freebsd-dev/share/man/man4/gbde.4

.\" 
.\" Copyright (c) 2002 Poul-Henning Kamp
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by Poul-Henning Kamp
.\" and NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The names of the authors may not be used to endorse or promote
.\"    products derived from this software without specific prior written
.\"    permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\" 
.Dd October 19, 2002
.Os
.Dt gbde 4
.Sh NAME
.Nm gbde
.Nd Geom Based Disk Encryption.
.Sh SYNOPSIS
.Cd options GEOM_BDE
.Sh DESCRIPTION
.Pp
The objective of this facility is to provide a high degree of
denial of access to the contents of a
.Dq cold
storage device.
.Pp
Be aware that if the computer is compromised while up and running
.Em and
the storage device is actively attached and opened with a valid
pass-phrase, this facility offers no protection or denial of access
to the contents of the storage device.
.Pp
If on the other hand, the device is
.Dq cold
it should present an formidable
challege for an attacker to gain access to the contents in the absense of
a valid pass-phrase.
.Pp
Four cryptographic barriers must be passed to gain access to the data,
and only a valid pass-phrase will allow yield this access.
.Pp
When the pass-phrase is entered, it is used to seed an ARC4 based
byte oriented PNRG which is used to produce what we call the
.Dq key-material .
This is a way to producing cryptographic usable keys from a typically
all-ASCII pass-phrase of an unpredictable user-selected length.
.Ss First barrier: the location of the \&"master-lock" sector.
During initialization, up to four indepenent but mutually aware
.Dq master-key
sectors are written to the device in randomly chosen
locations.
These master-keys contain a 2048 random bit key and a number of parameters
of the layout geometry (more on this later).
Since the entire device will contain isotropic data, there is no way
short of trying, to determine which sequence of bytes contain 
the encrypted master-key.
.Pp
To find one of these sectors, a small piece of data called the
.Dq lockdata
and the key-material must be available.
The key-material decrypts the
lockdata, which contains the byte offset on the device where the
master-key is located.
If the lockdata is lost or unavailable but the key-material is at
hand, it would be feasible to do a brute force scan where each byte offset
of the device is checked to see if it contains the master-key data.
.Ss Second barrier: decryption of the master-key using key-material.
The master-key is stored in an architecture neutral byte-sequence which
is scrambled and encrypted with the key-material.
.Ss Third barrier: decryption of the sector key.
Using a PNRG like process seeded with the sector address and the 2048 bit key 
from the master-key a per-sector key is derived which is used to encrypt
the sector key which is stored on the disk.
.Ss Fourth barrier: decryption of the sector data.
The actual payload of the sector is encrypted with a single-use random bits
key.
.Ss Examining the reverse path
Assuming an attacker who knows an amount of plaintext, and has managed to
locate the corresponding encrypted sectors on the device, gaining access
to the plaintext context of other sectors is a daunting task:
First he will have to derive from the encrypted sector and the known plain
text the sector key(s) used.
(At the time of writing, it is speculated that it could maybe be possible
to do so in only 2^80 operations which is still a staggering number).
.Pp
Armed with one or more sector keys, our patient attacker will then go
through essentially the same exercise, using the sector key and the
encrypted sector key to find the key used to encrypt the sectorkey.
.Pp
Armed with one or more of these
.Dq key-keys ,
our attacker has to derive
as much information about the 2048 bit master-key.
To do so, he
first has to reverse an MD5 hash, and then the PRNG-like algorithm
which derives the MD5 input from the master-key.
.Pp
Any attacker with access to the necessary machine power will probably be
better off attempting to brute-force the pass-phrase.
.Ss Postive denial facilities
Considering the infeasibility of the above attack,
gaining access to the pass-phrase will be of paramount importance for an
attacker,
and a number of scenarios can be imagined where undue pressure will be
applied to an individual to divulge the pass-phrase.
.Pp
A "Blackening" feature, given a moment of opportunity, provides a way
for the user to destroy the master-key in such a way that the pass-phrase
will still be acknowlegded as good but access to the data will still be
denied.
.Ss A practical analogy
For persons who think cryptography is only slightly more interesting than
watching silicon sublimate the author humbly offers this analogy to the
keying scheme for a protected device:
.Pp
Imagine an installation with a vault with walls of several hundred meters
thick solid steel.  This vault can only be feasibly accessed using the
single key, which has a complexity comparable to a number with 600 digits.
.Pp
This key exists in four copies, each of which is stored in one of 
four small safes, each of which can be opened
with unique key which has a complexity comparable to a 40 digit
number.
.Pp
In addition to the masterkey, each of the four safes also contain
the exact locations of all four key-safes which are located in
randomly chosen places on the outside surface of the vault and they
are impossible to detect when they are closed.
.Pp
Finally, each safe contains four switches which are wired to a bar
of dynamite inside each of the four safes.
.Pp
In addition to this, a keyholder after opening his key-safe is 
also able to install a copy of the master-key and re-key any of
key-safes (including his own).
