/eMMC \begin{itemize} \item F2FS \end{itemize} \item Encrypt data in Homedirectory \begin{itemize} \item eCryptFS \end{itemize} \item Encrypt data on enterprise-level \begin{itemize} \item LUKS/dm-crypt on block-devices \item Ext4 (full disk) \item ZFS (full disk) \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsection*{} \input{tailpres}