CHAPTER 1 INTRODUCTION 1.1 MOTIVATION FOR DATA SECURITY

1

C

1

I

The need for data security emerges from the widespread deployment of shared file systems, greater mobility of computers and the rapid miniaturization of storage devices. It is increasingly obvious that the value of data is much more than the value of storage devices. The content stored in most of storage devices are of substantial value in terms of intellectual property. Moreover, the theft of a personal laptop or a USB connected secondary storage device leaves the victim vulnerable to the risk of identity theft in addition to the loss of personal and financial data. Hence, it becomes necessary to protect stored data using strong cryptographic methods.

1.1

M

D

S

As described above, data security in modern computing systems is a difficult problem. Network connections and remote file system services, while convenient; often make it possible for an intruder to gain access to sensitive data by compromising only a single component of a large system. Because of the difficulty of reliably protecting information, sensitive files are often not stored on networked computers, making access to them by authorized users inconvenient and putting them out of the reach of useful system services such as backup. In effect, the fear that computer data are not terribly private has led to a situation where conventional wisdom warns us not to entrust our most important information to our most modern computers. Hence, data protection system is vital in any organization where classified and secret data need to be shared and secured simultaneously.

Some incidents in the recent years exemplify the need for a secure cryptographic solution to the problem of protecting data from unauthorized access. The majority of these incidents involve insiders or system administrators which accentuates the need for a secure data protection mechanism that thwarts unauthorized information thefts as well as ensures that undue power is not left in the hands of employees or administrators.

Data protection systems are increasingly playing a crucial role in commercial environments too; one key factor here being that the commercial value of information stored has

2

skyrocketed into millions and billions of dollars which itself is reason enough for protection against theft.

Today, many organizations like governments, military, different private organizations, financial institutions and hospitals store enormous amount of confidential data on their laptops. Some of the organizations were victims of data thefts/loss problems. Some organizations faced identity theft from resource centers.

To illustrate the above generalization, an unencrypted hard drive was lost at the Quebec office of Human Resources and Skills Development, Canada [Fekete and Cohen (2013)]. The unencrypted external hard drive lost by the Canadian federal agency contained the personal information of half a million student loan recipients including their names, social insurance numbers, and dates of birth, loan balances and contact information from year 2000 to 2006. The Royal Canadian Mounted Police (RCMP) was called in to investigate what could be deemed as “one of the largest privacy lapses in Canadian history”. To follow up, the federal government had to contact all affected individuals, and a toll-free number was set up for those with concerns and questions. Apart from exposure of sensitive personal information, social insecurity and identity risks of the data owners, such incidents also cause severe impact to the reputation of organizations and the loss of their subscriber’s confidence in them.

In another similar incident, an unencrypted national database with names, social security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen [Gradijan (2006)]. The data was entrusted to and owned by the US Department of Veterans Affairs (VA). The breach pointed once again to the human element being the weakest link in the security chain. The database was on a laptop and external hard drive that were both stolen in a burglary from a VA analyst's Maryland home. The VA estimated it would cost $100 million to $500 million to prevent and cover possible losses from the theft. The U.S. Department of Veterans Affairs’ (VA) chief information security officer and at least two other high profile senior officials along with the analyst had to resign taking accountability for the event.

Instances of data theft/compromise are endless and their impacts vary from negligible to extremely severe. Data theft/loss imposes risk of losing important personnel and organization data, and hence securing this data is of utmost importance. When confidential data is compromised the outcomes are severe, costly and farfetched for the data owners, individuals,

3

stakeholders and organizations alike. The wide impacts are many-a-times not evident immediately after the incident in many cases and may stretch into the future when that data is put to misuse by the miscreants at their will, especially for identity theft which is the scariest of all social threats.

Clearly, there is a pressing need to design and develop data protection mechanisms that cater to the above application scenarios as well as provide several security and usability features. Encrypted file systems or cryptographic file systems fill this void to enable individuals and organizations to keep their storage systems highly available and yet protected from unauthorized access at the same time.

