Use of Smartcards in File Encryption - ESCRYPT

Use of Smart Cards for File EncryptionFederal Office for Information Security (BSI)WS on Cryptography and Embedded Security / 01.03.2011

Contents Distinction between volume encryption and file encryption Basic role of smart card as security token Use cases for file encryption in client/server architectures Cryptographic functionality in security solution “ESOSI”Armin Cordel02/10/112

PW-Based Volume EncryptionUser enterspassword „PW“PWvolume encryptionRAMdirectory (cleartext)/mnt/decrypted/PC (Client or Server)decrypts „ directory “with volume key „r“hard discencrypted volumedirectory/dev/hda2Armin Cordel02/10/113

File Encryption – Filesystem Layersmart card decryptsthe i-th file keywith key „A“ whenuser „A“ enters PINAeCryptfscleartext file # i/home/user A/directory #j/ciphertext filecleartext file # i/mnt/encrypted/directory #j/RAMPC (client or server) decryptsthe i-th „ . “ with i-th file keycleartext filehard disk / networkArmin Cordel02/10/114

File Encryption – Major Properties Encrypts each file with a distinct file key r i Encryption is part of filesystem layer Occurs automatically without user interaction There are ciphertext files Ciphertext files not bound to a specific network component Contents of ciphertext file is associated with user by meansof cryptography Cryptography is based on user token (smart card) Functionality required ?Armin Cordel02/10/115

Functionality of Smart Card1.)AGenerate (e, d, n 1) for encryption, decryptionGenerate (v, s, n 2) for verification, signing2.)Apublic keyscertificatesCA-PC3.)AEncrypted keys, hash valuesDecrypted keys, signaturesUser-PC orFileserver-PC4.)ARequest random numberTrue Random NumberUser-PC orFileserver-PCArmin Cordel02/10/116

Functionality of Smart Card Smart card serves as security anchor Bound to user by means of PIN Protects private keys against physical attacks Provides assured cryptographic functionality Generation of public/private key-pairs Random number generator Operations requiring secret keys Provides PIN-protected storage Certificates of user and root-CA ...Armin Cordel02/10/117

File Encryption – Client / Server NetworkArmin Cordel02/10/118

ESOSI: Groups of Userssmart card decryptsdirectory key of user “A”with key „A“ whenuser „A“ enters PINAeCryptfscleartext file # i/home/user A/directory #j/ciphertext fileRAMPC (client or server) decryptsI-th file key with j-th directory key andthe i-th „ . “ with i-th file keycleartext filehard disk / networkcleartext file #i/mnt/encrypted/directory #j/directory header filepath to directory|| directory keysArmin Cordel02/10/119

ESOSI: Groups of Users Open Source file encryption “eCryptfs” 2-stage key-hierarchy: File key r i Directory key V j Project ESOSI Smart card is user token and security anchor There is a directory header Enables groups of users Enables emergency manager ... Integration in client / server network ?Armin Cordel02/10/1110

File Encryption ESOSI: Main ComponentsArmin Cordel02/10/1111

ESOSI: Main Components User Interface Component Interface to smart card on client Graphical user interface Mount / unmount of directories Groups of users ... File Encryption Component Interface to filesystem on linux-client or file server Manages directory keys V j ... File Encryption “eCryptfs” Carries out file encryption with given V jArmin Cordel02/10/1112

ESOSI: Sharing of Directory Keys Secondary group of users Each of n members has share s kof V j t out of n members have to collaborate to reconstruct V j User smart card is used to decrypt each s k Purpose Availability of directory contents Avoiding use of emergency smart card Gives regular, but not “too easy” access for secondary group Collaborators / witnesses needed Logging User friendlyness ??Armin Cordel02/10/1113

ESOSI: Secret Sharing Messaging(simplified)aClient authenticationEncrypted master secretServer authenticationSEncrypted session key K ASaMessage encrypted with K ASSbMessage encrypted with K BSArmin Cordel02/10/1114

ESOSI: Secret Sharing Messaging ESOSI: Secret Sharing Messaging There is a central messaging server (MS) Basic TLS key exchange between clients and MS Signature key on smart card is used to sign nonces Decryption key on smart card is used to encrypt bilateral secret Provides session key to protect messaging protocol Shares s kof V jare exchanged via messaging protocol Use case is distributed over several client PCsArmin Cordel02/10/1115

Conclusion Open Source file encryption eCryptfs used eCryptfs has been extended (ESOSI) Cryptographic user groups in client/server network Smart card as a user token Secret sharing cryptography supports availability Smart card serves as security anchor Protects private keys Only carries out basic secret key operations PIN-protected storage for certificates of user and root-CAArmin Cordel02/10/1116

References https://launchpad.net/ecryptfs https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/KES/kes0209_pdf.pdf?__blob=publicationFile http://www.linux-kongress.org/2009/abstracts.html#3_3_2 http://sourceforge.net/projects/esosiArmin Cordel02/10/1117

ContactBundesamt für Sicherheit in derInformationstechnik (BSI)Armin CordelGodesberger Allee 185-18953175 BonnTel: +49 (0)22899-9582-5289Fax: +49 (0)22899-10-9582-5289armin.cordel@bsi.bund.dewww.bsi.bund.dewww.bsi-fuer-buerger.deArmin Cordel02/10/1118