close lid to encrypt
play

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim - PowerPoint PPT Presentation

Apr 03, 2024 •224 likes •397 views

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020 Whats Close lid to encrypt? Project by Jonas Meurer and me Freelancing systems engineers living in Germany Full-disk encryption

  1. Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020

  2. What‘s „Close lid to encrypt“? ● Project by Jonas Meurer and me – Freelancing systems engineers living in Germany ● Full-disk encryption in suspend mode ● For Debian and derivatives 2

  3. Why is is useful? ● Full-disk encryption protects your data only at rest powerofg working suspend working powerofg powerofg working suspend working powerofg 3

  4. Why is it diffjcult? ● Well, we‘re locking away your running operating system! ● Race conditions – Prevent access to locked fjlesystems – Otherwise kernel will wait forever ● Memory management – Swap on harddrive is encrypted 4

  5. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper 5

  6. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper build initramfs; freeze cgroups; chroot cryptsetup-suspend.c 6

  7. How is it implemented? systemd-suspend.service cryptsetup-suspend-wrapper build initramfs; freeze cgroups; chroot cryptsetup-suspend.c mlock; /sys/power/sync_on_suspend = 0; sync; luks-suspend; suspend kernel 7

  8. /sys/power/sync_on_suspend ??? 8

  9. How is it implemented? systemd-suspend.service (unlock session) clean up; unfreeze cgroups; cryptsetup-suspend-wrapper build initramfs; freeze cgroups; unlock luks devices chroot cryptsetup-suspend.c mlock; /sys/power/sync_on_suspend = 0; sync; resume luks-suspend; suspend kernel 9

  10. Demo 10

  11. Demo 11

  12. What‘s next? ● More testing ● Merge upstream – Debian Bullseye: „apt install cryptsetup-suspend“ ● How to handle situations with low available memory? ● There are more secrets in your memory than LUKS keys 12

  13. Thanks ● Cryptsetup authors – Jana Saout <jana@saout.de> – Clemens Fruhwirth <clemens@endorphin.org> – Milan Broz <gmazyland@gmail.com> – Ondrej Kozina <okozina@redhat.com> ● Cryptsetup Debian maintainers – Guilhem Moulin <guilhem@debian.org> – Jonas Meurer <jonas@freesources.org> 13 –

  14. Thanks ● Inspiration – Vianney le Clément de Saint-Marcq <vleclement@gmail.com> ● https://github.com/vianney/arch-luks-suspend – Jen Bowen <jen@nailfarmer.com> ● https://github.com/nailfarmer/debian-luks-suspend/ 14

  15. Thanks 15

  16. https://salsa.debian.org/ mejo/cryptsetup-suspend/ tim.dittler@systemli.org 16

Recommend

Several possibilities for combination: So far: had cryptographic algorithms to achieve

Several possibilities for combination: So far: had cryptographic algorithms to achieve

Several possibilities for combination: So far: had cryptographic algorithms to achieve Encrypt-then MAC: encrypt message, then compute MAC of Privacy: use encryption ciphertext. Integrity: use MAC MAC-then-encrypt: First compute MAC, and then

203 views • 3 slides
Why Encrypt Data? We have already discussed authentication and access control as means to

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides
Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark | Travis Goodspeed | Perry Metzger Zachary Wasserman | Kevin Xu | Matt Blaze Usenix 2011 P25 Modulates voice

147 views • 14 slides
Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt numbers using a simple version of the RSA algorithm. Each team should have two members. Each team-member should complete the exercise as Bob, then pass

229 views • 4 slides
No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2

No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2

. . . . . . . . . . . . . . No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2 , G. Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The

293 views • 18 slides
Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin License : CC-BY-SA 4.0 Introduction What is TLS and why do I need it? TLS stands for Transport Layer Security Difference between https and

360 views • 23 slides
POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1 INTRODUCTION Hanno Bck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project , funded by Linux Foundation's Core

1.09k views • 46 slides
Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of

Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of

Macro and Close up Photography What does Macro mean? Extreme close-up photography, usually of very small subjects and living organisms like insects, flowers and good for abstracts, in which the size of the subject in the photograph is

212 views • 17 slides
No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej Korczy nski 2 , Giovane C. M. Moura 3 , Samaneh Tajalizadehkhoob 2 , Jan van den Berg 2 1 National Cyber Security Centre The Netherlands 2 Delft

423 views • 21 slides
2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close

2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close

Fiscal Year End Close 2019 Fiscal Year End Close Activities and Deadlines 2 May 2019 Fiscal Year End Close Presenters Matt Abrams Payroll &amp; Payment Services Ines Garrant Budget, Planning &amp; Business Affairs Gretchen

239 views • 23 slides
Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel Jeffery Linux Foundation Why HTTPS? As our dependency on the internet has grown, the risk to users' privacy and safety has grown along with it.

