Key Management for Transcrypt
Total Page:16
File Type:pdf, Size:1020Kb
Key Management for Transcrypt by Abhijit Bagri DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING INDIAN INSTITUTE OF TECHNOLOGY, KANPUR May 2007 i Key Management for TransCrypt A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Technology by Abhijit Bagri to the DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING INDIAN INSTITUTE OF TECHNOLOGY,KANPUR May 2007 ii CERTIFICATE It is certified that the work contained in the thesis entitled " Key Management for 1ran- sCrypt" by Abhijit Bagri has been carried out under my supervision and that this work has not been submitted elsewhere for a degree. Dr. Rajat Moona Dr. Dheeraj Sanghi Department of Computer Science Department of Computer Science & Engineering, & Engineering, Indian Institute of Technology Kanpur, Indian Institute of Technology Kanpur, Kanpur-208016. Kanpur-208016. iii Abstract With data storage and processing snowballing into a necessity from being an efficient part of any business process or organization, the need for securing storage at various degrees of granularity is gaining considerable interest. The challenge in designing an encrypted filesys- tem stems from balancing performance, security perception, ease of usage and enterprise level deployability. Often, the most secure solutions may not even be the best solution either due to hit on performance or due to decreased usability. Further, narrowing the trust circle to exclude even hitherto trusted system administrators makes creating an encrypted filesystem a huge engineering exercise. In this thesis, we talk about key management issues in TransCrypt[21], an encrypted file system design with smallest trust circle to the best of our knowledge. We provide an entire architecture with utilities like secure key stores, and their management through libraries in- side and outside the kernel space. We provide enhancement of kernel CryptoAPI to include asymmetric cryptography, filesystem and file metadata management tools, and a communi- cation framework to authenticate genuine users through user-space key stores. We present a design that incorporates modularity, flexibility while providing a transparently operational encrypted filesystem. iv Dedicated to My lovely niece, Pari v Acknowledgements I would like to express my gratitude to my thesis supervisors Dr Dheeraj Sanghi and Dr Rajat Moona, without whose able guidance this work would not have been possible. I thank Dr Manindra Agarwal for his insights in the project. I would like to thank all the people who have been a part of TransCrypt group - Mohan Dhawan, Satyam Sharma, Deeptanshu Shukla, V Bhanu Chandra, Arun Raghuraman and Sainath Vellal. Intense discussions during TransCrypt meetings with these people have been a great learning experience, besides being instrumental in the conceptualization and implementation of this work. I would also like to thank Prabhu Goel Research Centre for Computer and Internet Security for partially supporting my thesis and providing me with excellent facilities and a highly flexible and open environment. Any of my endeavours at IIT Kanpur would not have been possible without the support of my friends, especially my wingmates, who have made my stay at IIT Kanpur a memorable one. I thank them for being with me at all times. Finally, I would like to thank my parents and my family for their affection and encour- agement to succeed in all my ventures. 1 Contents 1 Introduction 1 1.1Motivation..................................... 1 1.2ScopeofthisWork................................. 2 1.3OrganizationofThesis............................... 2 1.4AbbreviationsandDefinitions........................... 3 2 Related Work 4 2.1ApproachestoDesigningEncryptingFilesystems................ 4 2.2SurveyofEncryptedFilesystems......................... 5 2.2.1 MicrosoftEFSforWindows........................ 6 2.2.2 Cryptoloopanddm-crypt......................... 6 2.2.3 Cryptfs................................... 7 2.2.4 eCryptfs................................... 8 2.2.5 NCryptfs.................................. 9 2.2.6 CryptographicFileSystem(CFS).................... 9 2.2.7 TransparentCryptographicFileSystem(TCFS)............ 10 2.2.8 BestCrypt.................................. 10 2.2.9 SteganographicFileSystems....................... 10 2.3Summary...................................... 11 3 TransCrypt Architecture 12 3.1TransCryptFeatures................................ 12 3.1.1 Per-fileEncryption,Per-userAccessControl............... 12 2 3.1.2 BlockLevelEncryption........................... 12 3.1.3 NovelCryptographyScheme........................ 13 3.1.4 MultipleTransparentAuthenticationOptions.............. 13 3.1.5 MinimumAdminTrust.......................... 14 3.1.6 DataRecoveryAgent........................... 