Tuesday 10 April 2007 by Bradley M. Kuhn
One of my biggest worries in using a laptop is that data can suddenly become available to anyone in the world if a laptop is lost or stolen. I was reminded of this during the mainstream media coverage1 of this issue last year.
There's the old security through obscurity perception of running GNU/Linux systems. Proponents of this theory argue that most thieves (or impromptu thieves, who find a lost laptop but decide not to return it to its owner) aren't likely to know how to use a GNU/Linux system, and will probably wipe the drive before selling it or using it. However, with the popularity of Free Software rising, this old standby (which never should have been a standby anyway, of course) doesn't even give an illusion of security anymore.
I have been known as a computer security paranoid in my time, and I keep a rather strict regiment of protocols for my own personal computer security. But, I don't like to inflict new onerous security procedures on the otherwise unwilling. Generally, people will find methods around security procedures when they aren't fully convinced they are necessary, and you're often left with a situation just as bad or worse than when you started implementing your new procedures.
My solution for the lost/stolen laptop security problem was therefore two-fold: (a) education among the userbase about how common it is to have a laptop lost or stolen, and (b) providing a simple user-space mechanism for encrypting sensitive data on the laptop. Since (a) is somewhat obvious, I'll talk about (b) in detail.
I was fortunate that, in parallel, my friend Paul and one of my
coworkers discovered how easy it is to use encfs
and
told me about it. encfs
uses the Filesystem in
Userspace (FUSE) to store encrypted data right in a user's own home
directory. And, it is trivially easy to set up! I used Paul's tutorial
myself, but there are many published all over the Internet.
My favorite part of this solution is that rather than an onerous
mandated procedure, encfs
turns security into user
empowerment. My colleague James wrote up a tutorial for our internal
Wiki, and I've simply encouraged users to take a look and consider
encrypting their confidential data. Even though not everyone has
taken it up yet, many already have. When a new security measure
requires substantial change in behavior of the user, the measure works
best when users are given an opportunity to adopt it at their own
pace. FUSE deserves a lot of credit in this regard, since it lets
users switch their filesystem to encryption in pieces (unlike other
cryptographic filesystems that require some planning ahead). For my
part, I've been slowly moving parts of my filesystem into an encrypted
area as I move aside old habits gradually.
I should note that this solution isn't completely without cost. First,
there is no metadata encryption, but I am really not worried about
interlopers finding out how big our nameless files and directories are
and who created them (anyway, with an SVN checkout, the interesting
metadata is in .svn
, so it's encrypted in this case).
Second, we've found that I/O intensive file operations take
approximately twice as long (both under ext3 and XFS) when using
encfs
. I haven't moved my email archives to my encrypted
area yet because of the latter drawback. However, for all my other
sensitive data (confidential text documents, IRC chat logs, financial
records, ~/.mozilla
, etc.), I don't really notice the
slow-down using a 1.6 Ghz CPU with ample free RAM. YMMV.
1
BTW, I'm skeptical about the FBI's claim in that
old Washington Post article which states
“review of the equipment by computer forensic teams has
determined that the data base remains intact and has not been
accessed since it was stolen”. I am mostly clueless about
computer forensics; however, barring any sort of physical seal on
the laptop or hard drive casing, could a forensics expert tell if
someone had pulled out the drive, put it in another computer, did a
dd if=/dev/hdb of=/dev/hda
, and then put it back as it
was found?
Posted on Tuesday 10 April 2007 at 16:21 by Bradley M. Kuhn.
Submit comments on this post to <bkuhn@ebb.org>.
This website and all documents on it are licensed under a Creative Commons Attribution-Share Alike 3.0 United States License .
#include <std/disclaimer.h>
use Standard::Disclaimer;
from standard import disclaimer
SELECT full_text FROM standard WHERE type = 'disclaimer';
Both previously and presently, I have been employed by and/or done work for various organizations that also have views on Free, Libre, and Open Source Software. As should be blatantly obvious, this is my website, not theirs, so please do not assume views and opinions here belong to any such organization.
— bkuhn
ebb is a (currently) unregistered service mark of Bradley M. Kuhn.
Bradley M. Kuhn <bkuhn@ebb.org>