1.2

C

F

S

While considering file system security, several aspects should be taken into account such as authentication, authorization, access control, confidentiality and integrity. Linux systems provides authentication, authorization and access control services using Pluggable Authentication Module (PAM); policy language that defines file owner and group, along with the owner/group/world read/write/execute attributes of the file; Posix Access Control Lists (ACL’s) that provides more stringent access control on a per-file basis etc.

For confidentiality and integrity services, Cryptographic File System (CFS) or Encrypting File System (EFS) have to be used that provides file encryption/decryption along with integrity mechanisms, in a secure, efficient and transparent manner to the user. Distributed cryptographic file system should also provide secure remote access over the Network File System (NFS), file sharing among multiple users, possible use by non-privileged users, portability, incremental backups etc.

1.3

I

E

C

F

S

Cryptographic file systems introduce an extra layer of indirection at an appropriate place in the system that provides the necessary cryptographic functionality. Hence, the first decision to be taken while designing a Cryptographic File System (CFS) concerns the placement of this layer. Encryption services by cryptographic file systems can be placed at file system level or device layer level.

4

In device layer systems, such as Loopback Cryptographic File System (Cryptoloop) [Hoelzer (2004)] and Device-Mapper Crypto Target (DMCrypt) [Fruhwirth (2005)], encryption/decryption takes place at device layer in kernel-space, using Linux kernel device mapper infrastructure that provides a generic way to create virtual layers of block devices. These systems perform encryption with a single key on the entire block device, so file sharing is not possible among multiple users. They are also not convenient for incremental back-ups, cannot be mounted by non-privileged users and cannot be used remotely over NFS.

At the file system level, CFS can be implemented either in user-space or in kernel-space. Cryptographic File System for Unix (CFS_Unix) [Blaze (1993), Blaze (1997)] and Encrypted File System (EncFS) [Ozen (2007), Gough (2011)] are two popular user-space cryptographic file systems at file system level. CFS_Unix is implemented as modified NFS server and EncFS using the File System in User-space (FUSE) API [Szeredi (2004)]. They can be mounted by any user on the system and does not require any modifications to the kernel so can be easily portable. The limitation of these systems is their poor performance due to frequent context switches and data copies between user-space and kernel-space. They perform encryption with a single key on entire directory, so sharing of individual files is not possible among different users. EncFS can be used securely over NFS. CFS_Unix is capable of acting as a remote NFS server, so it can be accessed remotely without requiring an additional NFS mount. This is, however, not recommended due to security issues with plaintext passwords and unencrypted data being transmitted over the network, and also due to poor performance of CFS.

eCryptfs [Halcrow (2005), Kirkland (2011)] is the most popular kernel-space CFS, integrated with the Linux kernel since 2.6.19. It uses stackable file system interface approach [Zadok and Badulescu (1999), Zadok and Nieh (2000), Zadok et al. (1999)] to introduce a layer of encryption that can fit over any underlying file system. eCryptfs is more efficient than existing user-space cryptographic file systems, mentioned above. It performs encryption on a per-file basis and provides support for file sharing among multiple users using Public Key Infrastructure (PKI) support. It also provides support for file integrity using keyed hashes. It can be used remotely on top of networked file systems. The limitations of eCryptfs are that, it cannot be ported across different platforms and do not provide any options for non-privileged users to mount a file system.

5

Public-key management in eCryptfs, for user authentication and file sharing, is performed by a user-space daemon, named eCryptfsd, which can be easily spoofed by user-space processes having superuser privileges, to provide the kernel with the wrong public-key and hence cannot be trusted.

As mentioned above, performance, file sharing, portability and availability to non-privileged users, all cannot be achieved together. Existing user-space CFS have performance limitations and does not provide support for file sharing; and kernel-space CFS are not portable and cannot be mounted by non-privileged users.

