Encrypting remote system

Hi,

I'm wondering whether there is a possibility to encrypt a remote system
using Arch Linux? I have installed Arch on a remote server, and don't
like the idea that anyone with physical access to my system has access
to my data. So is there something I can do about it?

Using dm-crypt (with luks) doesn't work at all, as I can't input the
passphrase when I reboot my system, the technician would really hate me
if I ask them to attach a remote console each time I reboot my system.

So is there anything I can do?

--
Best regards,
Karol Babioch <karol@...>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karol Babioch wrote:
> Using dm-crypt (with luks) doesn't work at all, as I can't input the
> passphrase when I reboot my system, the technician would really hate me
> if I ask them to attach a remote console each time I reboot my system.

You can install a base system and put VMs onto encrypted drives. Then
you can ssh there and unlock/boot the VMs.

- --
Florian Pritz -- {flo,bluewind}@...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJK7aTYAAoJEG0WVcFM4cE+220P/jTfoRiEUHyIRRGm5kKa+UPX
I9bQu/NH05ALXh3fkk8qGWqxP7cEM3IPvdAwoUeCXkZ0qZ+Vli0kinypWynQwtIZ
xcshtnFPZ4zEKrrs+7e/ljLWlMUKj6/1yxQqu/1k5pqTjZdzxPfhj8NCT+VsVXoB
RIDOh7vtcgagLSQSFmfg84LMvJCNdwd13kXSqP2yNXYI4A+UcF43VDozStH9tdG8
QQroixq93X5VdI4iNCC0FcEfTxjtuwHmncWORb3vhqGOkkSCElRCOBO5N4WxTu8x
qoHR+cxlrB72wvglr5l/en3KzxoWQk4Ur7Uc/PwksIhCy9+KUoGLkTmkCTrdU4Nq
i1NJwYQWZo8G3iLXqDAdAQaBUcnIm8Geraj1f6mN4zg7rKwoAM0PfMiz1lvHfG3G
uc6X+JkCcWpdWhGSfZ2Ncn6UHDjEAgshMaRHhyUleEHnttdL0HaMC9SSo2ofoZL7
4wvNDc7LqQ9eG3iSI6OAzd2d9ZCs+Qj/Id6mWVarcYODhxwE8PzQczxoixUxuWA0
w+yu9JfUqE1LDjp1BgaLgnUSVArz+CUAgA1bfhNT45YJRmIBmkaXBwQ0ZyP+9pwF
CTdvr44+XEz4bHB6ict5Y80Yvbl7QUgkhEExkRE6l19oL1rd6EAe44gxoI+k0FOj
YMz3RCT7A+WFu/pObd2b
=yTW2
-----END PGP SIGNATURE-----

On 01/11/09 15:06, Karol Babioch wrote: AFAICS there is *nothing* you can do against someone with physical access.
Encrypting the disk will only protect it while it's at rest, as soon as you've
booted the system you're back to the situation where you have to trust the
physical hardware, network, etc.

I assume you're talking about encrypting the *entire system* (as opposed to
just your home directory, since that would be obviously without any effect at
all).  Given that, out of curiosity, how do you plan on getting the password
to the remote system at boot time?

/M

--
Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus＠therning．org          Jabber: magnus＠therning．org
http://therning.org/magnus         identi.ca|twitter: magthe

On So, 2009-11-01 at 20:19 +0000, Magnus Therning wrote:
> how do you plan on getting the password
> to the remote system at boot time?

That was the thing I wanted to know from you ;). However the idea with
the virtual machine(s) isn't that bad at all, I will look into it when I
have some spare time.

--
Best regards,
Karol Babioch <karol@...>

On Sun, 01 Nov 2009 20:19:46 +0000
Magnus Therning <magnus@...> wrote:

1) if your server supports it, you could use IPMI serial-over-lan
2) you can encrypt your / or /home, there are ways to have the early
userspace start an ssh daemon so you can connect it.
3) if you're really paranoid: somebody could overwrite your
bios/bootloader/early userspace and sniff your password when you enter
it (remotely).
4) and then there is what Magnus said. (IIRC ipmi SOL is plaintext)

Dieter

Karol Babioch schrieb: I thought about this topic and concluded that security will be the same
as without encryption:

What is encryption good for? It protects against someone with physical
access being able to decrypt your data. Once the machine is running,
you'd have to circumvent the usual access control, whether the system is
encrypted or not.

This security relies on two things:
1) The passphrase ensures that only authorized people can access the
data on the drive.
2) Somehow, you need to ensure that you only give the passphrase to the
machine it belongs to.

The first point would be rather easy, even with a remote system. But the
second is the problem.

On your desktop or laptop, you verify 2) by looking at it and saying
"Yes, this is definitely my machine, so I can give it the passphrase".
For a remote machine, you have to rely on cryptography. The security of
cryptography is based on the remote machine having a private secret
(like a private key to a certificate or a SSH private host key).
Now, as we said, encrypting the hard drive is for protecting against
people getting physical access to your hard drive. So if someone has
physical access to the machine, he/she can easily grab that private
secret and perform an effective man-in-the-middle attack and sniff your
passphrase - or even better, install a modified cryptsetup binary and
make it save the raw encryption key in some place.

In other words: You'd have to trust the unencrypted portion of your
system to do what you expect it to do - which you can't.

That said, such an attack is also easily possible on your desktop or
laptop. If someone would steal the laptop, modify your kernel or
initramfs and then give it back to you, he/she could have done anything
to it to sniff the passphrase as you enter it. In case you can not
ensure that the laptop has not been tampered with, you'd have to
re-create your bootloader, kernel and initramfs from a trusted source
before using it again (also impossible for a remote machine).

However, one bit of added security is possible for a remote machine: If
someone steals the hard drive without getting to your passphrase first,
he/she would not be able to obtain any data. But someone who would
simply steal it, wouldn't be interested in your data anyway. Everyone
who is interested can (as seen above) easily get it.

My conclusion: You should rather concentrate on securing against remote
attacks via the network, which are more likely than physical attacks,
and you can actually protect yourself effectively against those.