Clevis and Tang: securing your secrets at rest
Room 8 | Wed 15 Jan | 2:25 p.m.–3:10 p.m.
Presented by
-
Fraser Tweedale
@hackuador
https://github.com/frasertweedale
Fraser works at Red Hat on the FreeIPA identity management system
and Dogtag Certificate System. He's interested in security,
cryptography and functional programming. JalapeƱo aficionado.
Fraser Tweedale
@hackuador
https://github.com/frasertweedale
Abstract
Full disk encryption and, more generally, encryption of secrets at
rest are essential tools in the security toolbox. But deploying
encryption at rest can have costs: latency (downtime), repetition
(productivity loss), proneness to error (typos; "was that '1' or
'l'?"), challenges in supplying a passphrase when needed (e.g.
headless systems). Automated decryption often relies on delivery of
escrowed keys (a third party knows your secret).
We can do better.
_Tang_ [1] is a protocol and (along with the client-side program
_Clevis_ [2]) software implementation of *network bound encryption*;
that is, automatic decryption of secrets when a client has access to
a particular server on a secure network. It uses McCallum-Relyea
exchange, a two-party key computation protocol based on Diffie-Hellman
where only the client can compute the key! _Clevis_ [2] uses the
amazing *Shamir's Secret Sharing* algorithm to implement unlock
policies with thresholds that can include passphrases, Tang servers
and TPM-sealed secrets.
In this talk I will outline the use cases, explain the algorithms
and demonstrate these tools. The live demo will set up a machine to
automatically decrypt a LUKS volume when a required number of Tang
servers are available. I will conclude with a discussion of
limitations, assumptions and threats.
[1] https://github.com/latchset/tang
[2] https://github.com/latchset/clevis
Linux Australia: http://mirror.linux.org.au/pub/linux.conf.au/2020/room_8/Wednesday/Clevis_and_Tang_securing_your_secrets_at_rest.webm
YouTube: https://www.youtube.com/watch?v=Dk6ZuydQt9I
Full disk encryption and, more generally, encryption of secrets at rest are essential tools in the security toolbox. But deploying encryption at rest can have costs: latency (downtime), repetition (productivity loss), proneness to error (typos; "was that '1' or 'l'?"), challenges in supplying a passphrase when needed (e.g. headless systems). Automated decryption often relies on delivery of escrowed keys (a third party knows your secret). We can do better. _Tang_ [1] is a protocol and (along with the client-side program _Clevis_ [2]) software implementation of *network bound encryption*; that is, automatic decryption of secrets when a client has access to a particular server on a secure network. It uses McCallum-Relyea exchange, a two-party key computation protocol based on Diffie-Hellman where only the client can compute the key! _Clevis_ [2] uses the amazing *Shamir's Secret Sharing* algorithm to implement unlock policies with thresholds that can include passphrases, Tang servers and TPM-sealed secrets. In this talk I will outline the use cases, explain the algorithms and demonstrate these tools. The live demo will set up a machine to automatically decrypt a LUKS volume when a required number of Tang servers are available. I will conclude with a discussion of limitations, assumptions and threats. [1] https://github.com/latchset/tang [2] https://github.com/latchset/clevis Linux Australia: http://mirror.linux.org.au/pub/linux.conf.au/2020/room_8/Wednesday/Clevis_and_Tang_securing_your_secrets_at_rest.webm YouTube: https://www.youtube.com/watch?v=Dk6ZuydQt9I