security engineering secure documents 5.pdf

Secure Documents Mathias Jeschke Sven Wittig Seminar: Security Engineering 15.02.2005 Motivation  Many people:  think operating systems can handle all access from users to their data  don’t care about the sense of their data  trust on security and integrity of their data Security Engineering Secure Documents 2 Motivation  Assume somebody steal your laptop with sensitive company data stored on it (e.g. project specs, private keys, …)  Access security is not given if someone obtain physical access to your device  KNOPPIX CD-ROM, ...  Only solution: hard cryptography Security Engineering Secure Documents 3 Overview  Motivation  File based security (OpenSSL, GPG, PDF)  File system based security (EFS, cryptoloop, EncFS/FUSE, dm_mod)  Some thoughts on attacks Security Engineering Secure Documents 4 File based Security  UNIX way : container for any filetypes  Symmetric encryption: AES $ openssl aes-256-cbc –e -in document.txt \ -out document.enc $ openssl aes-256-cbc –d \ -in document.enc \ -out document.dec Security Engineering Secure Documents 5 File based Security  UNIX way : container for any filetypes  Asymmetric encryption: RSA $ openssl genrsa –out bob.priv 1024 $ openssl rsa –in bob.priv –pubout –out bob.pub $ openssl rsautl –encrypt \ -in document.txt \ -out document.enc \ -inkey bob.pub –pubin $ openss