DOCSLIB.ORG

A Security Protocol for the Identification and Data Encrypt- Key Management of Secure Mobile Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Security Protocol for the Identification and Data Encrypt- Key Management of Secure Mobile Devices IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. A Security Protocol for the Identification and Data Encrypt- Key Management of Secure Mobile Devices Chol-Un Kim , Dok-Jun An and Song Han Faculty of Mathematics, Kim Il Sung University, Pyongyang, D.P.R.K ABSTRACT In this paper, we proposed an identification and data encrypt key manage protocol that can be used in some security system based on such secure devices as secure USB memories or RFIDs, which are widely used for identifying persons or other objects recently. In general, the default functions of the security system using a mobile device are the authentication for the owner of the device and secure storage of data stored on the device. We proposed a security model that consists of the server and mobile devices in order to realize these security features. In this model we defined the secure communication protocol for the authentication and management of data encryption keys using a private key encryption algorithm with the public key between the server and mobile devices. In addition, we was performed the analysis for the attack to the communication protocol between the mobile device and server. Using the communication protocol, the system will attempt to authenticate the mobile device. The data decrypt key is transmitted only if the authentication process is successful. The data in the mobile device can be decrypted using the key. Our analysis proved that this Protocol ensures anonymity, prevents replay attacks and realizes the interactive identification between the security devices and the authentication server. Keywords security, user authentication, identification protocol, data encrypt key, secure USB 9, 10]. In these methods, encryp,on of disk block is 1. INTRODUCTION expressed as follows. Massive use of mobile storage media raises data security and user authentication problem seriously. =C OP(BE(OP(P, DEK, i), DEK), DEK, i) (1) Reliability of security system should not be based on system Here, BE is a block encryp,on func,on (AES, 3DES, etc.), OP mechanism or complexity of system analysis, and it should is an operation function (CBC, 2 (, ATS, etc.), DEK is a disk guarantee safety even if system mechanism or encryption encryption key, P is a plaintext, i is a block index and C is a algorithm is opened to third party. cipher text. As expression (1) shows, these disk encryp,on In the paper, we proposed an identification and data encrypt systems encrypt plaintext using symmetric-key algorithm key manage protocol for using in some user authentication through certain operation and apply this operation again to and disk encrypt system based on such secure devices as encrypted result. secure USB memories or RFIDs. We analyze security These disk encryption methods have some weakness in terms problems of existing disk encryption methods and of time passage and space expansion. iden,-ca,on protocol in sec,on . and describe our identification protocol and data encrypt key manage Temporal limitation protocol, in sec,on 3. In sec,on 0, we analy)e some security If third party succeeds to detect encryption key of a certain performance of our system. sector, data which is stored in this sector later can be decoded. Spatial limitation 2. PREVIOUS WORKS 1owadays, there are a lot of security system that are using If third party succeeds to detect encryption key of a certain such storage devices being capable of storing personal data block, whole data of disk is in danger of being decoded. securely as secure USB, smart card or FIDs. CBDE based encryption method which was implemented in Several different methods for disk encryption, such as FreeBSD overcame these temporal and spatial limitations to 2oopAES, EFS, TrueCrypt, 1Cryp5s, were suggested 6 7, 8, 8, a certain extent 67]. Although CBDE based disk encryp,on www.IJTPC.org 21 IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. method overcomes temporal and spatial limitations of H I1,0J: K → I1,0J h : The h-bit cryptographic hash function previous disk encryption methods considerably, it still has that have the pre-image resistance and the collision some security problems to be solved. resistance cryptographic hash function ( h is a positive - Key-key for a given sector is fixed because it is decided integer) depending on the sector address. That is, when it was written PRNG : The pseudo-random generator new data on sector, sector key is encrypted by same key-key. implemented in the authentication server. (e suppose that - It is easy to get keychain used to encrypt plaintext data, if the bit length of random number generated by it cannot be the correlation between random data generated beyond the one of