Encrypted Swap on Linux

Background

Although you can configure particular applications such as vi not to write to swap space, you can not configure the kernel to do so. When memory is low, the kernel will swap the contents of the page to the swap space. The contents of this page can include such sensitive contents as your bank PIN, your passwords or GPG passphrase. This information is in cleartext which means an attacker can read the contents at their leisure. Encrypting your swap space protects its contents against unauthorized reading and various forensic attacks should your machine be removed from your possession and/or compromised. The primary tool for Linux to encrypt swap space is dm-crypt.

dm-crypt

dm-crypt is the cryptographic device-mapper target for Linux 2.6 which allows transparent disk encryption. It differs from its predecesser, cryptoloop in that in protects against watermarking attacks. Watermarking attacks allow an attacker to determine existance of a file through the use of predicatable initalization vectors (IV) without the encryption key. dm-crypt solves this issue through the use of LRW and Encrypted Salt-Sector Initialization Vector (ESSIV). Due it dealing with abstract block devices, dm-crypt can encrypt disk partitions, swap space, logical volumes, disk images, RAID and LVM volumes and loop devices.

Difference Between /dev/random and /dev/urandom

Before implementing dm-crypt, it is important to understand the difference between /dev/random and /dev/urandom. /dev/random generates random data based on "environmental noise". Since there is a limit on said noise, /dev/random is slow, being forced to occassionally pause as it collects more data. /dev/urandom also uses "environmental noise" as well. However, when it runs out of "noise", it instead generates pseudo-random data. This make it faster, but less secure than /dev/random.

This distinction becomes very important when deciding which device to use as the encryption password defined in /etc/crypttab. If /dev/random is chosen, there may be issues booting as there may not be enough entropy to support a truly random encryption key. However, choosing /dev/urandom is a less secure mechanism as it uses pseudo-random data.

Configuring Encrypted Swap

This HOWTO will cover encrypting swap through the use of dm-crypt. This requires you to run a 2.6 kernel. For the purposes of this HOWTO, the swap partition will be /dev/VolGroup00/LogVol01. This is the default swap partition for RedHat systems. Please note, the swap partition does not need to be part of an LVM. As noted previously, dm-crypt can encrypt disk partitions (/dev/hda2) or whole disks (/dev/hda). Be sure to change the commands to fit your swap partition accordingly.

When encrypting your swap partition, you will need to temporarily turn off swap. This means you need to shut all unnecessary applications to free up memory. If this memory is not freed, you will be unable to turn off the swap space. The best way to handle this is to boot the system into single user mode. This shuts down most services with the exception of a single root shell. To boot the system into single user mode, run the following command.

# /sbin/telinit s

Turn off the swap space by running the following command.

# swapoff -a

To ensure a completely clean and sterile swap space, you must overwrite swap partition with random data. This will help prevent the recovery of any data written to swap before the encryption process. The shred command overwrites the specified file or device with random data.

# shred -v /dev/VolGroup00/LogVol01

Next, create a file named /etc/crypttab. The man page for crypttab covers the particulars of crypttab. The below example

• Creates a encrypted block device named swap at /dev/mapper (first field)
• Specifies /dev/VolGroup00/LogVol01 as the underlying block device (second field)
• Specifies /dev/random as the encryption password. (third field)
• Specifies the encrypted device as a swap device with an encryption cypher with AES encryption and unpredictable IV values (fourth field)

swap  /dev/VolGroup00/LogVol01  /dev/random  swap,cipher=aes-cbc-essiv:sha256

Next, you need to edit /etc/fstab to point to the encrypted block device, /dev/mapper/swap as opposed to /dev/VolGroup00/LogVol01. The current file should resemble this.

/dev/VolGroup00/LogVol01  swap  swap  defaults  0 0

Change the file to resemble this.

/dev/mapper/swap  swap  swap  defaults  0 0

Now, reboot your system to create the encrypted swap space with following command.

# reboot -n

If you do not wish to reboot, you may create the encrypted swap swap partition using the commands below.

# cryptsetup -d /dev/random create swap /dev/VolGroup00/LogVol01
# mkswap /dev/mapper/swap
# swapon -a

Before running the above commands, make sure you understand what the commands do. For the first command, the options passed do the following:

• "-d" specifies cryptsetup to use /dev/random as the key file
• "create" creates a mapping with the name, swap backed by the device, /dev/VolGroup00/LogVol01

The man page for cryptsetup covers additional options. The second command sets up a Linux swap area on a /dev/mapper/swap. The man page for mkswap covers additonal options. The last command turns on all swap devices, the "-a" option. The man page for swapon covers additional options.

Copyright 2006-2008 Patrick R. McDonald <marlowe@antagonism.org> (GPG key)
This document last modified Friday, 02-May-2008 14:49:56 PDT