Re: [qubes-users] Split dm-crypt 0.1.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-08 11:11, Rusty Bird wrote: > Hi, > > I've worked on this mostly out of stubbornness :), but maybe it is > useful for someone here. README.md pasted below. > > https://github.com/rustybird/qubes-split-dm-crypt > > Rusty > Added a link to the Qubes doc index so that people can find this in the future: https://github.com/QubesOS/qubes-doc/commit/1448c1e7ab8ba17c7a9b9fdd53fcdefb0f1b329b - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX2mG9AAoJENtN07w5UDAwJl4P/1L/J6UKQyyJZOgMPMafMuV0 iybOD9yYjJepUSpRJKxKDHnow6ETeBqgz8o0TdHIgfoTESjl12cPYI7mstVZo7oD W33fq6RzzGgjLtCuejCr92KYJwJiDffoGSFAIeZsAfKEqTbXKoDJ+pjO31ScAqu9 cEspODkJp6IAcYvEe5fF2s8W+3WyE/p6Z+qXcRuFtu5/Wg8NIREbPlU0Z9CZHND5 TwUJb3gqvX3DajIpZm/JwBtKbst7M3ky3TVWdLLZZw9oUvAluqOnlHC4SjO00z1T p2/KawXs+9BwHz5FTwJ1LLKcKu/0c+V23yrMU6hwwDFBbdknoJtQJBkqiS6fT/2d Pm0F1eLra/nlI2mb0z6H1wGY71I6kWMNeKoKcNYdosGmjBIAFcsn8MrmIWF9/GY9 NLxjNi2qI2f0VE6Z+s5bnWK3FeoViCHRufMjeFpFcy2hb7lUT+wvrkhyV5Amti/S GBif4jBAihiUT/EwZnD9AQd3s2MQLhmwjG+SwZENpJ2Y2AAyIgMEBcSz3Vtz72Yk FvdcH8EfgF7RclbgvEmL5PX2MhmIZc8ifWUIeXkprPVCFFU4zCcQsZd5UVkHAfTS RxaqKJXqFvu0VPr+evuCfQqcezvWlG6bQLFubZukWz0B8zj+XwV8RFvu+BWsyJrP yJXB8cuCfMFJXJTsGtFy =xPVu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/007965ca-6563-ce81-5210-c745a396fb3a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Split dm-crypt 0.1.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > https://github.com/rustybird/qubes-split-dm-crypt If anyone has been using this already, please update to version 0.1.1 which contains a security bugfix. Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJX08IXXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfiXkP/296qW+raC+ku/86uRh4NIgx DFufItk6a7LE1uEHjSKWh2liM5oFu1kimOkYaewl9A7ZbDgVCJ767BRLvbPpvaER uNW/A9qnTojQ1wGIhqSUye0iChAfDHU8TfdkBofMP6bMIcNSZg+gdqJS1EpphSww uoyHk+flzvETf8WjbPiTJn5mUFITQw7U+Dpv/tbUCdmI2V1051AT3RpDShzTtfgT 5M94BNNT+BW4rZnCvPSWp2AgGJBXXwacQvizPRvwgqBfgOm/KNbHt8VSbcco/5tV uxM15x8fH66UpI8LxSXEkCgfpUoidBBcQKzWylzH3ggRQP9L/09Ph+iOCpWzU3SF yOuPVUaPpzRQbq7Rr1q5lZNFDVHTKew6PVZR5yYUm2eyJQerPYPU4InoTjQAM3te UkUjEWkdpCffACKL3DUpSavErkJefwadXIBPHssluTOwa4rGPm8kgJhm1rdZm3xj dTE4v25aR414Ty/VXOFzjwAHpdGbZvq3dbgQs0+GyCqjE8JSJps42a2XuUsGDypZ hsYrUFDiGBEmiIucgHed2gsEIahxM7p6lz3CTmghFD5skp+ngmnuNjEWFiuFD1UB lBAxmdljABI+VsrW7EGFJ3CuJv83pQOMy0HqwVeFehyeyWtkdxbcKqjbO676bKUG DZ1QuKeJzXatRJoX1ZPd =Fe+2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdb4d6e6-7ce6-3cea-4dea-aa8479f63bf6%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Split dm-crypt 0.1.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Andrew! >> https://github.com/rustybird/qubes-split-dm-crypt > This looks great, Rusty! Thank you! I actually took the modern luksFormat parameters from your writeup at https://www.qubes-os.org/doc/encryption-config/. The 5 sec iteration time hits a nice balance. Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJX08FSXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfQZ4P+wY89oHl3mUBpv3JJHJyg+aU +XqBn37f3uMReCmXZUhoRZGkjFYV9HBStrKPYDT2Og3Tc56Lw6J/48m4Yb8rXMnh 6+i1HDYmqBA9CBGTCvFFv/+S85vWF9RGqTWYr8aqkX8YqxmbEFp0RU1qqXTK2Dm1 sO9YmWgMp+4R/qagdJ2OCG5Rrx/cAJEu53e51Y6YcAaJkvsY85z8XNYdo7gSOGTx WvDwRyAZT9GGxseeLzxu3S0cVyq+uWww6wtwNPnYl5DLFVeum3RlNDYvJDXm/+4X fTUvRJGLmMWHcs0/xQqgLjeIhFaAi/kNRI3OLi/jRx2bSQk4b6Pv9tEaVupmIwFF lGSv+IjQjLrGOvLxizV3ZLZQvLG/ZDX18BjCbZNZCHL6SqY8Yv2kOZMPNPa5BL+O /GEkc+ij89NeQPvr0Q42K++ypvO2XllxKA+U8YBAVbXMbDD+2SZF2H+eJeVzBAG0 Bs4ewKONNqTT3nGocX915tlj7+XW61OMQa0riiIY+5nt2/WrIWcUkIkLXzC7doPc 1Fkxc4170vgScYbJMnIMxIhR1DRvpLSuYNlscKUJyhFLh+sAkyXsTE3X+h/m+3pI hqdoMrJb+Jiz6ZdgE1zRb4ru/BIdUt8+V6AzcyWow/VB/hqGT6JSHBVtlJGqgd83 Aj6CMermoytakjKEMwaD =LfiK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/716cac4a-1de8-8ef8-97e0-d07d72b88663%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Split dm-crypt 0.1.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-08 11:11, Rusty Bird wrote: > Hi, > > I've worked on this mostly out of stubbornness :), but maybe it is > useful for someone here. README.md pasted below. > > https://github.com/rustybird/qubes-split-dm-crypt > > Rusty > > > > # _Split dm-crypt_ for Qubes R3.2-rc3 and later > > **Isolates device-mapper based secondary storage encryption (i.e. not > the root filesystem) and LUKS header processing to DisposableVMs.