blob: f43c1817eca6ec0033ecc7e0de4aa7cc75da9de6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
\input{configpres}
% ----------------------------
\subsection{Crypto Filesystems}
\title{Crypto Filesystems}
\maketitle
% ----------------------------
\begin{frame}
\frametitle{Overview}
\tableofcontents
\end{frame}
% ----------------------------
\subsubsection{Filesystem Overview}
% ----------------------------
\begin{frame}[fragile]
\frametitle{Filesystem Overview}
\begin{itemize}
\item General Purpose
\begin{itemize}
\item Ext4
\item F2FS
\item ZFS
\end{itemize}
\item FUSE based
\begin{itemize}
\item encFS
\item lessFS (Blowfish only)
\end{itemize}
\item Kernel based
\begin{itemize}
\item eCryptFS
\end{itemize}
\item Block device Encryption
\begin{itemize}
\item Linux Unified Key Setup (LUKS)
\item dm-crypt
\item can be used as base-layer other filesystems
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{F2FS}
% ----------------------------
\begin{frame}[fragile]
\frametitle{F2FS}
\begin{itemize}
\item optimized for controller-based Flash-Devices
\item log structure based
\item atomic operations
\item Encryption
\begin{itemize}
\item as in EXT4
\item transparent
\item file-system based
\item AES128/256, XTS/CBC/CTR
\item support encrypted keys
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{EncFS}
% ----------------------------
\begin{frame}[fragile]
\frametitle{EncFS}
\begin{itemize}
\item Userspace Filesystem (FUSE)
\item OS independent
\item Container: encrypted data and encrypted datakey
\item Mountpoint: transparent overlay
\item Encryption
\begin{itemize}
\item transparent
\item file-system based
\item AES128/256, CFB
\item separate keys for access and data encryption
\end{itemize}
\item Disadvantages
\begin{itemize}
\item lots of known attacks
\item weak default configuration
\item paranoid configuration still allows some known attacks
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{eCryptFS}
% ----------------------------
\begin{frame}[fragile]
\frametitle{eCryptFS}
\begin{itemize}
\item widely used for encrypting home directories (e.g. Ubuntu)
\item part of Linux Kernel
\item Encryption
\begin{itemize}
\item filesystem based
\item use Kernel keyring
\item use Kernel encryption layer
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{LUKS/dm-crypt}
% ----------------------------
\begin{frame}[fragile]
\frametitle{LUKS/dm-crypt}
\begin{itemize}
\item transparent block device encryption
\item filesystem independent
\item empty block handling
\item highest security level
\begin{itemize}
\item full disk encryption
\item use Kernel keyring
\item use Kernel encryption layer
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{Summary}
% ----------------------------
\begin{frame}[fragile]
\frametitle{Summary}
\begin{itemize}
\item Encrypt private files in public Cloud
\begin{itemize}
\item EncFS
\end{itemize}
\item Encrypt data on USB-Stick/SD-Card/eMMC
\begin{itemize}
\item F2FS
\end{itemize}
\item Encrypt data in Homedirectory
\begin{itemize}
\item eCryptFS
\end{itemize}
\item Encrypt data on enterprise-level
\begin{itemize}
\item LUKS/dm-crypt on block-devices
\item Ext4 (full disk)
\item ZFS (full disk)
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsection*{}
\input{tailpres}
|
