[dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[michaelof]

Dear list members,


as a newbie I've read the detailed FAQ at https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions and
was deeply impressed by the carefulness of the author aubout the highly political various perilous aspects of
encryption. Great job, thank you !!!

My intention for a usage of LUKS / cryptsetup are less political, but privacy. To get control back for my private data,
I'm running a Vserver with a complete mail server setup (postfix, dovecot, ...) plus owncloud and a couple of other free
software.

My questions here are of a more general nature, hopefully not be seen as off-topic by the valued list members:

As my Vserver is hardened against potential outside attacks as much as I've been able to, it's currently completely
unprotected against "internal" attacks.  Means that anyone from the hosting company e.g. could clone this Vserver or
copy the unecnrypted virtual disks, even without my knowledge, and access all data on it.

Of course I trust this hosting company, otherwise I wouldn't have chosen them. But I would like to "solve" this generic
issue, if possible, independent of a specific company.

In the German IT journal "c't" I've found an interesting article about encrypting a home server against data theft, if
the home server get's physically stolen. Could easily be done by encrypting the whole disk(s), sure. But imho a very
nice idea of this article was a LXC container based setup. A non-excrypted base setup with more or less only sshd, and
an encrypted container for anything else. Nice idea, because this setup is able to "survive" a reboot after power-loss,
sending an email to the server-owner, notifying him to ssh-login and restart the inner container = entering the
deencryption password(s).

Having read this article, I've started to think about if this scenario wouldn't also be perfectly suitable for my
Vserver requirements.

But when asking the author of this article about some small questions left, he stated his personal opinion that any
encryption on an externally hosted vserver/VPS would be a waste of time. Because the to be entered at boot time
deencryption passwords would be stored in memory of the virtual machine (all is KVM based at this company), they could
easily be read from memory, in case of a "real" attack.

Coming to the point: As this sounds reasonable, is there any chance to circumvent this issue?


Thank you,
Michael

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Daniel P. Berrange]

On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
> 
> Dear list members,
> 
> 
> as a newbie I've read the detailed FAQ at https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions and
> was deeply impressed by the carefulness of the author aubout the highly political various perilous aspects of
> encryption. Great job, thank you !!!
> 
> My intention for a usage of LUKS / cryptsetup are less political, but privacy. To get control back for my private data,
> I'm running a Vserver with a complete mail server setup (postfix, dovecot, ...) plus owncloud and a couple of other free
> software.
> 
> My questions here are of a more general nature, hopefully not be seen as off-topic by the valued list members:
> 
> As my Vserver is hardened against potential outside attacks as much as I've been able to, it's currently completely
> unprotected against "internal" attacks.  Means that anyone from the hosting company e.g. could clone this Vserver or
> copy the unecnrypted virtual disks, even without my knowledge, and access all data on it.
> 
> Of course I trust this hosting company, otherwise I wouldn't have chosen them. But I would like to "solve" this generic
> issue, if possible, independent of a specific company.
> 
> In the German IT journal "c't" I've found an interesting article about encrypting a home server against data theft, if
> the home server get's physically stolen. Could easily be done by encrypting the whole disk(s), sure. But imho a very
> nice idea of this article was a LXC container based setup. A non-excrypted base setup with more or less only sshd, and
> an encrypted container for anything else. Nice idea, because this setup is able to "survive" a reboot after power-loss,
> sending an email to the server-owner, notifying him to ssh-login and restart the inner container = entering the
> deencryption password(s).
> 
> Having read this article, I've started to think about if this scenario wouldn't also be perfectly suitable for my
> Vserver requirements.
> 
> But when asking the author of this article about some small questions left, he stated his personal opinion that any
> encryption on an externally hosted vserver/VPS would be a waste of time. Because the to be entered at boot time
> deencryption passwords would be stored in memory of the virtual machine (all is KVM based at this company), they could
> easily be read from memory, in case of a "real" attack.
> 
> Coming to the point: As this sounds reasonable, is there any chance to
> circumvent this issue?

