> On Sat, Aug 14, 2004 at 03:36:48PM +0200, Philipp Marek wrote: > > I'd like to share some ideas about various ways to implement a > > tamper-proof filesystem for linux. > > Do you mean a trip-wire-like protection of the file system, or are you > concerned with media failure only? "It could be both" (If you know what I think of :-) > For protection against malicios data modification, the tricky part is > also to integrate every vd record (or group of vd blocks) with all other > encrypted data (a modification of a vd needs to lead to a major, > detectable modification of all encrypted data, or at least a specificly > designed sensitive part of it). Otherwise, a commonly known problem is > that someone who was able to obtain an earlier copy of the encrypted > data can extract a block (or a group of blocks that share the same vd / > vd's group) from the earlier copy can substitute it in the new version > of the encrypted volume, thus modifying a part of the encrypted data > without being detected. Then I believe it would be necessary to integrate the encryption in the filesystem, so that some special blocks can be used to verify the integrity. ie. have every block signed by some other, up to some "top" blocks which certify the tree-structure downwards. Of course, if all blocks of this device are just saved and later restored, no change can be found. Thank you for the answer. Regards, Phil - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
