Karol Babioch schrieb:
Hi, I'm wondering whether there is a possibility to encrypt a remote system using Arch Linux? I have installed Arch on a remote server, and don't like the idea that anyone with physical access to my system has access to my data. So is there something I can do about it? Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system. So is there anything I can do?
I thought about this topic and concluded that security will be the same as without encryption:
What is encryption good for? It protects against someone with physical access being able to decrypt your data. Once the machine is running, you'd have to circumvent the usual access control, whether the system is encrypted or not.
This security relies on two things:1) The passphrase ensures that only authorized people can access the data on the drive. 2) Somehow, you need to ensure that you only give the passphrase to the machine it belongs to.
The first point would be rather easy, even with a remote system. But the second is the problem.
On your desktop or laptop, you verify 2) by looking at it and saying "Yes, this is definitely my machine, so I can give it the passphrase". For a remote machine, you have to rely on cryptography. The security of cryptography is based on the remote machine having a private secret (like a private key to a certificate or a SSH private host key). Now, as we said, encrypting the hard drive is for protecting against people getting physical access to your hard drive. So if someone has physical access to the machine, he/she can easily grab that private secret and perform an effective man-in-the-middle attack and sniff your passphrase - or even better, install a modified cryptsetup binary and make it save the raw encryption key in some place.
In other words: You'd have to trust the unencrypted portion of your system to do what you expect it to do - which you can't.
That said, such an attack is also easily possible on your desktop or laptop. If someone would steal the laptop, modify your kernel or initramfs and then give it back to you, he/she could have done anything to it to sniff the passphrase as you enter it. In case you can not ensure that the laptop has not been tampered with, you'd have to re-create your bootloader, kernel and initramfs from a trusted source before using it again (also impossible for a remote machine).
However, one bit of added security is possible for a remote machine: If someone steals the hard drive without getting to your passphrase first, he/she would not be able to obtain any data. But someone who would simply steal it, wouldn't be interested in your data anyway. Everyone who is interested can (as seen above) easily get it.
My conclusion: You should rather concentrate on securing against remote attacks via the network, which are more likely than physical attacks, and you can actually protect yourself effectively against those.
Attachment:
signature.asc
Description: OpenPGP digital signature