hash value of H ( h ). consecutively by P 1C is revealed, because it directly uses random data generated by P 1C as key for plaintext. PKE (L KeyGen E DPPP ),, : The secure public-key cryptosystems implemented in the authentication server and The SDMS Encrypt Method in [1] solved temporal limita,on secure storage devices. problem and spatial limitation problem of data encryption to a certain extent. And, SDMS can control security eP ,( d P ) : The pair of public and private key of performance flexibly according to the security reEuirements. PKE , generated by KeyGenP . It assumes that the decryption The master data encrypt key DEK in SDMS must be encrypted key (the private key) is only known to the authentication based on the user authentication information. However, it server. did not propose a specific Authentication protocol. SKE (L KeyGen E D SSS ),, : The secure symmetric-key There are also a lot of authentication protocols that are using cryptosystems implemented in the authentication server and mobile devices to identify the iden,ty of their users 6.-0]. But there are many protocols that have various security secure storage devices. weaknesses or not to be satisfied the reEuirements for PBKDF2 S,(P, c, dkLen) : The key derive function defined in applications. the PKCD#7 v..0 611]. For example, the protocols in 6., 3] expose the deviceFs ID, or cannot to be clear the reEuirements of anonymity and resistant for device traceability because of using fixed hash 3.2 The structure of secure storage device's value for each device, and the protocols in 60] have the signature problem that the load of authentication servers are rapidly This secure storage deviceFs signature Sig consists of ID increasing as the number of devices grows. D D and key for the secure storage devices D . In the next section, we present a user identification and data encrypt key manage protocol. Here, IDD is the uniEue random number for the device D , and key is the encryptNdecrypt key for data in the device D . The structure of signature Sig in the server is as follows: 3. OUR IDENTIFICATION AND DATA D ENCRYPT- KEY MANAGEMENT PROTOCOL In this paper, the authentication system consists of the secure storage devices being capable of storing the legitimate userGs ID and having some cryptographic computation Figure. The structure of signature SigD capability such as secure USB memories, smart cards or FIDs, the authentication server that maintains the IDs of all All signature Sig for any secure storage devices D are stored legitimate users on their internal database and confirms the D existence of the specific userGs ID in the ID database in the authentication server. responding to authentication reEuests, and the brokers which are placed between the secure devices and authentication server and transmit any messages of them 3.3 Our identification and key management (for example, the use authentication software on the protocol computer that the secure devices are connected). Our protocol consists of the preparation step and the authentication step. 6 The Preparation Step ] 3.1 Notations D : A specific (security) device Any secure storage device registered in the authentication system, D are maintained the random number rD generated IDD : The ID of the device D (namely, the ID of the legitimate device owner that the system has to identify) by the authentication server. The random number rD is uniEue for the device D , so it differs by devices. The rD : The random number generated by the authentication server must maintain the random numbers in authentication server and stored in the device D . some period for resisting the replay attacks and guarantee their uniEueness. It stores all signature for any secure Hello : The ID Euery message that the broker send to the SigD secure storage device. www.IJTPC.org 22 IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. storage devices D in the system to its secure internal (5-3) Compare H(( H IDD )⊕rnew ) and the receipted hash database by making H( IDD ) as the search primary key. value H( y ) . If the two values match, the security [The Authentication Step ] device will get the identification and reliability for rnew , based on the (5-1). Step 1 : The broker starts the protocol run by sending the message Hello to the device D . (5-4) k ← PBKDF2 ( IDD , rnew , c, dkLen) Step 2 : The device D run the following actions by using (7-7) Sig ← D S (k , g ) its ID, IDD and the random number rD in its memory.. (5-6) Compare IDD of Sig and the IDD of the security (2-1) x ← H( IDD )⊕rD device. If the two values match, rnew should be kept (2-2) a ← E PP(,)e x and data in the security device should be decrypt using key of Sig . S (2-3) C ← E (,)x rD (2-4) Send to the authentication server (a , H ( x ), C , H ( rD )) 4. SECRITY INTERPRETATIONS through the broker. Step 3 : The authentication server performs the following [Theorem 1 ] This Protocol ensures anonymity .
