close lid to encrypt
play

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim - PowerPoint PPT Presentation

Apr 03, 2024 •224 likes •397 views

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020 Whats Close lid to encrypt? Project by Jonas Meurer and me Freelancing systems engineers living in Germany Full-disk encryption

  1. Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020

  2. What‘s „Close lid to encrypt“? ● Project by Jonas Meurer and me – Freelancing systems engineers living in Germany ● Full-disk encryption in suspend mode ● For Debian and derivatives 2

  3. Why is is useful? ● Full-disk encryption protects your data only at rest powerofg working suspend working powerofg powerofg working suspend working powerofg 3

  4. Why is it diffjcult? ● Well, we‘re locking away your running operating system! ● Race conditions – Prevent access to locked fjlesystems – Otherwise kernel will wait forever ● Memory management – Swap on harddrive is encrypted 4

  5. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper 5

  6. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper build initramfs; freeze cgroups; chroot cryptsetup-suspend.c 6

  7. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper build initramfs; freeze cgroups; chroot cryptsetup-suspend.c mlock; /sys/power/sync_on_suspend = 0; sync; luks-suspend; suspend kernel 7

  8. /sys/power/sync_on_suspend ??? 8

  9. How is it implemented? systemd-suspend.service (unlock session) clean up; unfreeze cgroups; cryptsetup-suspend-wrapper build initramfs; freeze cgroups; unlock luks devices chroot cryptsetup-suspend.c mlock; /sys/power/sync_on_suspend = 0; sync; resume luks-suspend; suspend kernel 9

  10. Demo 10

  11. Demo 11

  12. What‘s next? ● More testing ● Merge upstream – Debian Bullseye: „apt install cryptsetup-suspend“ ● How to handle situations with low available memory? ● There are more secrets in your memory than LUKS keys 12

  13. Thanks ● Cryptsetup authors – Jana Saout <jana@saout.de> – Clemens Fruhwirth <clemens@endorphin.org> – Milan Broz <gmazyland@gmail.com> – Ondrej Kozina <okozina@redhat.com> ● Cryptsetup Debian maintainers – Guilhem Moulin <guilhem@debian.org> – Jonas Meurer <jonas@freesources.org> 13 –

  14. Thanks ● Inspiration – Vianney le Clément de Saint-Marcq <vleclement@gmail.com> ● https://github.com/vianney/arch-luks-suspend – Jen Bowen <jen@nailfarmer.com> ● https://github.com/nailfarmer/debian-luks-suspend/ 14

  15. Thanks 15

  16. https://salsa.debian.org/ mejo/cryptsetup-suspend/ tim.dittler@systemli.org 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Several possibilities for combination: So far: had cryptographic algorithms to achieve

Several possibilities for combination: So far: had cryptographic algorithms to achieve

Several possibilities for combination: So far: had cryptographic algorithms to achieve Encrypt-then MAC: encrypt message, then compute MAC of Privacy: use encryption ciphertext. Integrity: use MAC MAC-then-encrypt: First compute MAC, and then

203 views • 3 slides
Why Encrypt Data? We have already discussed authentication and access control as means to

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides
Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark | Travis Goodspeed | Perry Metzger Zachary Wasserman | Kevin Xu | Matt Blaze Usenix 2011 P25 Modulates voice

147 views • 14 slides
Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt numbers using a simple version of the RSA algorithm. Each team should have two members. Each team-member should complete the exercise as Bob, then pass

228 views • 4 slides
No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2

No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2

. . . . . . . . . . . . . . No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2 , G. Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The

292 views • 18 slides
Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin License : CC-BY-SA 4.0 Introduction What is TLS and why do I need it? TLS stands for Transport Layer Security Difference between https and

360 views • 23 slides
POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1 INTRODUCTION Hanno Bck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project , funded by Linux Foundation's Core

1.09k views • 46 slides
Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of

Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of

Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of very small subjects and living organisms like insects, flowers and good for abstracts, in which the size of the subject in the photograph is

212 views • 17 slides
No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej Korczy nski 2 , Giovane C. M. Moura 3 , Samaneh Tajalizadehkhoob 2 , Jan van den Berg 2 1 National Cyber Security Centre The Netherlands 2 Delft

423 views • 21 slides
2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close

2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close

Fiscal Year End Close 2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close Presenters Matt Abrams Payroll &amp; Payment Services Ines Garrant Budget, Planning &amp; Business Affairs Gretchen

239 views • 23 slides
Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel Jeffery Linux Foundation Why HTTPS? As our dependency on the internet has grown, the risk to users' privacy and safety has grown along with it.