** > > Instead of directly attaching an encrypted LUKS partition from a source > VM such as sys-usb to a destination VM and decrypting it there, it works > like this: > > 1. The encrypted partition is attached from the source VM to a >(long-lived) offline _device DisposableVM_ configured not to parse >its content in any way: The kernel partition scanners, udev probes, >and UDisks handling are disabled. > > 2. From there, the LUKS header is sent to a (short-lived) offline >_header DisposableVM_ prompting for the password, and the encryption >key is sent back to the device DisposableVM, which validates that it >received an AES-XTS key and creates the dm-crypt mapping. > > 3. Finally, the decrypted partition is attached from the device >DisposableVM to the destination VM. > > **If the destination VM is compromised, it does not know the password or > encryption key. It also cannot easily exfiltrate decrypted data to the > disk in a form that would allow an attacker who seizes the disk contents > later to read it.** (But see below for caveats.) > > > ## Usage > > The `qvm-block-split` attach/detach commands accept a subset of the > familiar `qvm-block` syntax, and some other commands are included: > > - Fully overwrite a device with random data > > - Overwrite just the LUKS header with random data > > - Format a new LUKS device with modern crypto parameters: AES-XTS with > 256+256 (instead of 128+128) bit keys, SHA512 (instead of SHA1) PBKDF2 > key derivation with 5 (instead of 0.1) seconds iteration time > > When attaching, the destination VM argument can be omitted, in which > case the decrypted disk will be attached to yet another offline > DisposableVM. > > ``` > qvm-block-split --attach|-a [--ro] [] : > --detach|-d : > > --overwrite-everything=random : > --overwrite-header=random : > --overwrite-header=format : > --overwrite-header=shell : > --modify-header=shell : > ``` > > > ## Remaining attacks > > - After detaching, the password and/or key will linger in more RAM > locations than without _Split dm-crypt_. Until there is a way to wipe > the DisposableVMs' memory, and `qvm-block-split` is modified not to > pass the key through dom0's memory, **power off your computer when > memory forensics is a concern.** > > - If both the destination VM and the source VM/disk are compromised, > they could establish a covert channel using e.g. read and write access > patterns, slowly saving some amount of decrypted data to the disk. > > - If the source VM/disk is compromised and successfully exploits the > header DisposableVM using a malicious LUKS header, a known AES-XTS key > could be sent to the device DisposableVM and used to present malicious > device content to the destination VM to potentially exploit it as > well. **Be suspicious if you do not see the expected filesystem data > in the destination VM. Or simply use a DisposableVM as the destination > VM.** > > - **Don't forget to overwrite your disk with random data before creating > a LUKS volume on it.** Otherwise, a compromised destination VM could > trivially save decrypted data to the disk in its free space, by > encoding each bit as an unmodified (still empty or in some other way > nonrandom-looking) or modified (random-looking) 128 bit AES block. > > > ## Installation > > 1. Copy `vm/` to the DisposableVM template, inspect the code, and `sudo >make install` there; also install the `pv` (Pipe Viewer) package to >be able to run the `--overwrite-everything=random` command. Shut down >the template when finished. > > 2. Copy `dom0/bin/qvm-block-split` to dom0, e.g. into `~/bin/`, inspect >the code extra carefully, and `chmod +x` the script. > > > ## Safety warning > > The code's error handling is strict, and I haven't experienced any data > loss during development. Nevertheless, this is an early release. Please > **ensure you have a backup of all drives that are connected to your > computer.** > This looks great, Rusty! Thank you! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX01KbAAoJENtN07w5UDAw2B8P/A/WScgz5BbqsMQkThqHCgR2 +wTYX2KQa3Gif32dfazQ4w9Wc1y1d7Djd5jkPbWULx6Jc0N/IOQZPVjYOC350QdK W9W+DNY68HH1KzE2YVzGUvN+I48RvTNMZk8xSQq9pYlxnnx8w+cHH3/yIgvmb7ls 7bKdbSVPLDn
