[arch-general] Encrypting remote system
thomas at archlinux.org
Mon Nov 2 13:20:30 EST 2009
Karol Babioch schrieb:
> I'm wondering whether there is a possibility to encrypt a remote system
> using Arch Linux? I have installed Arch on a remote server, and don't
> like the idea that anyone with physical access to my system has access
> to my data. So is there something I can do about it?
> Using dm-crypt (with luks) doesn't work at all, as I can't input the
> passphrase when I reboot my system, the technician would really hate me
> if I ask them to attach a remote console each time I reboot my system.
> So is there anything I can do?
I thought about this topic and concluded that security will be the same
as without encryption:
What is encryption good for? It protects against someone with physical
access being able to decrypt your data. Once the machine is running,
you'd have to circumvent the usual access control, whether the system is
encrypted or not.
This security relies on two things:
1) The passphrase ensures that only authorized people can access the
data on the drive.
2) Somehow, you need to ensure that you only give the passphrase to the
machine it belongs to.
The first point would be rather easy, even with a remote system. But the
second is the problem.
On your desktop or laptop, you verify 2) by looking at it and saying
"Yes, this is definitely my machine, so I can give it the passphrase".
For a remote machine, you have to rely on cryptography. The security of
cryptography is based on the remote machine having a private secret
(like a private key to a certificate or a SSH private host key).
Now, as we said, encrypting the hard drive is for protecting against
people getting physical access to your hard drive. So if someone has
physical access to the machine, he/she can easily grab that private
secret and perform an effective man-in-the-middle attack and sniff your
passphrase - or even better, install a modified cryptsetup binary and
make it save the raw encryption key in some place.
In other words: You'd have to trust the unencrypted portion of your
system to do what you expect it to do - which you can't.
That said, such an attack is also easily possible on your desktop or
laptop. If someone would steal the laptop, modify your kernel or
initramfs and then give it back to you, he/she could have done anything
to it to sniff the passphrase as you enter it. In case you can not
ensure that the laptop has not been tampered with, you'd have to
re-create your bootloader, kernel and initramfs from a trusted source
before using it again (also impossible for a remote machine).
However, one bit of added security is possible for a remote machine: If
someone steals the hard drive without getting to your passphrase first,
he/she would not be able to obtain any data. But someone who would
simply steal it, wouldn't be interested in your data anyway. Everyone
who is interested can (as seen above) easily get it.
My conclusion: You should rather concentrate on securing against remote
attacks via the network, which are more likely than physical attacks,
and you can actually protect yourself effectively against those.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: OpenPGP digital signature
More information about the arch-general