Load more

Recommended publications
  • Full Disk Encryption
    Full Disk Encryption David Klaftenegger Department of Information Technology Uppsala University, Sweden 22. March 2019 Caveat Auditor Background Software LUKS this talk contains opinions Questions my opinions not the university’s nor do I claim to be an expert ... so expect some imprecision and errors 22 Mar 2019 Full Disk Encryption - Cryptoparty - 2 - David K My choices loss / theft broken device selling device singular access by evil maid important to you (that I can’t see it) protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid (that I can’t see it) protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background important to you Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background important to you (that I can’t see it) Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid What’s the problem? Why encrypt data? Background important to you (that I can’t see it) Software protect in case
    [Show full text]
  • Freebsd Enterprise Storage Polish BSD User Group Welcome 2020/02/11 Freebsd Enterprise Storage
    FreeBSD Enterprise Storage Polish BSD User Group Welcome 2020/02/11 FreeBSD Enterprise Storage Sławomir Wojciech Wojtczak [email protected] vermaden.wordpress.com twitter.com/vermaden bsd.network/@vermaden https://is.gd/bsdstg FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 What is Enterprise Storage? The wikipedia.org/wiki/enterprise_storage page tells nothing about enterprise. Actually just redirects to wikipedia.org/wiki/data_storage page. The other wikipedia.org/wiki/computer_data_storage page also does the same. The wikipedia.org/wiki/enterprise is just meta page with lin s. FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 Common Charasteristics o Enterprise Storage ● Category that includes ser$ices/products designed &or !arge organizations. ● Can handle !arge "o!umes o data and !arge num%ers o sim#!tano#s users. ● 'n$olves centra!ized storage repositories such as SA( or NAS de$ices. ● )equires more time and experience%expertise to set up and operate. ● Generally costs more than consumer or small business storage de$ices. ● Generally o&&ers higher re!ia%i!it'%a"aila%i!it'%sca!a%i!it'. FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 EnterpriCe or EnterpriSe? DuckDuckGo does not pro$ide search results count +, Goog!e search &or enterprice word gi$es ~ 1 )00 000 results. Goog!e search &or enterprise word gi$es ~ 1 000 000 000 results ,1000 times more). ● /ost dictionaries &or enterprice word sends you to enterprise term. ● Given the *+,CE o& many enterprise solutions it could be enterPRICE 0 ● 0 or enterpri$e as well +.
    [Show full text]
  • Comparison of Disk Encryption Software 1 Comparison of Disk Encryption Software
    Comparison of disk encryption software 1 Comparison of disk encryption software This is a technical feature comparison of different disk encryption software. Background information Name Developer First released Licensing Maintained? ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes [1] BestCrypt Jetico 1993 Proprietary Yes BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes BitLocker Drive Encryption Microsoft 2006 Proprietary Yes Bloombase Keyparc Bloombase 2007 Proprietary Yes [2] CGD Roland C. Dowdeswell 2002-10-04 BSD Yes CenterTools DriveLock CenterTools 2008 Proprietary Yes [3][4][5] Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 Proprietary Yes [6] CrossCrypt Steven Scherrer 2004-02-10 GPL No Cryptainer Cypherix (Secure-Soft India) ? Proprietary Yes CryptArchiver WinEncrypt ? Proprietary Yes [7] cryptoloop ? 2003-07-02 GPL No cryptoMill SEAhawk Proprietary Yes Discryptor Cosect Ltd. 2008 Proprietary Yes DiskCryptor ntldr 2007 GPL Yes DISK Protect Becrypt Ltd 2001 Proprietary Yes [8] cryptsetup/dmsetup Christophe Saout 2004-03-11 GPL Yes [9] dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05 GPL Yes DriveCrypt SecurStar GmbH 2001 Proprietary Yes DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary Yes [10] E4M Paul Le Roux 1998-12-18 Open source No e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes Dustin Kirkland, Tyler Hicks, (formerly [11] eCryptfs 2005 GPL Yes Mike Halcrow) FileVault Apple Inc. 2003-10-24 Proprietary Yes FileVault 2 Apple Inc. 2011-7-20 Proprietary
    [Show full text]
  • Seven Ways to Increase Security in a New Freebsd Installation by MARIUSZ ZABORSKI
    1 of 6 Seven Ways to Increase Security in a New FreeBSD Installation BY MARIUSZ ZABORSKI FreeBSD can be used as a desktop or as a server operating system. When setting up new boxes, it is crucial to choose the most secure configuration. We have a lot of data on our computers, and it all needs to be protected. This article describes seven configuration improvements that everyone should remember when configur- ing a new FreeBSD box. Full Disk Encryption With a fresh installation, it is important to decide about hard drive encryption—par- 1ticularly since it may be challenging to add later. The purpose of disk encryption is to protect data stored on the system. We store a lot of personal and business data on our com- puters, and most of the time, we do not want that to be read by unauthorized people. Our laptop may be stolen, and if so, it should be assumed that a thief might gain access to almost every document, photo, and all pages logged in to through our web browser. Some people may also try to tamper with or read our data when we are far away from our computer. We recommend encrypting all systems—especially servers or personal computers. Encryp- tion of hard disks is relatively inexpensive and the advantages are significant. In FreeBSD, there are three main ways to encrypt storage: • GBDE, • ZFS native encryption, • GELI. Geom Based Disk Encryption (GBDE) is the oldest disk encryption mechanism in FreeBSD. But the GBDE is currently neglected by developers. GDBE supports only AES-CBC with a 128-bit key length and uses a separate key for each write, which may introduce some CPU overhead.