.Pp
In normal use, the user will open the safe for which he has the key,
take out the master-key and access the vault.
When done, he will lock up the master-key in the safe again.
.Pp
If a keyholder-X for some reason distrusts keyholder-Y, she
has the option of opening her own safe, flipping one of the switches
and thereby detonate the bar of dynamite in safe-Y.
This will obliterate the master-key in that safe and thereby deny
keyholder-Y access to the vault.
.Pp
Should the facility come under attack, any of the keyholders can detonate
all four bars of dynamite and thereby make sure that access to the
vault is denied to everybody, keyholders and attackers alike.
Should the facility fall to the enemy, and a keyholder be forced to apply
his personal key, he can do so in confidence that the contents of his safe
will not yield access to the vault, and the enemy will hopefully realize
that applying further pressure on the personel will not give access to
the vault.
.Pp
The final point to make here is that it is perfectly possible to
make a detached copy of any one of these keys, including the master
key, and deposit or hide it as one sees fit.
.Ss Steganography support
When the device is initialized, it is possible to restrict the encrypted
data to a single contiguous area of the device.
If configured with care, this area could masquerade as some sort of
valid data or as random trash left behind by the systems operation.
.Pp
This can be used to offer a plausible deniablity of existence, where
it will be impossible to prove that this specific area of the device
is in fact used to store encrypted data and not just random junk.
.Pp
The main obstacle in this is that the output from any encryption algorithm
worth its salt is so totally random looking that it stands out like a sore
thumb amongst practically any other sort of data which contains at least
some kind of structure or identifying byte sequences.
.Pp
Certain file formats like ELF contain multiple distinct sections, and it
would be possible to locate things just right in such a way that a device
contains a partition with a filesystem with a large executable,
.Dq ( "a backup copy of my kernel" )
where a non-loaded ELF section is laid out
consecutively on the device and thereby could be used to contain a
.Nm
encrypted device.
.Pp
Apart from the ability to instruct
.Nm
which those sectors are, no support is provided for creating such a setup.
.Pp
.Ss Deployment suggestions
For personal use, it may be wise to make a backup copy of the masterkey
or use one of the four keys as a backup.
Fitting protection of this key is up to yourself, your local circumstances and
your imagination.
.Pp
For company or institutional use, it is strongly advised to make a copy
of the master-key and put it under whatever protection you have at your
means.
If you fail to do this, a disgruntled employee can not deny access to
the data by accident.
(The employee can still intentionally deny access by applying another
encryption scheme to the data, but that problem has no technical solution).
.Ss Cryptographic strength
This section lists the specific components which contribute to the cryptographic
strength of
.Nm .
.Pp
The payload is encrypted with AES in CBC mode using a 128 bit random 
single-use key
.Dq ( "the skey" ) .
AES is well documented.
.Pp
The random key is produced with
.Xr arc4rand 9
which is belived to do a respectable job at producing unpredictable bytes.
.Pp
The skey is stored on the device in a location which can be derived from
the location of the encrypted payload data.
The stored copy is encrypted with AES in CBC mode using a 128 bit key
.Dq ( "the kkey" )
derived
from the master key using a purpose built PRNG like algorithm seeded
with the sector address of the data in question.
The function of the PRNG is to produce a hash of the masterkey
unique for each of the payload sectors on the device in one-way
sort of way.
Up to 12.5% of the masterkey (32 bytes out of 2048 bits) will be involved
in producing each kkey.
Since the one-way properties of this algorithm has not been properly
studied and therefore may have any strength, the output is subsequently
hashed using MD5 to get the final kkey.
MD5 is well documented.
.Pp
Up to four copies of the master-key and associated geometry information
is stored on the device in randomly chosen locations.
Each of these copies are XORed with key-material and subsequently
encrypted with AES in CBC mode using 128 bit key-material.
.Pp
The key-material is derived from the user-entered pass-phrase using
an ARC4 PRNG.
ARC4 is a very simple algorithm, the sbox of which can be in up 
to 2^1700 possible states.
ARC4 is compatible with RC4, the formal documentation and analysis
of which is not publically available.
.Pp
The ARC4 PRNG is seeded with the pass-phrase as selected and entered
by the user.
Each additional byte of pass-phrase after the first 255 adds significantly
less entropy to the initial state of the ARC4 sbox due to aliasing in
the ARC4 seeding algorithm.
.Pp
No chain is stronger than its weakest link, which usually is poor pass-phrases.
.Sh SEE ALSO
.Xr gbde 8 .
.Rs
.%A Poul-Henning Kamp
.%T "Making sure data is lost: Spook-strength encryption of on-disk data"
.%R "Refereed paper, NORDU2003 conference"
.Re
.Sh HISTORY
This software was developed for the FreeBSD Project by Poul-Henning Kamp
and NAI Labs, the Security Research Division of Network Associates, Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
DARPA CHATS research program.
.Sh AUTHORS
.An "Poul-Henning Kamp" Aq phk@FreeBSD.org