[qubes-users] Split dm-crypt 0.1.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I've worked on this mostly out of stubbornness :), but maybe it is useful for someone here. README.md pasted below. https://github.com/rustybird/qubes-split-dm-crypt Rusty # _Split dm-crypt_ for Qubes R3.2-rc3 and later **Isolates device-mapper based secondary storage encryption (i.e. not the root filesystem) and LUKS header processing to DisposableVMs.** Instead of directly attaching an encrypted LUKS partition from a source VM such as sys-usb to a destination VM and decrypting it there, it works like this: 1. The encrypted partition is attached from the source VM to a (long-lived) offline _device DisposableVM_ configured not to parse its content in any way: The kernel partition scanners, udev probes, and UDisks handling are disabled. 2. From there, the LUKS header is sent to a (short-lived) offline _header DisposableVM_ prompting for the password, and the encryption key is sent back to the device DisposableVM, which validates that it received an AES-XTS key and creates the dm-crypt mapping. 3. Finally, the decrypted partition is attached from the device DisposableVM to the destination VM. **If the destination VM is compromised, it does not know the password or encryption key. It also cannot easily exfiltrate decrypted data to the disk in a form that would allow an attacker who seizes the disk contents later to read it.** (But see below for caveats.) ## Usage The `qvm-block-split` attach/detach commands accept a subset of the familiar `qvm-block` syntax, and some other commands are included: - - Fully overwrite a device with random data - - Overwrite just the LUKS header with random data - - Format a new LUKS device with modern crypto parameters: AES-XTS with 256+256 (instead of 128+128) bit keys, SHA512 (instead of SHA1) PBKDF2 key derivation with 5 (instead of 0.1) seconds iteration time When attaching, the destination VM argument can be omitted, in which case the decrypted disk will be attached to yet another offline DisposableVM. ``` qvm-block-split --attach|-a [--ro] [] : --detach|-d : --overwrite-everything=random : --overwrite-header=random : --overwrite-header=format : --overwrite-header=shell : --modify-header=shell : ``` ## Remaining attacks - - After detaching, the password and/or key will linger in more RAM locations than without _Split dm-crypt_. Until there is a way to wipe the DisposableVMs' memory, and `qvm-block-split` is modified not to pass the key through dom0's memory, **power off your computer when memory forensics is a concern.** - - If both the destination VM and the source VM/disk are compromised, they could establish a covert channel using e.g. read and write access patterns, slowly saving some amount of decrypted data to the disk. - - If the source VM/disk is compromised and successfully exploits the header DisposableVM using a malicious LUKS header, a known AES-XTS key could be sent to the device DisposableVM and used to present malicious device content to the destination VM to potentially exploit it as well. **Be suspicious if you do not see the expected filesystem data in the destination VM. Or simply use a DisposableVM as the destination VM.** - - **Don't forget to overwrite your disk with random data before creating a LUKS volume on it.** Otherwise, a compromised destination VM could trivially save decrypted data to the disk in its free space, by encoding each bit as an unmodified (still empty or in some other way nonrandom-looking) or modified (random-looking) 128 bit AES block. ## Installation 1. Copy `vm/` to the DisposableVM template, inspect the code, and `sudo make install` there; also install the `pv` (Pipe Viewer) package to be able to run the `--overwrite-everything=random` command. Shut down the template when finished. 2. Copy `dom0/bin/qvm-block-split` to dom0, e.g. into `~/bin/`, inspect the code extra carefully, and `chmod +x` the script. ## Safety warning The code's error handling is strict, and I haven't experienced any data loss during development. Nevertheless, this is an early release. Please **ensure you have a backup of all drives that are connected to your computer.** -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJX0anuXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfRkkQAI0BIUItYTgf+BNbgAyaykr1 3P+47IUZi0VaLgR0B6+7rRx/9KFkil1dUViz46PvkgD79S71Gl/ThIDSDayBCYmF Jpk0dwiscKXDZq6EfWVD3Bg0rYdXlmTeSEJn7jnNA35Vm4W9eS+tTdxNnsWhDpVb 97LD/muCgQHYqV8LcSLFcf4wxHMHC8zTh/ytC4ZCkgB+jNHJeJI6xMN8BnGemrMf 3sms1aj72pvg1rcRwlowWo9ib0Yl8Clav0s4308VuaOo2cPFknoDxIpnNloFMd15 RkXVPktoExSICFZKpuIdruEtcGswlxGlcqt3vGiUl1AkhCuJa8OARbfPlquupU+5 iDAWV3AcsAKR8xYL2eHSxIO1HsTU1PapsgsUSEEtviPe6x9wdWBijFk697Z+