    [Show full text]
  • Open-Source-Lösungen Zur Wahrung Der Datensicherheit Und
    Fachhochschule Hannover Fakult¨at IV - Wirtschaft und Informatik Studiengang Angewandte Informatik MASTERARBEIT Open-Source-L¨osungen zur Wahrung der Datensicherheit und glaubhaften Abstreitbarkeit in typischen Notebook-Szenarien Jussi Salzwedel September 2009 Beteiligte Erstprufer¨ Prof. Dr. rer. nat. Josef von Helden Fachhochschule Hannover Ricklinger Stadtweg 120 30459 Hannover E-Mail: [email protected] Telefon: 05 11 / 92 96 - 15 00 Zweitprufer¨ Prof. Dr. rer. nat. Carsten Kleiner Fachhochschule Hannover Ricklinger Stadtweg 120 30459 Hannover E-Mail: [email protected] Telefon: 05 11 / 92 96 - 18 35 Autor Jussi Salzwedel E-Mail: [email protected] 2 Erkl¨arung Hiermit erkl¨are ich, dass ich die eingereichte Masterarbeit selbst¨andig und ohne fremde Hilfe verfasst, andere als die von mir angegebenen Quellen und Hilfsmittel nicht benutzt und die den benutzten Werken w¨ortlich oder inhaltlich entnommenen Stellen als solche kenntlich gemacht habe. Ort, Datum Unterschrift 3 Inhaltsverzeichnis 1 Einfuhrung¨ 14 1.1 Einleitung................................... 14 1.2 Motivation................................... 15 1.3 Typografische Konventionen......................... 18 1.4 Abgrenzung.................................. 18 2 Anwendungsf¨alle 20 2.1 A1: Notebook kommt abhanden....................... 20 2.2 A2: Notebook kommt abhanden und wird nach Verlust gefunden..... 21 2.3 A3: Benutzen des Notebooks, ohne sensitive Daten preiszugeben..... 22 3 Sicherheitsanforderungen 23 3.1 S0: Open-Source............................... 24 3.2 S1: Gew¨ahrleistung der Vertraulichkeit................... 24 3.3 S2: Uberpr¨ ufbarkeit¨ der Integrit¨at...................... 24 3.4 S3: Glaubhafte Abstreitbarkeit........................ 25 4 Theoretische Grundlagen 26 4.1 Verschlusselungsverfahren¨ .......................... 26 4.1.1 Advanced Encryption Standard................... 27 4.1.2 Blowfish................................ 28 4.1.3 Camellia................................ 28 4.1.4 CAST5...............................
