2007-02-15

Encrypted filesystem images

Introduction:
Hola boys and girls, in this article I will speak a bit about encrypted file system images. There are many different utilities out there and each modern operating system has some kind of encryption scheme for either all or parts of their file system.
This is a short list of utilities that are available to the general public. Ill cover the basics of what an encrypted file system image is and list a few publicly available implementations for your information.

This article is intended for advanced users with a well-rounded understanding of how a computer and operating systems work.

-=- ToC -=-
x.......... Introduction
1.......... What is an encrypted file system
2.......... Uses of encrypted storage
3.......... Implementations of note with feature breakdown
4.......... Summary
5.......... Works cited

-=-=-=-=-=-=-=-=-=-=-=-=-=-
1.......... What is an encrypted file system
An encrypted file system consists of two parts, the file system (an organized system of storing binary data in an organized fashion). The other part being encryption, which is scrambling data in an organized fashion so that only designated parties may view it. In this article I am speaking about a file with in a file complete with its own file system and not dependant on the file system which the physical media that the file resides on.

-=-=-=-=-=-=-=-=-=-=-=-=-=-
2.......... Uses of encrypted storage
Secret codes as a concept are well known, it allows you to speak in a public area with out the information being revealed to un-intended recipients. The Internets data privacy is only safe because no one cares to dig through the deluge of information to figure out what your doing. In the novel "Takedown" regarding the capture of Kevin Mitnick, the authorities and two over zealous private citizens proceeded to track a persons activities via packet sniffing an entire ISP. This was done transparently so no one knew his or her privacy has been violated all to hell.

Encryption has become necessary as the medium of the Internet and computers in general have been under attack by governments, multinational corporations and criminal institutions.

Encryption is not the ENTIRE answer to these threats though. Being proactive about your computer usage routines so that you minimize communicating in an un-secure fashion is very important. Protecting your computer from rogue programs and un-trusted software is also important. All this while asking yourself, "what is this information worth." If the answer is ever your life, then you have best be prepared to dedicate a sizable portion of your life to servicing the protection of that information. Security is about setting the bar for your would be intruder. Basic security keeps the honest people honest, medium security keeps the burglar at bay, and comprehensive security keeps the bogyman out. Encryption can be very effective as an effort multiplier when used correctly.

-=-=-=-=-=-=-=-=-=-=-=-=-=-
3.......... Implementations of note with feature breakdown
- 3.1 Integrated encrypted file systems (OSS/Un*x):
Native utilities within most of the free Un*x like os's have included crypto.
Most of which have the capacity to create "memory disks" or "looped file systems". The utilities typically have the option for encrypting the data.
---LINUX---
In Linux in the 2.4 series and greater a person can do the following command:
$ dd if=/dev/zero of=enc_vol.img bs=1k count=4096
$ losetup -e 3des /dev/loop0 enc_vol.img
$ mkdosfs /dev/loop0
$ mount /dev/loop0 /mnt/

This system can use XOR and DES encryption by itself, if additional encryption algorithms are compiled into the kernel then you can make use of those too. The files created in this format are compatible with FreeOTFE, which is also available on windows and some mobile devices.

*** A side note -there was a paper which was written by Jerome Etienne titled "Vulnerability in encrypted loop device for Linux". In short, this is not a problem getting access to encrypted data, but making educated guesses and moving encrypted data around in the encrypted file. Since the file system doesn’t care about what data is where so long it’s in accordance with the file system structure the changes would not be detectable to the system. This attack is classified as a Denial of service attack but could be also classified as a kind of instant replay attack. The suggestion by the author is to authenticate to each data block or authenticate the integrity of the entire file system at boot time. The truly paranoid may want to perform a hash on the encrypted file system image via a mounting and unmounting script. This is a minor issue because the integrity of the information is controlled more by safe computing practices and physical security than encryption (Etinne, 2001).

In light of the looped file system and its shortcomings dm-crypt and LUKS have been developed as an alternative.

Prerequisites: A Linux 2.6 kernel with device mapper and dm-crypt support is needed. Also install cryptsetup-luks the package and util-linux package (g-loaded, 2005).

# cryptsetup --verbose --cipher "aes-cbc-essiv:sha256" --key-size 256 \
> --verify-passphrase luksFormat /dev/mydev/zipdisk
# cryptsetup luksOpen /dev/mydev/zipdisk encr-zipdisk
# mkdosfs -v -F 16 -n "ENCR1" /dev/mapper/encr-zipdisk
# mount -t vfat -o rw /dev/mapper/encr-zipdisk /mnt/tmp/

---OPENBSD---
OpenBSD supports memory disks or Virtual Nodes and this is done by:
$ vnconfig -k svnd0 /tmp/cryptimg
Encryption key:
$ mount /dev/svnd0c /mnt
This uses the blowfish algorithm for encryption (OpenBSD, 2007).

- 3.2 Encrypted Volume Utilities for commercially desktop systems:
---Ms Windows---
NTFS file encryption is available on Microsoft Windows XP Professional and supposedly Vista Business, Premium and Ultimate on a per file basis. Ultimate supposedly has full disk encryption utilizing their trusted computing hardware (Microsoft 2007).

