Complete Hard Disk Encryption Using FreeBSD's GEOM Framework
Currently, a lot of effort is going into encrypting network transmissions, hardening network stacks and fixing buffer overflows. While these measures are without doubt essential to computer security as a whole, they are useless if the attacker has physical access to the hard disk(s). Although encryption of individual files or partitions has become more commonplace, it is rendered useless too, if a determined attacker can compromise the operating system (which is most likely a lot easier then breaking the encryption). FreeBSD provides a powerful and easy-to-use framework for encrypting partitions; encrypting the *entire* disk (especially the OS), however, poses a number of problems.
This talk will step by step explain the solutions, provide a look at the particular technology's abilities as well as its limitations and aims to give a broader, practical view of this security issue.
About the Author
Ever since he got his first PC, Marc Schiesser has been trying to secure it against all sorts of possible (and impossible) threats. He admires UNIX for its visionary and elegant design while at the same time avoiding complexity. His interest lies with security in the digital world in general - especially by looking at a system as a whole instead of just focusing on the security of a specific part of it. Other areas of interest include philosophizing about technology's effects on society as a whole and the role of computers in the time still to come.
Copyright © 2005 by EuroBSDCon 2005. All rights reserved.