Key management is another crucial issue in the cryptographic file systems mentioned above. The majority of these cryptographic file systems employ only basic password protection schemes, disregarding the best practices of multi-factor authentication. Most passwords that users can reasonably expect to memorize can be successfully attacked with straightforward algorithms running on computing devices in present scenario. Token devices such as smart cards can be used for storing keys in some existing cryptographic file systems; however, the deployment of smart cards is often prohibitively expensive, cumbersome, and error-prone. Security technology, such as trusted computing [TCG (2011)], can be used for providing multi-factor authentication in a CFS without incurring additional cost.

1.4

M

O

T

The main objectives of this thesis are to address the above mentioned issues in user-space and kernel-space cryptographic file systems designed at file system level and are mentioned below:

 Design and implementation of user-space CFS, extending CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)] cryptographic file systems, with performance improvements and file sharing support.

 Design and implementation of secure protocol for CFS_Unix, using cryptographic methods such as mutual authentication and session establishment, which enables its secure use remotely.

6

 Design and implementation of kernel-space CFS, based on eCryptfs [Halcrow (2005), Kirkland (2011)], with improved performance and inclusion of whole PKI support in the Linux kernel to exclude privileged user-space processes from domain of trust.  Use of trusted computing technologies for key management in kernel-space CFS.

1.5

O

T

The above listed objectives were dealt successfully during this course of study and the respective outcomes achieved are included in the below mentioned chapters.

The first chapter provides motivation for data security describing several recent security incidents; and need of CFS for the same. Then, a brief introduction of CFS and distributed CFS is given. Existing cryptographic file systems at various levels of abstraction in user-space and in kernel-space has been described briefly, along with their advantages and limitations. Then, the main objectives of research work are presented.

The second chapter presents in-depth literature survey of the selected research area (i.e., CFS). Various design goals and design parameters that should be considered while designing a cryptographic file system are described. Then, existing cryptographic file systems at the block device level and at file system level in user-space and in kernel space are presented with their advantages and limitations. The popular cryptographic file systems described are Cryptoloop [Hoelzer (2004)] and DMCrypt [Fruhwirth (2005)] at block device level; CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)] at file system level in user-space; eCryptfs [Halcrow (2005), Kirkland (2011)] and Secure Distributed Encrypting File System (TransCryptDFS) [Modi et al., (2010)] at file system level in kernel-space.

A brief description of various ciphers and modes of operations used by existing cryptographic file systems has been provided along with a detailed description of XEX-based Tweaked codebook mode with ciphertext Stealing (XTS) [IEEE (2008), Dworkin (2009) ] that can be used by cryptographic file systems for better performance. Further, a brief review of trusted computing technologies and benefits of using them for key management in cryptographic file systems has been described. Finally, Summary of the properties of existing cryptographic file systems has been presented along with the problems identified for carrying out research work.

7

In chapter 3, extensions in the design and implementation of two existing user-space cryptographic file systems, CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)], for performance gain and file sharing support, has been presented.

In chapter 4, secure protocol design and implemention for Extended CFS_Unix [Rawat and Kumar (2012)] using cryptographic methods like mutual authentication and session establishment, which enables its secure use remotely has been described. Performance of Extended CFS_Unix has been improved by using NFS version 3 [Callaghan et. al. (1995)], instead of NFS version 2 [IETF (1989)] used in CFS_Unix. Performance comparison of remote access in extended CFS has been presented with other existing cryptographic file systems mounted over NFS.

Chapter 5 presents a secure and efficient approach for designing and implementing an enterprise-class cryptographic file system for Linux (ECFS) [Rawat and Kumar (2012a)] in kernel-space based on eCryptfs [Halcrow (2005), Kirkland (2011)].

Chapter 6 explains the use of trusted computing [TCG (2011)] for key management in ECFS [Rawat and Kumar (2012a)] filesystem, which benefit from a higher level of security when using a hardware-based root of trust. Open source TrouSerS PKI API version 0.3.9 [TrouSerS (2012)] and the TPM tools version 1.3.8 [TPM tools (2012)] package have been used for implementation of proposed architecture.

Finally, the possible future scope in the area of the work presented in thesis has been discussed in Chapter 7.