746 views • 40 slides
tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101: Encryption without authentication is useless. Encryption without authentication is like meeting a stranger in a

813 views • 31 slides
On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

Motivation The Attacks Concluding Remarks On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G. Paterson Information Security Group Royal Holloway, University of London CCS 2010 Jean Paul

930 views • 68 slides
Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the

Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the

Clestis (from Latin Celestial) 100% of funds raised by close to the Stars, close to the Earth Clestis go to WORLD WILDLIFE FUND The first and unique non-commerical non-profit-making charitable and educational French association

497 views • 8 slides
Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU W3C Workshop on Privacy and UserCentric Controls 1 20-21 November 2014, Berlin &lt;&lt; Facebook has been able to deploy end-to-end encryption

429 views • 10 slides
Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan telework-related security policies and controls based on a zero-trust model. Encrypt client devices storage, encrypt all sensitive data stored on

371 views • 9 slides
Close Proximity Radiography www.tracoilandgas.com Overview What is Close Proximity Radiography?

Close Proximity Radiography www.tracoilandgas.com Overview What is Close Proximity Radiography?

Close Proximity Radiography www.tracoilandgas.com Overview What is Close Proximity Radiography? Stand-off Technique Procedures Applications Equipment People Advantages Limitations Summary

589 views • 14 slides
CLOSE READING CLOSE READING TASK You will be given three pages of the chapter Break it

CLOSE READING CLOSE READING TASK You will be given three pages of the chapter Break it

GROUP PRESENTATIONS CLOSE READING CLOSE READING TASK You will be given three pages of the chapter Break it down: Title (create one) Summary (include quotes &amp; tone) Important Quotes (2) [use shows/reveals that]

643 views • 10 slides
Too Close (working title) www.kanzaman.com Too Close Genre Drama Romance Language English

Too Close (working title) www.kanzaman.com Too Close Genre Drama Romance Language English

Too Close (working title) www.kanzaman.com Too Close Genre Drama Romance Language English Budget 12.000.000 ! Director TBD Writer David Wingeate Pike Producers Denise ODell &amp; Mark Albela &amp; Lucette Legot Status Attaching

534 views • 10 slides
Shai Halevi IBM CRYPTO 2011 Wouldnt it be nice to be able to Encrypt my data before

Shai Halevi IBM CRYPTO 2011 Wouldnt it be nice to be able to Encrypt my data before

Shai Halevi IBM CRYPTO 2011 Wouldnt it be nice to be able to Encrypt my data before sending to the cloud While still allowing the cloud to search/sort/edit/ this data on my behalf Keeping the data in the cloud in encrypted form

957 views • 60 slides
2020 Fiscal Year End Close Activities and Deadlines 2 June 2020 Fiscal Year End Close

2020 Fiscal Year End Close Activities and Deadlines 2 June 2020 Fiscal Year End Close

Fiscal Year End Close 2020 Fiscal Year End Close Activities and Deadlines 2 June 2020 Fiscal Year End Close Presenters Matt Abrams Payroll &amp; Payment Services Jen Buono Cashier Services Heather Gillis Sourcing &amp;

529 views • 23 slides
Why pa'ents need be.er insulin therapies Kelly Close

Why pa'ents need be.er insulin therapies Kelly Close

Why pa'ents need be.er insulin therapies Kelly Close Close Concerns, Inc. April 1, 2014 About Us Close Concerns: founded in 2002 as a

223 views • 9 slides
How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin Orange Labs

How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin Orange Labs

How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin Orange Labs ICALP 2008 July 9, 2008 intro LPN problem LPN-C security parameters conclusion the context the authentication protocol HB + by Juels and

708 views • 21 slides
BRIDGE THE DIGITAL DIVIDE Peter Manderick Operations Director WHO IS CLOSE THE GAP? OUR

BRIDGE THE DIGITAL DIVIDE Peter Manderick Operations Director WHO IS CLOSE THE GAP? OUR

BRIDGE THE DIGITAL DIVIDE Peter Manderick Operations Director WHO IS CLOSE THE GAP? OUR MISSION IS TO INITIATE, ACCELERATE AND IMPLEMENT DIGITAL SOLUTIONS FOR DEVELOPMENT WHAT DOES CLOSE THE GAP DO? INTRODUCTION VIDEO CLOSE THE Donated

815 views • 43 slides

More recommend