Data at rest encryption ymmt 2019-10-22

The three states of digital data • Data at rest • Inactive data stored in physical storage devices • Data in transit/motion • Inflight data that flows over (often untrusted) networks • Data in use • Data stored in non-persistent devices such as RAM

Motivation to protect data at rest • Theft • Physical devices may be stolen physically. • Lost • Physical devices may be lost by accidents. • Safety when sold • No secrets are left inside. Otherwise, devices need to be physically destroyed! • Multi-tenancy • The storage device may be reused by others.

Data encryption at rest • Encryption is commonly used to protect data at rest • At which level should data be encrypted? • Block device (Full-Disk-Encryption, FDE) • File (File-Based-Encryption, FBE) • Android once adopted FDE, but later changed to FBE • because FDE requires user-interaction before OS boot • https://source.android.com/security/encryption

FDE: suitable for clouds • FDE ensures every single bit of data is encrypted • Safest and simple to use. • Public cloud vendors provides FDE by default • Azure Data Encryption-at-Rest • Encryption at Rest in Google Cloud Platform • dm-crypt, a Linux kernel module, is commonly used for FDE • Data are encrypted transparently in kernel. • Hardware acceleration (AES-NI) is used when available.

Cipher • dm-crypt has several cipher options • In Neco, we use AES-256-XTS-PLAIN64 • AES is the fastest block cipher thanks to AES-NI • XTS is safe enough as long as a data unit does not exceed 220 blocks, which is the case for dm-crypt. • Sat-san wrote a blog article analyzing performance: • https://blog.cybozu.io/entry/2019/03/08/170000

Protecting encryption keys • Keys must be protected safely as much as possible • Data-Encryption-Key (DEK) • AES key for dm-crypt • encrypted with KEK. • Key-Encryption-Key (KEK) • can be a one-time pad to encrypt DEKs. • stored securely in vaults or encrypted further with passwords.

Crypto-shredding • Encrypted data can be deleted instantly if the encryption key is wiped securely. • Deleting data this way is called crypto-shredding. • For example, KEK in TPM can be wiped securely.

Self-encrypting drives? • Several storage vendors sell special SSD/HDD that can store data with encryption. These are called Self-Encrypting Drives (SED). • However, SEDs often poorly implement encryptions: • Self-Encrypting SSDs Vulnerable to Attack, Microsoft Warns • Personally, I do not buy them. • Higher price, lower security.

Key takeaways • Reasons for data encryption at rest • security • disposability by crypto-shredding • Full-Disk-Encryption (FDE) is simple and secure • but sometimes File-Based-Encryption (FBE) wins. • Protect KEKs securely with TPM, (software) vaults, etc. • Do not buy Self-Encrypting Drives (SED)