If the attacker has access to the physical host while your VM is running,
then (with current hardware) there is essentially nothing you can do to
prevent a skilled person getting your master key out of VM memory. AMD
recently announced a memory encryption feature that might make it possible
to protect guest keys from a host attacker, but its still very early days
in its developement & integration into virtualization technology, so a very
long way off being available in any public hosting provider.

Encrypting your VM's disks is still a useful thing todo, however, since
there's plenty of ways to attack a VM hosting provider which don't involve
access to the compute host itself. For example, if the hosting provider is
storing your VM's disks on NFS or ISCSI, etc, and someone attacks the NFS
/ ISCSI server, they won't be able to read your encrypted data since the VM
containing the keys in RAM is on a different host[1]. Similarly if the VM
hosting provider's network is compromised and they're using an unencrypted
network storage protocol, then using encryption in your VM prevents people
sniffing the NFS/iSCSI network packets from seeing your data.

Regards,
Daniel

[1] I'm assuming key passphrase is entered interactively on the console when
    the VM is booted. If you store key passphrase in an unencrypted partition
    of the disk, that throws away useful protection.
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Arno Wagner]

On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
[...]
> If the attacker has access to the physical host while your VM is running,
> then (with current hardware) there is essentially nothing you can do to
> prevent a skilled person getting your master key out of VM memory. AMD
> recently announced a memory encryption feature that might make it possible
> to protect guest keys from a host attacker, but its still very early days
> in its developement & integration into virtualization technology, so a very
> long way off being available in any public hosting provider.

I think this is more about proteching VMs from each other than 
from the Hypervisor, think memory deduplication, copy-on-write
and caches that leak information from one VM to another.  

Regards,
Arno


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Daniel P. Berrange]

On Tue, Feb 21, 2017 at 05:21:24PM +0100, Arno Wagner wrote:
> On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> > On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
> [...]
> > If the attacker has access to the physical host while your VM is running,
> > then (with current hardware) there is essentially nothing you can do to
> > prevent a skilled person getting your master key out of VM memory. AMD
> > recently announced a memory encryption feature that might make it possible
> > to protect guest keys from a host attacker, but its still very early days
> > in its developement & integration into virtualization technology, so a very
> > long way off being available in any public hosting provider.
> 
> I think this is more about proteching VMs from each other than 
> from the Hypervisor, think memory deduplication, copy-on-write
> and caches that leak information from one VM to another.

Protecting the VM from the host is very much in scope of what AMD
is aiming to achieve with its SEV technology & KVM. The impl it
isn't there yet, but it is one of the intended targets.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Arno Wagner]

On Tue, Feb 21, 2017 at 17:33:54 CET, Daniel P. Berrange wrote:
> On Tue, Feb 21, 2017 at 05:21:24PM +0100, Arno Wagner wrote:
> > On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> > > On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
> > [...]
> > > If the attacker has access to the physical host while your VM is running,
> > > then (with current hardware) there is essentially nothing you can do to
> > > prevent a skilled person getting your master key out of VM memory. AMD
> > > recently announced a memory encryption feature that might make it possible
> > > to protect guest keys from a host attacker, but its still very early days
> > > in its developement & integration into virtualization technology, so a very
> > > long way off being available in any public hosting provider.
> > 
> > I think this is more about proteching VMs from each other than 
> > from the Hypervisor, think memory deduplication, copy-on-write
> > and caches that leak information from one VM to another.
> 
> Protecting the VM from the host is very much in scope of what AMD
> is aiming to achieve with its SEV technology & KVM. The impl it
> isn't there yet, but it is one of the intended targets.

Well, _marketing_ may have put it in scope, but I very much 
doubt they can do it (because it is basically infeasible 
without taking control of the CPU away from its owner) and 
I expect AMD _engineering_ knows that.

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Arno Wagner]

On Tue, Feb 21, 2017 at 14:42:51 CET, michaelof@rocketmail.com wrote:
> 
> Dear list members,
> 
> 
> as a newbie I've read the detailed FAQ at
> https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
> and was deeply impressed by the carefulness of the author aubout the
> highly political various perilous aspects of encryption.  Great job, thank
> you !!!

Thank you. It is nice to have one's work appreciated.
 