    [Show full text]
  • An Overview of Security in the Freebsd Kernel 131 Dr
    AsiaBSDCon 2014 Proceedings March 13-16, 2014 Tokyo, Japan Copyright c 2014 BSD Research. All rights reserved. Unauthorized republication is prohibited. Published in Japan, March 2014 INDEX P1A: Bold, fast optimizing linker for BSD — Luba Tang P1B: Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite 007 Michael Dexter P2A: LLVM in the FreeBSD Toolchain 013 David Chisnall P2B: NPF - progress and perspective 021 Mindaugas Rasiukevicius K1: OpenZFS: a Community of Open Source ZFS Developers 027 Matthew Ahrens K2: Bambi Meets Godzilla: They Elope 033 Eric Allman P3A: Snapshots, Replication, and Boot-Environments—How new ZFS utilities are changing FreeBSD & PC-BSD 045 Kris Moore P3B: Netmap as a core networking technology 055 Luigi Rizzo, Giuseppe Lettieri, and Michio Honda P4A: ZFS for the Masses: Management Tools Provided by the PC-BSD and FreeNAS Projects 065 Dru Lavigne P4B: OpenBGPD turns 10 years - Design, Implementation, Lessons learned 077 Henning Brauer P5A: Introduction to FreeNAS development 083 John Hixson P5B: VXLAN and Cloud-based networking with OpenBSD 091 Reyk Floeter INDEX P6A: Nested Paging in bhyve 097 Neel Natu and Peter Grehan P6B: Developing CPE Routers based on NetBSD: Fifteen Years of SEIL 107 Masanobu SAITOH and Hiroki SUENAGA P7A: Deploying FreeBSD systems with Foreman and mfsBSD 115 Martin Matuška P7B: Implementation and Modification for CPE Routers: Filter Rule Optimization, IPsec Interface and Ethernet Switch 119 Masanobu SAITOH and Hiroki SUENAGA K3: Modifying the FreeBSD kernel Netflix streaming servers — Scott Long K4: An Overview of Security in the FreeBSD Kernel 131 Dr. Marshall Kirk McKusick P8A: Transparent Superpages for FreeBSD on ARM 151 Zbigniew Bodek P8B: Carve your NetBSD 165 Pierre Pronchery and Guillaume Lasmayous P9A: How FreeBSD Boots: a soft-core MIPS perspective 179 Brooks Davis, Robert Norton, Jonathan Woodruff, and Robert N.
    [Show full text]
  • GELI — Disk Encryption in Freebsd
    GELI | Disk Encryption in FreeBSD Micha l Borysiak [email protected] November 15, 2018 Disk encryption facilities in FreeBSD I GBDE (GEOM-based Disk Encryption) I FreeBSD 5, 2003 I Poul-Henning Kamp I GEOM module in the kernel gbde(4) I User space tool gbde(8) I Creates new device with .bde suffix I GELI (GEOM eli) I FreeBSD 6, 2005 I Pawe l Jakub Dawidek I GEOM module in the kernel I User space tool geli(8) I Creates new device with .eli suffix I Operates on sector level I New devices are created to allow plain text access to the data The GEOM framework I Standardized way to access storage layers I FreeBSD 5, 2003 I Poul-Henning Kamp I Set of GEOM classes I Classes can be freely stackable in any order I Abstraction of an I/O request transformation I Transformations: striping, mirroring, partitioning, encryption I Providers and consumers I Auto discovery GBDE I Master key (2048 random bits) is located in a random place on the GEOM provider, and its location is stored in a lock file I The lock file is encrypted using a user password and should be stored separately I Up to 4 independent user secrets (lock sectors) I Each sector is encrypted using AES-CBC-128 and a random sector key I The sector key is encrypted using a key derived from the master key and the sector number I Disk space overhead to store per-sector keys I Non-atomic disk updates, since sector keys are stored separately from data I Does not support mounting encrypted device in the / file system GELI I Simple sector-to-sector encryption I To perform symmetric cryptography on sectors
    [Show full text]
  • Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version
    Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version Milan Broˇz1,2, Mikul´aˇsPatoˇcka1, and Vashek Maty´aˇs2 1Red Hat Czech, fmbroz,[email protected] 2Masaryk University, Faculty of Informatics, Czech Republic, fxbroz,[email protected] Abstract Full Disk Encryption (FDE) has become a widely used security fea- ture. Although FDE can provide confidentiality, it generally does not pro- vide cryptographic data integrity protection. We introduce an algorithm- agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per- sector metadata fields implemented in software. Our implementation has been included in the Linux kernel since the version 4.12. This is extended version of our article that appears in IFIP SEC 2018 conference proceed- ings [1]. 1 Introduction Storage encryption has found its way into all types of data processing systems { from mobiles up to big data warehouses. Full Disk Encryption (FDE) is a way to not only provide data confidentiality but also provide an easy data disposal procedure (by shredding the used cryptographic key). FDE and the underlying block device work with the disk sector as an atomic and independent encryption unit, which means that FDE can be transparently placed inside the disk sector processing chain. A major shortcoming of current FDE implementations is the absence of arXiv:1807.00309v1 [cs.CR] 1 Jul 2018 data integrity protection. Confidentiality is guaranteed by symmetric encryption algorithms, but the nature of length-preserving encryption (a plaintext sector has the same size as the encrypted one) does not allow for any metadata that can store integrity protection information.
