LJ Archive

At Rest Encryption

Learn why at rest encryption doesn't mean encryption when your laptop is asleep.

There are many steps you can take to harden a computer, and a common recommendation you'll see in hardening guides is to enable disk encryption. Disk encryption also often is referred to as "at rest encryption", especially in security compliance guides, and many compliance regimes, such as PCI, mandate the use of at rest encryption. This term refers to the fact that data is encrypted "at rest" or when the disk is unmounted and not in use. At rest encryption can be an important part of system-hardening, yet many administrators who enable it, whether on workstations or servers, may end up with a false sense of security if they don't understand not only what disk encryption protects you from, but also, and more important, what it doesn't.

What Disk Encryption Does

In the context of Linux servers and workstations, disk encryption generally means you are using a system such as LUKS to encrypt either the entire root partition or only a particularly sensitive mountpoint. For instance, some Linux distributions offer the option of leaving the root partition unencrypted, and they encrypt each user's /home directories independently, to be unlocked when the user logs in. In the case of servers, you might leave root unencrypted and add encryption only to specific disks that contain sensitive data (like database files).

In a workstation, you notice when a system is encrypted at rest because it will prompt you for a passphrase to unlock the disk at boot time. Servers typically are a bit trickier, because usually administrators prefer that a server come back up after a reboot without manual intervention. Although some servers may provide a console-based prompt to unlock the disk at boot time, administrators are more likely to have configured LUKS so that the key resides on a separate unencrypted partition. Or, the server may retrieve the key from the network using their configuration management or a centralized secrets management tool like Vault, so there is less of a risk of the key being stolen by an attacker with access to the filesystem.

The main thing that at rest encryption protects you from is data loss due to theft or improper decommissioning of hard drives. If someone steals your laptop while it's powered off, your data will be protected. If someone goes into a data center and physically removes drives from a server with at rest encryption in place, the drives will spin down, and the data on them will be encrypted. The same goes for disks in a server that has been retired. Administrators are supposed to perform secure wiping or full disk destruction procedures to remove sensitive data from drives before disposal, but if the administrator was lazy, disk encryption can help ensure that the data is still protected if it gets into the wrong hands.

What Disk Encryption Doesn't Do

The main risk with at rest encryption is that it can create a false sense of security. Some people incorrectly believe that disk encryption means data is protected at all times. The reality is that in many cases, disks that have at rest encryption are almost never actually at rest! If a disk in a server is mounted, all of that data is decrypted, and an attacker with access to the server will be able to see that data. In the same vein, a laptop with at rest encryption that is powered on or, ironically, even in sleep mode does not protect your data from theft.

In all of these cases, the disk decryption keys reside in RAM on the machine, so that you aren't continually prompted to enter a password each time a file on an encrypted filesystem needs to be read. This means that not only can attackers with root access on your system read all of the files on an encrypted but mounted disk, they also might even be able to extract those keys from RAM and decrypt the disk later on, even if it's unmounted. This kind of attack was made famous with the "Cold Boot" vulnerability where attackers could take a laptop that was powered on or suspended and reboot it into a special live USB disk where they could extract the keys that were still in RAM. RAM doesn't erase itself immediately when power is removed, so in more sophisticated versions of the attack, they even could physically remove the RAM from the machine and put it in a separate machine, and if they were fast enough, they could read the keys before the RAM degraded!

Conclusion

So, should you use at rest encryption? Of course! These days, disks and CPUs are fast enough that the performance penalty is minimal for starters. Also, it does protect you from particular real-life classes of attacks. With laptops, it protects your data in the case of theft, which is the most likely scenario. In the case of servers, the most likely threat is forgetting to wipe drives. Also, now that servers are more commonly in the cloud on someone else's infrastructure, using at rest encryption can help you ensure that your private data remains safe, even if the cloud provider doesn't wipe its disks properly before reusing those sectors for a new instance.

—Kyle Rankin

LJ Archive