Hi Marco,

On Fri, Oct 11, 2019 at 09:46:13AM +0100, Marco van Beek via GLLUG wrote:
> On some VM offerings you get a remote KVM, which would allow you to get
> "physical" console access, and then you could encrypt the whole OS and use
> the KVM to enter the key on reboot. That should prevent anyone in the data
> centre from using the disk image without your key.

I don't think you read the entirety of the email you replied to,
which is possibly not surprising as it was large.

The hosting company can read guest memory to obtain the LUKS key.
Here is an example of doing it with the virtualisation stack called
KVM (not the remote access kind of KVM you mentioned):

    
https://blog.appsecco.com/breaking-full-disk-encryption-from-a-memory-dump-5a868c4fc81e

Disk encryption will not stop an attacker who has a dump of both
your memory and your block device. It will however exclude most
attackers, and even state attackers can be put off by the extra
hassle.

For example, as I mentioned, the UK security services have asked me
for disk snapshots of customers but even me saying I required a
court order made them go away in 100% of cases. For them to proceed
to ask me for a memory dump as well, so that they could try to sift
through it and find the LUKS keys, would presumably require the
customer to be of very great interest to them.

A bored and unethical hosting company employee may be more willing
to expend effort. Either way, it's clearly possible.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

-- 
GLLUG mailing list
GLLUG@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug

Reply via email to