    [Show full text]
  • Building a Security Appliance Based on Freebsd
    Building a security appliance based on FreeBSD BSDCan Ottawa 2019 1 Mariusz Zaborski [email protected] [email protected] https://oshogbo.vexillium.org @oshogbovx BSDCan Ottawa 2019 2 3 Data encryption 4 Data encryption Storage 5 External storage Data encryption Storage 6 Remote access External storage Data encryption Storage 7 Process security Remote access External storage Data encryption Storage 8 Data Encryption 9 Data Encryption ● GBDE ● GELI ● native ZFS encryption 10 GBDE - Geom Based Disk Encryption ● FreeBSD 5.0 ● AES-CBC 128bits ● Different key for each write ○ CPU overhead ○ disk space overhead 11 GELI ● Many cryptographic algorithms ○ AES-XTS ○ AES-CBC ○ Blowfish-CBC ○ Camellia-CBC ○ 3DES-CBC ● Integrity verification (HMAC) ● Don’t have such overheads like GDBE ● One-time key 12 Keeping encryption key Appliance: ● Use memstick ● Need only during boot ● Initialize during first boot VM: ● Use passphrase ● Use no encryption 13 Storage 14 Storage ● ZFS ● UFS 15 ZFS ● checksums ● snapshots ● compression ● RAIDZ 16 ZFS - checksum if (id < 0 || if (id < 0 || ● fletcher2 id > channels_alloc) id >= channels_alloc) ● fletcher4 jle 30 jl 30 ● sha256 ● sha512 39 45 08 7c 1a 8b 45 39 45 08 7e 1a 8b 45 ● skein 01111100 01111110 17 ZFS - compression ● GZIP ● lz4 # zfs list -o name,compression,compressratio NAME COMPRESS RATIO ● ZSTD data/data/local/dumps lz4 16.20x data/tmp lz4 1.00x data/var/crash lz4 11.17x 18 ZFS - compression ● GZIP ● lz4 # zfs list -o name,compression,compressratio NAME COMPRESS RATIO ● ZSTD data/data/local/dumps lz4 16.20x data/tmp lz4 1.00x data/var/crash lz4 11.17x Problem: What if customer want to backup the data? 19 ZFS - snapshots A snapshot is a read-only copy of a file system or volume.
    [Show full text]
  • Datenträgerverwaltung Unter Freebsd
    Datenträgerverwaltung unter FreeBSD Robert Clausecker [Be]LUG e. V. GEOM Was ist GEOM? ● Framework zur Datenträgerverwaltung ● verschachtelbar mit beliebiger Topologie ● weitestgehend vollautomatisch Begrifflichkeiten Klasse Ein Modul, dass eine bestimmte Art von Übersetzung vornimmt Geom Eine Instanz einer Klasse Provider Gerätedatei in /dev, durch die ein Geom seine Dienste anbietet Consumer Geom, das an einen Provider angehängt ist Datenquellen ● GEOM-Klasse disk – Festplatten da(4), ada(4), nda(4), ... – Optische Medien cd(4) – RAM-Disks md(4) – Raidcontroller mfi(4), ... – iSCSI-Targets iscsi(4) – ZFS-Volumina als zvol/... RAM-Disks, Loopback mdconfig -a -s size [-noSuxyL] – legt md(4)-Gerät für RAM-Disk der Größe size an mdconfig -a -f file [-nosSuxyL] – legt md(4)-Gerät für file an mdconfig -d -u unit – zerstört unit mdconfig -r -u unit -s size – ändert die Größe von unit mdconfig -l [-v] – zeigt alle md(4)-Geräte an Allgemeine Befehle geom class help zeigt alle verfügbaren Befehle an geom class list zeigt alle Geoms dieser Klasse an geom class status zeigt den Zustand aller Geoms der Klasse an geom -p provider zeigt Informationen zu provider an geom -t zeigt GEOM-Hierarchie als Baum an ● viele Klassen haben gclass(8) kurz für geom class Partitionierung ● GEOM-Klasse part, siehe auch gpart(8) – foo0 → foo0a, foo0p0, foo0s0, … gpart create -s scheme provider ● scheme: gpt, mbr, bsd, ldm, ... gpart add -t type -s size provider ● type: freebsd, linux, fat32, ntfs, ... gpart show provider ● Partitionstabelle anzeigen gpart delete -i index provider gpart destroy provider Verschlüsselung ● GEOM-Klasse eli, siehe auch geli(8) – foo → foo.eli – geli init [-aBbdegiJKlPsTVv] provider ● -a algo – Integritätsprüfung anschalten – z.
