Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20
Mobile Security • Mobile Security is an important issue More data could be more danger with mobile devices • Android 6.0 FDE(full-disk encryption) User data protected against offline attacks Plaintext -> ciphertext Based on a Linux Kernel Encryption feature that works at the block device layer 2
Performance Issue (1/2) • Android 5.0(Lollipop) was to have device encryption enabled by default but … • According to Android 6.0 CDD For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec , the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience Excerpted from Android 6.0 Compatibility Definition Document 3
Performance Issue (2/2) • Sequential IO Read/Write 1 CPU core, freq.(0.6~1 GHz) Seq. write Seq. read 120 250 100 200 -40% -60% 80 150 MiB/sec. MiB/sec. 60 100 40 50 20 0 0 ext4 dm-crypt ext4(encrypt) eCryptfs ext4 dm-crypt ext4(encrypt) eCryptfs Cpu-freq. 598000 Cpu-freq. 819000 Cpu-freq. 1001000 cpu-freq. 598000 cpu-freq. 819000 cpu-freq. 1001000 4
Linux Kernel Encryption (1/2) • History dm-crypt, merged into 2.6.4 kernel(March, 2004) eCryptfs, 2.6.19 kernel(November, 2006) Ext4 encryption, 4.1 kernel(Jun, 2015) VFS Crypto engine, 4.6 kernel => Generic File system Encryption Support 5
Linux Kernel Encryption (2/2) • File system-level encryption, FBE File-based encryption allows different files to be encrypted with different keys that can be unlocked independently. File system-level encryption does not typically encrypt filesystem metadata eCryptfs, ext4 encryption … • Disk encryption, FDE Disk encryption generally uses the same key for encrypting the whole volume, disk partition dm- crypt … 6
dm-crypt • Part of the device mapper infrastructure, and uses cryptographic routines • Encrypt whole disks (including removable media), partitions Kernel Internals User space File system Block layer Virtual device Crypto APIs Encrypt/Decrypt Storage 7
eCryptfs • Stacked cryptographic file system • Mount eCryptfs on top of any single directory to protect it Kernel Internals User space Crypto APIs eCryptfs File system(lower) Block layer Storage 8
Ext4 Encryption • In a directory tree marked for encryption, file contents, filenames, and symbolic link targets are all encrypted Kernel Internals User space Crypto APIs Ext4(encrypt) Block layer Storage 9
Case Study • Linux Kernel Encryption Scalability on multi-core system • Testing Environment CPU core(x4), freq.(0.6 ~ 1 GHz) CPU based encryption Cipher type eCryptfs, aes-cbc Ext4-encrypt, aes-xts dm-crypt, aes-cbc-essiv:sha256 10
Sequential Read Prefetching • Readahead Seq. read(MiB/sec.) Seq. read(MiB/sec.) 250 25 200 20 150 15 MiB/sec. MiB/sec. 100 10 50 5 0 0 ext4 ext4-fde ext4(encrypt) ecryptfs-ext4 ext4 dm-crypt ext4(encrypt) eCryptfs ra=disabled ra=enabled cpu=1 cpu=2 11
Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 12
Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 x1 x2 150 MiB/sec. x2 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 13
Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) 140 120 100 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 14
Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) x2 140 x2 120 100 x1 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 15
Random Read throughput • Random read(IOPS) Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 16
Random Read throughput • Random read(IOPS) Lower File system Page Cache Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 17
Improving Read performance (1/4) • Ext4(encrypt) seq. read throughput Seq. read(MiB/sec.) -75% Decrypt 250 Overhead 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 18
Improving Read performance (2/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Bottleneck Ext4(encrypt) thread Block layer Storage 19
Improving Read performance (3/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Decrypt Ext4(encrypt) thread Decrypt thread Decrypt thread thread Block layer Storage 20
Improving Read performance (4/4) • Ext4(encrypt) seq. read throughput: +50% 50% Random read(IOPS) Seq. read(MiB/sec.) 3500 80 -18% 70 3000 60 2500 50 2000 MiB/sec. IOPS 40 1500 30 1000 20 500 10 0 0 cpu=1 cpu=2 cpu=4 cpu=1 cpu=2 cpu=4 ext4(encrypt) Patched ext4(encrypt) Patched 21
Conclusion • Seq. read throughput dropped significantly in CPU based encryption, leading to performance degradation • Read(decrypt) overhead: seq. read >> random read • Seq. write throughput falls slightly except eCryptfs • IO throughput of eCryptfs is shown less scalable in multi-core system • Seq. read performance can be improved by applying multi-threaded decryption 22
Q & A 23
Recommend
More recommend