> My intention for a usage of LUKS / cryptsetup are less political, but
> privacy.  To get control back for my private data, I'm running a Vserver
> with a complete mail server setup (postfix, dovecot, ...) plus owncloud
> and a couple of other free software.
> 
> My questions here are of a more general nature, hopefully not be seen as
> off-topic by the valued list members:
> 
> As my Vserver is hardened against potential outside attacks as much as
> I've been able to, it's currently completely unprotected against
> "internal" attacks.  Means that anyone from the hosting company e.g. 
> could clone this Vserver or copy the unecnrypted virtual disks, even
> without my knowledge, and access all data on it.
> 
> Of course I trust this hosting company, otherwise I wouldn't have chosen
> them.  But I would like to "solve" this generic issue, if possible,
> independent of a specific company.
> 
> In the German IT journal "c't" I've found an interesting article about
> encrypting a home server against data theft, if the home server get's
> physically stolen.  Could easily be done by encrypting the whole disk(s),
> sure.  But imho a very nice idea of this article was a LXC container based
> setup.  A non-excrypted base setup with more or less only sshd, and an
> encrypted container for anything else.  Nice idea, because this setup is
> able to "survive" a reboot after power-loss, sending an email to the
> server-owner, notifying him to ssh-login and restart the inner container =
> entering the deencryption password(s).
> 
> Having read this article, I've started to think about if this scenario
> wouldn't also be perfectly suitable for my Vserver requirements.
> 
> But when asking the author of this article about some small questions
> left, he stated his personal opinion that any encryption on an externally
> hosted vserver/VPS would be a waste of time.  Because the to be entered at
> boot time deencryption passwords would be stored in memory of the virtual
> machine (all is KVM based at this company), they could easily be read from
> memory, in case of a "real" attack.
> 
> Coming to the point: As this sounds reasonable, is there any chance to
> circumvent this issue?

What I personally do is much sinpler than the c't solution: I just 
have an additional data partition with LUKS for critical data.
The whole base-system with everything is non-encrypted. That way
I have a fully functional linux-system on reboot, but just no
access to any confidental data. 

My rationale is that an attacker with physical access can always 
do what they want. An initrd that decrypts the root partition
makes it a bit harder, but not that much. The attacker simply needs
to first compromise the initrd, or he can directly compromise
the kernel image. That is not even very hard, just find an exploit
whith samle code, and undo the patches done to the kernel to make
it not work.

As to the vserver, I am afraid nothing can be done against a 
malicious hosting provider. They can do everything and that 
inclused root-logins you never see and querying of the LUKS 
master key that you also never see (see FAQ Item 6.10 for a
bit of background). They can also just crash your vserver 
and listen to the password as you type it in to get it up 
again. Countless other possibilities exist.

I do agree that it would be really useful to have VMs in
"secure containers" that are secure aganst the owner and
operator of the hardware, but that is not happening anytime
soon, if ever.

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

[Michael Kjörling]

On 21 Feb 2017 14:42 +0100, from michaelof@rocketmail.com:
> But when asking the author of this article about some small
> questions left, he stated his personal opinion that any encryption
> on an externally hosted vserver/VPS would be a waste of time.
> Because the to be entered at boot time deencryption passwords would
> be stored in memory of the virtual machine (all is KVM based at this
> company), they could easily be read from memory, in case of a "real"
> attack.
> 
> Coming to the point: As this sounds reasonable, is there any chance
> to circumvent this issue?

That post was a whole lot of text to ask "is there any way to protect
data on a VPS guest against an attacker with full hypervisor access?".

Basically, the answer to that is _no_.

If the attacker has hypervisor access, they can snapshot the VM's RAM
right along with the storage. Because the data encryption key is
necessarily in RAM, the rest is simply a matter of going through the
data structures in kernel memory to locate the key material. Nothing
running inside the VM will know it ever happened.

For the purposes of the above, CPU registers can be treated as
identical to RAM.

There has been some discussion on methods of encryption without
exposing the key, but IIRC that's more about restricting exposure to
the _guest_, not the _hypervisor_. That has some value, but does not
against the threat model you describe. And I'm pretty sure not even
that is widely implemented anywhere.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)