14 3.1.7 Integrity................................... 14 3.2TheTransCryptArchitecture........................... 15 3.2.1 CryptographicMetadata.......................... 15 3.2.2 FilesystemCreation,Mounting...................... 15 3.2.3 Filelifecycle................................. 15 3.2.3.1 Creation............................. 15 3.2.3.2 Opening............................. 16 3.2.3.3 Read/Write............................ 16 3.2.3.4 ChangingPermissions...................... 16 3.2.4 UserSpaceModules............................ 17 3.3SecurityFramework................................ 18 3.3.1 Physical Access to the System . ..................... 18 3.3.2 SuperuserUnderMinimalTrust..................... 19 3.3.3 EnhancedSecuritythroughFSK..................... 19 3.3.4 Concurrent Access by Multiple Users . .............. 19 3.3.5 SecurePKS................................. 20 4 Kernel Crypto API 21 4.1TransCrypt’sCryptographicRequirementsintheKernel............ 21 4.2PKCS#1compliance................................ 22 4.2.1 EncryptionusingPublicKey....................... 23 4.2.1.1 Version1.5Padding....................... 23 4.2.1.2 OAEPPadding......................... 23 4.2.2 DecryptionusingPrivateKey....................... 25 4.2.2.1 DecodingVersion1.5Padding................. 25 3 4.2.2.2 DecodingOAEPpadding.................... 25 4.2.3 SigningUsingPrivateKey......................... 26 4.2.3.1 Version1.5Encoding...................... 26 4.2.3.2 PSSEncoding.......................... 27 4.2.4 VerificationUsingPublicKey....................... 29 4.2.4.1 VerificationforVersion1.5Encoding............. 29 4.2.4.2 VerificationforPSSEncoding................. 29 4.2.5 OptionsusedinPKCS#1Version2.1Implementation......... 30 4.2.5.1 MaskGeneratingFunction................... 31 4.3CryptoAPI..................................... 31 4.4KeyringInfrastructure............................... 32 5 Daemon and Private Key Store 33 5.1PKSOptions.................................... 33 5.1.1 ServicesOfferedbythePKS....................... 33 5.1.2 PKSLimitations.............................. 34 5.1.3 CandidatesforPKS............................ 34 5.2TransCryptDaemon................................ 35 5.3CommunicationProtocol.............................. 35 5.3.1 CommunicationInterfaces......................... 36 5.3.2 PacketHeaders............................... 37 5.3.3 Packet-StructureandHandling..................... 37 5.4ProtocolEnhancements.............................. 41 6 Putting Things Together 44 6.1ACLBasedChanges................................ 44 6.2ChangesintheSuperblock............................. 45 6.2.1 Utility for Filesystem Creation . ..................... 46 6.2.2 Filesystem Mounting Utility . ..................... 47 6.3ModificationsintheKernel............................ 47 6.3.1 Mounting.................................. 47 4 6.3.2 FileCreation................................ 48 6.3.3 OpeningaFile............................... 49 6.3.4 Reading/WritingaFile.......................... 49 6.4UsingTransCrypt................................. 49 6.4.1 SettingUp................................. 49 6.4.2 CreatingaTransCryptPartitionandMounting............. 50 6.4.3 FileLifecycle................................ 50 7 Future Work and Conclusions 51 7.1FutureWork.................................... 51 7.2Conclusions..................................... 52 Bibliography 53 5 List of Figures 3.1 SchematicTransCryptArchitecture........................ 17 4.1 Schematic description of OAEP Encoding Scheme. lHash is hash of label L. PS is padding strong of zero octets. Figure adapted from [19] ............ 24 4.2 Schematic description of PSS encoding scheme. Figure from [19] ........ 28 5.1 TransCryptHeader................................. 38 5.2 TCPT PKT REPLY CERTPackets........................ 39 5.3 TCPT PKT EST SESSPacket........................... 40 5.4 TCPT PKT KEY ACQ and TCPT PKT KEY RESPPackets......... 41 5.5 CommunicationProtocolbetweenkernel,daemonandPKS........... 42 5.6 Unified Key Acquisition Packet, TCPT PKT ES KA and unified reply packet, TCPT PKT RESP KA............................... 43 1 Chapter 1 Introduction 1.1 Motivation Data security has become a very important issue with growing dependence on storage systems and increasing reliance on the internet for communication. Millions of dollars have been reported to be lost due to security breaches [16]. The key factors of interest for a deployment of a storage solution are security, performance and usability. Further, administering networks and storage over thousands of systems spread over em- ployees in companies with large headcounts is an increasingly difficult task. With growing number of outsourcing industries, such usage conditions are becoming very common. These industries