I\'m toying with the idea of storing some disk images in \"the cloud\", but am c
ID: 653661 • Letter: I
Question
I'm toying with the idea of storing some disk images in "the cloud", but am concerned about the possibility of an attacker manipulating cipertext to do evil things once it's decrypted, and so I'd like a system that authenticates the ciphertext and assures me it has not been tampered with.
I understand that this will require a (small?) amount of local, non-cloud storage, which is a cost I'm prepared to pay.
I haven't been able to find any off-the-shelf packages that do this (or maybe I just don't know how to do it with existing tools). Can anyone point me in the right direction?
I will have call to read disks from Linux and Windows (seperately, ie, windows images and linux images).
Explanation / Answer
Well, If I seeing things right, you posed two questions:
1. What options exist for authenticated full-disk encryption?
2. How can I securely store disk images in the cloud?
Now to answer your questions:
1. There's no such thing as authenticated full-disk encryption (FDE). FDE needs you to have random access to every single sector on the drive, so you'd have to authenticate every single sector, to keep somewhat nice performance. This would mean you'd reduce the amount of storage to the user by 10 to 50%, which is considered inacceptable, so there's no product out there doing this. All products rely on "poor-man's authentication" to ensure integrity, meaning if you alter some data, the block will be scrambled and the OS / the application would notice that and give an alert.
2. If you need highly random access, you either have to write your own tool, providing you with the authentication you need (AES-GCM) (on blocklevel) or you have to live with poor-man's authentication.
If you only need somewhat random access, you can split the image into chunks of 100-1000MB and encrypting and authenticating each of them (AES-GCM), so that you still have authentication, but you'd need much larger chunks to download (which is OK for backups I guess).
I'm not aware of any products providing this functionality. However you can do this yourself, or you may can use ZFS file system with SHA-256 integrity checking and encryption, that should work.