    [Show full text]
  • Šifrování USB Flash Disků Zdarma
    kryptologie pro praxi Šifrování USB flash disků zdarma Bûhem nûkolika let se flash disky staly z no- jsou vygenerovány pomocí generátoru ná- vat je‰tû tento pfiídavn˘ soubor. Pokud máte vinky uÏ bûÏnou a pfiijatelnû levnou záleÏi- hodn˘ch znakÛ pfii vzniku disku a jsou ulo- kvalitní password, nemusíte tento klíãov˘ tostí. Dokonce je uÏ velmi vhodné uvaÏovat Ïeny do hlaviãky tohoto souboru, hlaviãka je soubor pouÏívat. Pokud nemáte kvalitní o zmûnû zálohovacích médií z pásek na tyto za‰ifrována pomocí náhodné soli a passwor- password, klíãov˘ soubor vás nemusí za- disky, alespoÀ u mal˘ch a stfiedních firem. du uÏivatele. Logick˘ disk je ‰ifrován po chránit. Proto toto opatfiení povaÏujeme spí- Je‰tû pfied nûkolika lety ‰e za kosmetické a silnû by to bylo blázniv˘m lu- Tabulka 1 Výběr programů pro šifrování disků zdarma a s veřejnými zdrojovými kódy doporuãujeme pouÏívat xusem, dnes moÏná lev- Název Vývojář Rok Operační systém kvalitní password. Navíc nûj‰í varianta a v bu- loop-AES Jari Ruusu 2001 Linux 2.0+ doporuãujeme si na USB doucnu tfieba standardní CGD Roland C. Dowdeswell 2002 NetBSD 2.0+ flash disku nechat nûjak˘ médium. Zálohování na GBDE Poul-Henning Kamp 2002 FreeBSD 5.0+ ne‰ifrovan˘ prostor. Ten flash discích se rozmáhá TrueCrypt TrueCrypt Foundation 2004 Linux 2.6, Windows NT-based vyuÏijete pro ukládání u mal˘ch firem, Ïivnost- dm-crypt/cryptsetup Christophe Saout 2004 Linux 2.6 Windows NT-based dat v pfiípadech, kdy ne- níkÛ nebo v domácích dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005 Linux 2.6 Windows NT-based mÛÏete zadávat cenn˘ poãítaãích.
    [Show full text]
  • Freebsd Documentation Release 10.1
    FreeBSD Documentation Release 10.1 Claudia Mane July 12, 2015 Contents 1 &title; 3 1.1 What is FreeBSD?............................................3 1.2 Cutting edge features...........................................3 1.3 Powerful Internet solutions........................................3 1.4 Advanced Embedded Platform......................................3 1.5 Run a huge number of applications...................................3 1.6 Easy to install..............................................4 1.7 FreeBSD is free .............................................4 1.8 Contributing to FreeBSD.........................................4 2 &title; 5 2.1 Introduction...............................................5 3 &title; 15 3.1 Experience the possibilities with FreeBSD............................... 15 3.2 FreeBSD is a true open system with full source code........................... 15 3.3 FreeBSD runs thousands of applications................................. 15 3.4 FreeBSD is an operating system that will grow with your needs..................... 16 3.5 What experts have to say . ........................................ 16 4 &title; 17 4.1 BSD Daemon............................................... 17 4.2 “Powered by FreeBSD” Logos...................................... 19 4.3 Old Advertisement Banners....................................... 19 4.4 Graphics Use............................................... 19 4.5 Trademarks................................................ 20 5 &title; 21 6 &title; 23 6.1 Subversion...............................................
    [Show full text]