Intro to Data at Rest Encryption

Transcript

1. Data at rest encryption
   ymmt
   2019-10-22
   

   View Slide

2. The three states of digital data
   • Data at rest
   • Inactive data stored in physical storage devices
   • Data in transit/motion
   • Inflight data that flows over (often untrusted) networks
   • Data in use
   • Data stored in non-persistent devices such as RAM
   

   View Slide

3. Motivation to protect data at rest
   • Theft
   • Physical devices may be stolen physically.
   • Lost
   • Physical devices may be lost by accidents.
   • Safety when sold
   • No secrets are left inside.
   Otherwise, devices need to be physically destroyed!
   • Multi-tenancy
   • The storage device may be reused by others.
   

   View Slide

4. Data encryption at rest
   • Encryption is commonly used to protect data at rest
   • At which level should data be encrypted?
   • Block device (Full-Disk-Encryption, FDE)
   • File (File-Based-Encryption, FBE)
   • Android once adopted FDE, but later changed to FBE
   • because FDE requires user-interaction before OS boot
   • https://source.android.com/security/encryption
   

   View Slide

5. FDE: suitable for clouds
   • FDE ensures every single bit of data is encrypted
   • Safest and simple to use.
   • Public cloud vendors provides FDE by default
   • Azure Data Encryption-at-Rest
   • Encryption at Rest in Google Cloud Platform
   • dm-crypt, a Linux kernel module, is commonly used for FDE
   • Data are encrypted transparently in kernel.
   • Hardware acceleration (AES-NI) is used when available.
   

   View Slide

6. Cipher
   • dm-crypt has several cipher options
   • In Neco, we use AES-256-XTS-PLAIN64
   • AES is the fastest block cipher thanks to AES-NI
   • XTS is safe enough as long as a data unit does not exceed 220
   blocks, which is the case for dm-crypt.
   • Sat-san wrote a blog article analyzing performance:
   • https://blog.cybozu.io/entry/2019/03/08/170000
   

   View Slide

7. Protecting encryption keys
   • Keys must be protected safely as much as possible
   • Data-Encryption-Key (DEK)
   • AES key for dm-crypt
   • encrypted with KEK.
   • Key-Encryption-Key (KEK)
   • can be a one-time pad to encrypt DEKs.
   • stored securely in vaults or encrypted further with passwords.
   

   View Slide

8. Crypto-shredding
   • Encrypted data can be deleted instantly if the encryption key
   is wiped securely.
   • Deleting data this way is called crypto-shredding.
   • For example, KEK in TPM can be wiped securely.
   

   View Slide

9. Self-encrypting drives?
   • Several storage vendors sell special SSD/HDD that can store
   data with encryption. These are called Self-Encrypting
   Drives (SED).
   • However, SEDs often poorly implement encryptions:
   • Self-Encrypting SSDs Vulnerable to Attack, Microsoft Warns
   • Personally, I do not buy them.
   • Higher price, lower security.
   

   View Slide

10. Key takeaways
    • Reasons for data encryption at rest
    • security
    • disposability by crypto-shredding
    • Full-Disk-Encryption (FDE) is simple and secure
    • but sometimes File-Based-Encryption (FBE) wins.
    • Protect KEKs securely with TPM, (software) vaults, etc.
    • Do not buy Self-Encrypting Drives (SED)
    

    View Slide