746 views • 40 slides
tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101: Encryption without authentication is useless. Encryption without authentication is like meeting a stranger in a

813 views • 31 slides
On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

Motivation The Attacks Concluding Remarks On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G. Paterson Information Security Group Royal Holloway, University of London CCS 2010 Jean Paul

930 views • 68 slides
Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the

Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the

Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the Earth Clestis go to WORLD WILDLIFE FUND The first and unique non-commerical non-profit-making charitable and educational French association

497 views • 8 slides
Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU W3C Workshop on Privacy and UserCentric Controls 1 20-21 November 2014, Berlin &lt;&lt; Facebook has been able to deploy end-to-end encryption

429 views • 10 slides
Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan telework-related security policies and controls based on a zero-trust model. Encrypt client devices storage, encrypt all sensitive data stored on

371 views • 9 slides
Mobiflage: Deniable Storage Encryption for Mobile Devices Adam Skillen and Mohammad Mannan a

Mobiflage: Deniable Storage Encryption for Mobile Devices Adam Skillen and Mohammad Mannan a

Mobiflage: Deniable Storage Encryption for Mobile Devices Adam Skillen and Mohammad Mannan a skil@ciise.concordia.ca Concordia Institute for Information Systems Engineering Concordia University Montr eal, Canada NDSS 2013, San Diego, CA

486 views • 23 slides
Janet Carroll RN BSN, LMT, CLYL, CLYT The Laughter Nurse janet@janetcarrollrn.com

Janet Carroll RN BSN, LMT, CLYL, CLYT The Laughter Nurse janet@janetcarrollrn.com

Janet Carroll RN BSN, LMT, CLYL, CLYT The Laughter Nurse janet@janetcarrollrn.com www.janetcarrollrn.com 832-216-3713 ________________________________________

217 views • 3 slides
Clean Slate: Create a Complete Dashboard Zachary Sexton of Your Work Announcements Im an

Clean Slate: Create a Complete Dashboard Zachary Sexton of Your Work Announcements Im an

Clean Slate: Create a Complete Dashboard Zachary Sexton of Your Work Announcements Im an uncle! Well be covering Visualizing next week Optimizing and Maintaining will be on week 4 Ill be staying on for a Q&amp;A at the

1.28k views • 108 slides
A knowledge based interface for distributed biological databases Paolo Bresciani and Paolo

A knowledge based interface for distributed biological databases Paolo Bresciani and Paolo

A knowledge based interface for distributed biological databases Paolo Bresciani and Paolo Fontana and Paolo Busetta brescian,pfontana,busetta @itc.it. ( )ITC-irst (TRENTO) and ( )IASMAA (San Michele a.A.)

853 views • 57 slides
Central Valley Environmental Detox --A New Beginning-- Week 2 1 Review Week 1 Days 1 7

Central Valley Environmental Detox --A New Beginning-- Week 2 1 Review Week 1 Days 1 7

Central Valley Environmental Detox --A New Beginning-- Week 2 1 Review Week 1 Days 1 7 Days 1 7 UC 2 times/day Day 8 Day 9 Days 10, 11, &amp; 12 Day 13 Day 14 Days 16-21 UC 2 times/day UC 3 times/day UC 4

362 views • 33 slides
Verschlsselte Dateisysteme unter Linux Michael Gebetsroither http://einsteinmg.dyndns.org

Verschlsselte Dateisysteme unter Linux Michael Gebetsroither http://einsteinmg.dyndns.org

Verschlsselte Dateisysteme unter Linux Michael Gebetsroither http://einsteinmg.dyndns.org gebi@sbox.tugraz.at Einteilung Theorie Kurze Einfhrung Verschiedene Mglichkeiten der Verschlsselung Unsicherheitsfaktoren und wie

268 views • 24 slides
PHYSICS SIMULATION Rigid body simulator introduction Continuum simulation The Documents

PHYSICS SIMULATION Rigid body simulator introduction Continuum simulation The Documents

() PHYSICS SIMULATION Rigid body simulator introduction Continuum simulation The Documents http://haselab.net/class/vr userbasic passwdprog asela aselab Introduction for Multi-rigid body physics simulator

599 views • 33 slides
E XPRESSIVITY L IMITATIONS OF OWL 1 At least one tree-shaped model for each consistent OWL ontology

E XPRESSIVITY L IMITATIONS OF OWL 1 At least one tree-shaped model for each consistent OWL ontology

E XTENDING L OGIC P ROGRAMMING FOR L IFE S CIENCES A PPLICATIONS Despoina Magka Department of Computer Science, University of Oxford November 16, 2012 B IOINFORMATICS AND S EMANTIC T ECHNOLOGIES Life sciences data deluge 1 B IOINFORMATICS AND S

942 views • 72 slides

More recommend