encryption at rest in zfs
play

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of - PowerPoint PPT Presentation

Dec 17, 2023 •568 likes •788 views

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

  1. Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com

  2. Overview of Encryption Implementation 2

  3. What is Encryption? • Want to prevent someone (an attacker) from accessing private data • Permissions aren’t good enough • Root user can always access every file • Kernel bugs can result in privilege escalation • Disks can always be moved to another machine / OS and read • Solution: Encryption • Data on disk should look pseudorandom (no detectable patterns) • User has a secret key that can be used to access the data • Mathematically, data is extremely hard to decrypt without key 3

  4. Problems with Non-Native Encryption • File Level Encryption (eg. ecryptfs) • Encryption before compression -> no compression • No dedup capabilities (within dataset) • Writes a metadata header, can disturb file alignment or waste space • Disk Level Encryption (eg. dm-crypt) • Multiple copies are encrypted multiple times • Keys must always be loaded or pool is useless • No scrub, resilver, etc • No possibility of doing zfs send without keys loaded • Complex management 4

  5. How is this important to Datto? • Our primary backup solution for our partners • A backup agent runs on our client’s machines • Backups are sent to our device on the client’s network • Backups are replicated to servers in the cloud ( zfs send ) • Advantages of Native Encryption • Higher performance encryption, without losing compression • Much cleaner implementation than current stacked block devices • Ability to backup customer data without liability 5

  6. What is Encrypted? Encrypted Not Encrypted • File data and metadata • Dataset / snapshot names • ACLs, names, permissions, attrs • Dataset properties • Directory listings • Pool layout • All Zvol data • ZFS Structure • FUID Mappings • Dedup tables • Master encryption keys • Everything in RAM • All of the above in the L2ARC • All of the above in the ZIL 6

  7. Caveats of Native ZFS Encryption • Limited to copies=2 • Dedup tables are not encrypted • Dedup will leak data about equivalent data blocks • Dedup will only work within “clone families” • Encryption + compression could allow for a CRIME attack • Not relevant to most applications • Can be prevented with compression=off 7

  8. Creating an Encrypted Dataset zfs create \ -o encryption=on \ -o keylocation=prompt \ -o keyformat=passphrase \ -o pbkdf2iters=300000 \ pool/encrypted_ds 8

  9. ZFS Encryption Properties: Encryption • Encryption • off | on | aes-<128|192|256>-<ccm|gcm> • Determines the cipher suite used to encrypt data • Currently AES-GCM and AES CCM are the only supported modes • Read-only after creation • on will default to aes-256-ccm • Children will inherit this property from parents • Will NOT adapt with newer revisions (unlike compression) 9

  10. ZFS Encryption Properties: Keylocation • Keylocation • prompt | file://</absolute/path/to/keyfile> • Determines where the key should be loaded from by default • prompt allows you to pipe keys into zfs for extensibility • Child datasets inherit the parent’s keylocation • Inherited keylocation implies a common user key • ZFS will automatically allow you to mount inheriting datasets • Child datasets with a local key location will use a different user key 10

  11. ZFS Encryption Properties: Keystatus • Keystatus • none | available | unavailable • Tells whether a dataset’s key is loaded • Changed by loading / unloading the key with the keystore commands • When the key is loaded filesystems and zvols function normally • When the key is not loaded • Zvols will not appear in /dev/ • Filesystems will not be mountable 11

  12. ZFS Encryption Properties: Keyformat • Keyformat • passphrase | hex | raw • Determines the format of your key • passphrase may be between 8 and 64 characters • hex and raw keys must represent 32 bytes of random data • Pbkdf2iters • Integer value • Allows tuning performance/security of passphrases • Only used when keyformat=passphrase • Default value is 350,000 Minimum value is 100,000 12

  13. Creating an Encrypted Dataset zfs create \ -o encryption=<cipher suite> \ -o keylocation=<key location> \ -o keyformat=<key format> \ [-o pbkdf2iters=<value>] \ <dataset name> • Creates a new encryption root with its own user key • Automatically loads the user key into ZFS 13

  14. Loading and Unloading User Keys zfs unload-key <dataset> • -a and -r for recursive key unloading • Fails if dataset is mounted or in any way open zfs load-key <dataset> • -a and -r for recursive key loading • -n (no-op) for verifying a key is correct • -L <key location> for loading the key from an alternate keylocation 14

  15. Changing User Keys zfs change-key [-li] \ [-o keylocation=<key location>] \ [-o keyformat=<key format>] \ [-o pbkdf2iters=<value>] \ <dataset name> • Changes the user key of a dataset • Will not re-encrypt all of the data • Will cause the dataset to become an encryption root • -l (load-key) ensures the key is loaded before changing it • -i (inherit) will cause the dataset to inherit its parent’s user key 15

  16. Scrubs and Resilvering • ZFS can still maintain integrity even without loaded keys • ZFS maintains checksums of the ciphertext • This includes: • Pool importing • Scrubs • Resilvers / Drive replacements • Self healing • Disk error reporting 16

