You are here: Home how to... Remote Crypto FS

Remote Crypto FS

How to safely store data on untrusted systems.

Overview

When contemplating an off site subversion repository for backup purposes, a cheap dedicated server came to mind. However the question of security was unanswered as the system is owned and managed by a third party. A mechanism was needed, that allows storage of this data in such a way that it is impossible for owner or anybody with physical access to the hardware to ever be able to access this data. After pondering this problem over a cup of tea i came to the following solution.

Assumptions

The trusted machine is an internal machine that wishes to replicate the data. The untrusted machine is off site in a potentially hostile environment, such as a dedicated server or cloud.

Short Answer

The idea is basically to use cfs on the trusted machine and store the encrypted directory on the untrusted machine. All access to the unencrypted data only happens on the trusted machine.

Detailed Answer

First we need the packages installed. On Kubuntu this means

apt-get install cfs sshfs

Other distros vary and sshfs is only needed if that is the chosen way to gain access to the remote directory. As a quick test i did the following.

Create a data directory on the untrusted machine:

mkdir /shared/
This directory should either be shared using NSF, Samba or other mechanism or could be accessed using sshfs. I'm going to detail sshfs. So on the trusted machine issue something like 
mkdir /mnt/untrusted
sshfs user@untrusted:/shared /mnt/untrusted -oallow_other

In this command i create /mnt/untrusted as an empty directory on which the remote share can be mounted. There i create my CFS directory using

cd /mnt/untrusted
cmkdir crypt

cmkdir will ask for a pass phrase that has to be at least 16 characters long. It will ask twice.

I don't like accessing mounted directories directly as things will be written even if the mount failed. This has potentially nasty consequences. So i sym link to something inside of the share and access that instead. If the mount fails i get an error, a good thing (TM).

ln -s /mnt/untrusted/crypt /mnt/crypt

Now i can attach the remote encrypted file system using

cattach crypt clear

This will place a clear text version of the file system in what CFS knows as CRYPT_ROOT. On Kubuntu that translates to /var/cfs. In our case our clear text directory will be /var/cfs/clear. Other distros may use different locations. Now i can copy my subversion repository or whatever else i like into this directory. Then i can either automatically mount the crypto fs every time or leave it mounted and just run something like

svnadmin dump --incremental -r${LAST_BACKED}:${LATEST} /home/svn/repo | svnadmin load /var/cfs/clear/repo

It's obvious that this setup can be used for just about any application where disk space is needed. The only limit at the moment is that applications must run on the local trusted system to prevent unauthorized access from the untrusted system.

 Disclaimer

 I have only tried out what i described. I have not tested this in a large scale manner. 

 

Document Actions

Copyright © 2007-2015 Mario Theodoridis. All rights reserved. Content licensed under AFL.   Impressum   Datenschutz
Content from the underlying Plone CMS is © 2000-2009 by the Plone Foundation