[dm-crypt] Basics

Michael Kjörling michael at kjorling.se
Mon Sep 28 00:08:42 CEST 2015


On 27 Sep 2015 23:50 +0200, from promike1987 at gmail.com (Mike Nagie):
> On 15-09-27 20:55:54, Heinz Diehl wrote:
>> What's your thread model, actually? Whom do you want to protect your
>> data from?
> 
> There is really no threat or adversary. I really hope the threat is much 
> lower than 1%.
> 
> I had never dealt with encryption before, and I find it very 
> interesting.
> I'd like to defend my data in case it's lost or stolen.

_That's a threat model._

"Threat model" is just a fancy way of saying "what are you trying to
protect, and against what?". It's a very basic concept in anything
relating to any kind of security, because all security is a trade-off,
and you have to know what you aim to protect against in order to judge
whether a given trade-off is reasonable.

Consider your home: you probably lock the door while you are away, and
possibly while you are at home, but you don't live behind a 30 cm
steel door bolted to the opening of a mountain cave. Maybe you take
some valuables with you when you leave your home, like car keys or
your wallet. Maybe you have a home alarm system of some kind. This is
because, at some level, you have a (perhaps not explicit) threat model
and have determined that these actions are a good way to mitigate the
particular threat, whereas the 30 cm steel door probably wouldn't be.

Technically, what you are saying above is that you aim to protect your
data from disclosure in case of unauthorized access to the physical
storage device. That's something full disk encryption (such as LUKS on
Linux, or Bitlocker on Windows) can help you with. (As a
counterexample, full disk encryption _cannot_ readily help you if you
are trying to protect against remote exploitation of a running system
where the FDE container is already unlocked.)

If, for example, you want to protect your data against "petty
thieves", the choices you make in protecting the data are likely to be
quite different compared to if you were concerned about protecting
your data from government agencies.

For more on threat models and threat modeling, you can start at
<https://ssd.eff.org/en/module/introduction-threat-modeling> and
<https://en.wikipedia.org/wiki/Threat_model>.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the dm-crypt mailing list