Support for File system Kyungsik Lee SW Platform Lab., Corporate - - PowerPoint PPT Presentation

Linux Kernel Encryption Support for File system

Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20

Mobile Security

• Mobile Security is an important issue
• More data could be more danger with mobile devices
• Android 6.0 FDE(full-disk encryption)
• User data protected against offline attacks
• Plaintext -> ciphertext
• Based on a Linux Kernel Encryption feature that works at the block

device layer

2

Performance Issue (1/2)

• Android 5.0(Lollipop) was to have device encryption enabled by default

but …

• According to Android 6.0 CDD

For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience Excerpted from Android 6.0 Compatibility Definition Document

3

Performance Issue (2/2)

• Sequential IO Read/Write
• 1 CPU core, freq.(0.6~1 GHz)

50 100 150 200 250 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. read

Cpu-freq. 598000 Cpu-freq. 819000 Cpu-freq. 1001000

4

20 40 60 80 100 120 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. write

cpu-freq. 598000 cpu-freq. 819000 cpu-freq. 1001000

• 60%
• 40%

Linux Kernel Encryption (1/2)

• History
• dm-crypt, merged into 2.6.4 kernel(March, 2004)
• eCryptfs, 2.6.19 kernel(November, 2006)
• Ext4 encryption, 4.1 kernel(Jun, 2015)
• VFS Crypto engine, 4.6 kernel

=> Generic File system Encryption Support

5

Linux Kernel Encryption (2/2)

• File system-level encryption, FBE
• File-based encryption allows different files to be encrypted with

different keys that can be unlocked independently.

• File system-level encryption does not typically encrypt filesystem

metadata

• eCryptfs, ext4 encryption …
• Disk encryption, FDE
• Disk encryption generally uses the same key for encrypting the

whole volume, disk partition

• dm-crypt …

6

dm-crypt

• Part of the device mapper infrastructure, and uses cryptographic routines
• Encrypt whole disks (including removable media), partitions

Storage Block layer User space File system Virtual device Encrypt/Decrypt Crypto APIs

7

Kernel Internals

eCryptfs

• Stacked cryptographic file system
• Mount eCryptfs on top of any single directory to protect it

Storage File system(lower) User space eCryptfs Block layer Crypto APIs

8

Kernel Internals

Ext4 Encryption

• In a directory tree marked for encryption, file contents, filenames, and symbolic link

targets are all encrypted

Storage User space Ext4(encrypt) Block layer Crypto APIs

9

Kernel Internals

Case Study

• Linux Kernel Encryption Scalability on multi-core system
• Testing Environment
• CPU core(x4), freq.(0.6 ~ 1 GHz)
• CPU based encryption
• Cipher type

eCryptfs, aes-cbc Ext4-encrypt, aes-xts dm-crypt, aes-cbc-essiv:sha256

10

Sequential Read Prefetching

• Readahead

11

50 100 150 200 250 ext4 ext4-fde ext4(encrypt) ecryptfs-ext4 MiB/sec.

• Seq. read(MiB/sec.)

ra=disabled ra=enabled 5 10 15 20 25 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. read(MiB/sec.)

cpu=1 cpu=2

Read throughput

• CPU-cores(1/2/4)

50 100 150 200 250 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. read(MiB/sec.)

cpu=1 cpu=2 cpu=4

12

Read throughput

• CPU-cores(1/2/4)

50 100 150 200 250 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. read(MiB/sec.)

cpu=1 cpu=2 cpu=4

x2 x2 x1

13

Write throughput

• CPU-cores(1/2)

20 40 60 80 100 120 140 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. write(MiB/sec.)

cpu=1 cpu=2

14

Write throughput

• CPU-cores(1/2)

20 40 60 80 100 120 140 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. write(MiB/sec.)

cpu=1 cpu=2

x2 x2 x1

15

Random Read throughput

• Random read(IOPS)

1000 2000 3000 4000 5000 6000 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS

Random read(IOPS)

IOPS ra=enabled IOPS ra=disabled

16

Random Read throughput

• Random read(IOPS)

1000 2000 3000 4000 5000 6000 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS

Random read(IOPS)

IOPS ra=enabled IOPS ra=disabled

Lower File system Page Cache

17

Improving Read performance (1/4)

• Ext4(encrypt) seq. read throughput

18

50 100 150 200 250 ext4 dm-crypt ext4(encrypt) eCryptfs MiB/sec.

• Seq. read(MiB/sec.)

cpu=1 cpu=2

Decrypt Overhead

• 75%

Improving Read performance (2/4)

• Multi-threaded decryption(ext4)

19

Storage User space Ext4(encrypt) Block layer Normal IO Heavy IO Decrypt thread Bottleneck

Improving Read performance (3/4)

• Multi-threaded decryption(ext4)

20

Storage User space Ext4(encrypt) Block layer Normal IO Heavy IO Decrypt thread Decrypt thread Decrypt thread Decrypt thread

Improving Read performance (4/4)

• Ext4(encrypt) seq. read throughput: +50%

10 20 30 40 50 60 70 80 cpu=1 cpu=2 cpu=4 MiB/sec.

• Seq. read(MiB/sec.)

ext4(encrypt) Patched

21

500 1000 1500 2000 2500 3000 3500 cpu=1 cpu=2 cpu=4 IOPS

Random read(IOPS)

ext4(encrypt) Patched

• 18%

50%

Conclusion

• Seq. read throughput dropped significantly in CPU based encryption,

leading to performance degradation

• Read(decrypt) overhead: seq. read >> random read
• Seq. write throughput falls slightly except eCryptfs
• IO throughput of eCryptfs is shown less scalable in multi-core system
• Seq. read performance can be improved by applying multi-threaded

decryption

22

Q & A

23