[dm-crypt] Blog post on FDE and integrity protection

Robert.Heinzmann at deutschepost.de Robert.Heinzmann at deutschepost.de
Thu Sep 1 14:34:21 CEST 2011


Hello,

I read this discussion and I find this very interesting, especially the cloud discussion.

The point here is that I don't think that it is a useless approach to encrypt disks in the cloud. 

The question is what do you want to protect from ? In the cloud there are several risks due to the multi tenancy and shared approach. 

Of course there is the "The cloud provider is bad and want's my data". However - as you say - you can only protect from this by chosing the right cloud provider (e.g. within your legal system, trustworthy etc). Also certifications of the cloud provider ensuring operational safety help here. In this regards cloud computing is "just outsourcing". 

If you want to use the benefits of IaaS cloud computing, this is the risk you have to live with finally - as with traditional hosting and outsourcing. For PaaS and SaaS there are solutions where only encrypted data is leaving the company (e.g. CipherCloud).

On the other hand there are much more real problems caused by the shared tenancy and high automation in the cloud.

- What if the automation system of the cloud provider fails and mapps volumes to wrong hosts ? 
- What if the secure deletetion / disk wipe procedure fails for volumes on the cloud provider ? 
- What if your snapshots of your EBS volumes leak somewhere due to improper security ? 

For all of this encryption is a good idea. It helps - it is not 100% but it helps. Basically it solves the secure delete problem for the "curious professional" - it does not help against motivated hackers.

If you combine encryption this with a proper security policy (patching, firewalling, access control, VPN access) you can do quite a lot in the cloud - quite secure.

Regards, 
Robert 

-----Ursprüngliche Nachricht-----
Von: dm-crypt-bounces at saout.de [mailto:dm-crypt-bounces at saout.de] Im Auftrag von Arno Wagner
Gesendet: Donnerstag, 1. September 2011 13:27
An: dm-crypt at saout.de
Betreff: Re: [dm-crypt] Blog post on FDE and integrity protection

Disk encryption in a non-private cloud is pretty pointless. 
The cloud provider can access everything. An attacker should 
reliably be kept from accessing your storage, otherwise you are 
screwed anyways. I know, people are doing this, but they are 
kidding themselves.

For your EBS scenario, true, block-level encryption
can be done, but it is irrelevant. Encryption is not the
right way to fix a broken cloud permission system. Critical 
encrypted data should never be decrypted in the cloud. It 
is just not secure. On the other hand, attacks that
manipulate encrypted images are not relevant for lower 
security requirements, as they are very hard (expensive) 
to do.

This makes integtity protection of encrypted data in the cloud
a complete non-issue. This is a solution without a problem.

Arno




More information about the dm-crypt mailing list