Typically with the standard NTFS crypto you need to be using their latest version of the NTFS file system.
-Right click on the files you intend to encrypt.
-Select advanced
-Click on the encrypt check box.

Alternatively you can use the cipher command.
c:\echo "HiR" > example.txt
c:\cipher -e c:\example.txt

Encryption in windows this way is transparent to the user, it looks to them like any other file, however its encrypted on the disk so recovery by a third party person who has direct access to the file system is unlikely.

The file system will then enable the "encrypt" attribute which keys off of your account login info. So in order to access the content you will need the person's login info.

---Apple Mac OS 10---
Mac OS 10 has encrypted volume file creation available with AES encryption (Apple, 2007).

Select Macintosh HD -> Applications -> Utilities -> Disk Utility -> File -> New -> Blank Disk image
... Then put in the file name (ex. file)
-> select encryption -> AES-128 -> put in the password -> DONE!

Whenever you click on the image it will mount and ask for your password (assuming you don't put it in your keychain).

Of course this can be done in the command shell too.
$ hdiutil create -size 10m -encryption AES-128 -stdinpass test
Enter disk image passphrase:
...............................................................................
created: /Users/jkershner/Desktop/test.dmg
$ hdiutil attach test

- 3.3 Third Party disk encryption systems:
http://www.truecrypt.org/
Can create layered encrypted file systems images with a form of segnagraphy which a user can use a panic password to display the outer non-sensitive disk image, and a normal password for normal access to the disk image. It also can use file keys, which are existing files located anywhere on the computer, which the program uses as part of the authentication process. It can either use files on the hard drive or it can directly access devices such as hard drive partitions, entire disks or jump drives. In addition to secure file access by reading encrypted data in packets and keeping it in memory so that it does not hit the disk in unencrypted form. This is a free utility available on Windows and Linux platforms (TrueCrypt Foundation, 2007).

http://www.freeotfe.org/
Operates under both PC (MS Windows 2000/XP) and PDA (Windows Mobile 2003/2005) platforms Linux compatibility (Crypto loop "losetup", dm-crypt and LUKS supported) "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability" FreeOTFE volumes have no "signature" to allow them to be identified as such Encrypted volumes can be either file or partition based (Dean, 2007).

- 3.4 Steganographic features
The most compelling features are the features offered in some of the 3rd party utilities which use a false nested file system image which is accessible with a panic password incase you are cohersed into giving the password so that at this first glance there would be plausible deniability (Dean, 2007)(TrueCrypt Foundation, 2007).

Simply renaming the encrypted volume file to appear as something else (such as an MP3 or a JPEG) requires the use of a 3rd party stegnagraphy utility such as Jsteg(Guillermito, 2004). Unfortunately there are ways of detecting this kind of embedding in images and possibly in other kinds of stegnagraphic containers formats (Raggo, 2007)(Fridrich, Goljan and Hogea 2006).
-=-=-=-=-=-=-=-=-=-=-=-=-=-
4.......... Summary

We have glossed over several methods of securely storing sensitive information. Combining these methods with other methods of securing information physically, electronically (through ciphering) and through safe computing practices you should have a fighting chance at keeping your data from prying eyes. Granted the data we are protecting is usually not as valuable as we think nor so worthless as to not disserve our attention to keeping it safe. A little paranoia can be healthy.

-=-=-=-=-=-=-=-=-=-=-=-=-=-
5.......... Works cited

Jessica Fridrich, Miroslav Goljan, Dorin Hogea. "Steganalysis of JPEG Images: Breaking the F5
Algorithm." (April 2006)
http://www.ws.binghamton.edu/fridrich/Research/f5.pdf

Guillermito. "Extracting data embedded with JSteg." (February 2004)
http://www.guillermito2.net/stegano/jsteg/index.html

Raggo, Michael. (Accessed February 2007)
http://www.spy-hunter.com/stego.html

Etienne, Jerome ".Vulnerability in encrypted loop device for Linux" (December 2001)
http://www.off.net/~jme/loopdev_vul.html

Shimomura, Tsutomu and Markoff, John. "Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It." Warner Books Inc (December 1996). ISBN-13: 978-0786889136

-3rd Party Security Products
Dean, Sarah "Free OTFE." (Accessed February 2007)
http://www.freeotfe.org/

TrueCrypt Foundation websirte. (Accessed February 2007)
http://www.truecrypt.org/

-Opperating systems, security feature implementation and howto's

Microsoft Inc. "Encrypting File System overview." (Accessed February 2007)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true

Apple Corp. "Mac OS X: How to create a password-protected (encrypted) disk image." (Accessed February 2007)
http://docs.info.apple.com/article.html?artnum=107333

g-loaded.eu, "Encrypt devices using dm-crypt and LUKS." (November 2005)
http://www.g-loaded.eu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/

OpenBSD foundation. (Accessed 2007)
http://www.openbsd.org

-=-=-=-=-=-=-=-=-=-=-=-=-=-EOF-=-=-=-=-=-=-=-=-=-=-=-=-=-

blog comments powered by Disqus