  17. Raw Sends zfs send -r • Enables sending encrypted data without loading the user key • Data will be sent compressed and encrypted exactly as it is on disk • Compatible with other send features such as -D and -L • Allows backups to reside on an untrusted server • Better data protection for customers • Better liability prevention for data storage companies 17

  18. ZFS Keystore API Overview • Primary API • zfs create, zfs clone • -o encryption=<cipher suite> • -o keylocation=<keylocation> • -o keyformat=<keyformat> • -o pbkdf2iters=<value> • zfs load-key, zfs unload-key • zfs change-key • zfs send -r • Smaller changes • zfs mount, zpool import 18

  19. Current Status • Fully implemented and feature complete • Currently under review • Pull requests are out for Linux, OSX, Illumos • Primary PR is on Linux • Special Thanks • Jorgen Lundman for maintaining the ports to OSX and Illumos • Matt Ahrens and Brian Behlendorf for all the help answering my questions • George Wilson and Dan Kimmel for helping me through the ARC changes 19

  20. Questions? Tom Caputi tcaputi@datto.com https://github.com/zfsonlinux/zfs/pull/5769

Recommend

Outline What is ReST ? Constraints in ReST REST Architecture Components Features of

Outline What is ReST ? Constraints in ReST REST Architecture Components Features of

Outline What is ReST ? Constraints in ReST REST Architecture Components Features of ReST applications Example of requests in REST &amp; SOAP Complex REST request REST Server response Real REST examples REST Design

603 views • 34 slides
TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals

TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals

TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals are *NOT* At rest encryption Best practices for web/HTTP going to encryption How perfectly and good we are- we made

529 views • 18 slides
At Rest Encryption with MySQL &amp; Vault Tate McDaniel Charles Thompson Percona Empowered

At Rest Encryption with MySQL &amp; Vault Tate McDaniel Charles Thompson Percona Empowered

At Rest Encryption with MySQL &amp; Vault Tate McDaniel Charles Thompson Percona Empowered Welcome and Introductions Charles Thompson Empowered Senior MySQL DBA with over seven years of experience in the industry. Proficient in server

755 views • 46 slides
How to implement data encryption at rest in compliance with enterprise requirements Steffen

How to implement data encryption at rest in compliance with enterprise requirements Steffen

How to implement data encryption at rest in compliance with enterprise requirements Steffen Mazanek, Louay Mresheh | 09/09/2019 Community Day 2019 Sponsors About the speakers Steffen Mazanek (AWS usergroup Dresden) Louay Mresheh AWS

945 views • 29 slides
REST API What it means to be RESTful What is REST REST stands for REpresentational State

REST API What it means to be RESTful What is REST REST stands for REpresentational State

REST API What it means to be RESTful What is REST REST stands for REpresentational State Transfer It is neither a standard nor a protocol REST is not HTTP , although because of HTTPs prevalence and popularity the two tend to go

708 views • 11 slides
Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web

Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web

Introduction to REST Web Services 2/14/2009 Agenda What is REST? Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web Services Design Semantic of HTTP/1.1 Operations Asst. Prof. Dr. Kanda

522 views • 12 slides
Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt 2019 (Fully Homomorphic) Encryption Encryption: used to protect data at rest or in transit Enc( m ) Enc( m ) Enc( m ) Fully Homomorphic

2.2k views • 39 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST

Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST

Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST API Recall : REST Representational State Transfer o REST is statelessit has no idea of any current user state or history o API

535 views • 17 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for

Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for

Overview [not in slides] Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for the Restless 1. God promises rest in his righteousness 2. God promises rest in his presence 3. God promises rest in his

92 views • 5 slides
presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the

presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the

presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the rest to us SM easy access to any places leave the rest to us SM exterior leave the rest to us SM lobby leave the rest to us SM lobby lounge

521 views • 18 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST

Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST

Lucity for Application Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST API Recent Changes REST Client Applications Explained Web Hooks Other Options Future Plans Lucity REST API

498 views • 22 slides
Topics RPC vs. REST: What's the What makes an API truly REST best practices difference

Topics RPC vs. REST: What's the What makes an API truly REST best practices difference

Topics RPC vs. REST: What's the What makes an API truly REST best practices difference and why does it RESTful? (Constraints and (common problems and matter? interface) their solutions) Planning and developing Drupal services

632 views • 28 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST

RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST

RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST Web Service Design Semantic of HTTP/1.1 Operations SOAP vs. REST Style Assets and Drawbacks Security Public Web Services HPI, Seminar Advanced

330 views • 10 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential privacy methods

595 views • 43 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
REST Web-based APIs REST Representational State Transfer Style of web software

REST Web-based APIs REST Representational State Transfer Style of web software

REST Web-based APIs REST Representational State Transfer Style of web software architecture that simplifies application Not a standard, but a design pattern REST Take all resources for web application (data, files, functions)

722 views • 22 slides
Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1

Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1

Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1 REST - The 10-second overview &quot;the name given to the architecture of the World Wide Web by Roy Fielding.&quot; -- rest-discuss Following REST

789 views • 59 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides

More recommend