New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
we will use TPM (https://en.wikipedia.org/wiki/Trusted_Platform_Module)
basically we are tring to activate the vTPM feature in xen and automate the whole thing around it
using this module you can have a key saved on it that is by design irretrievable . and its security is well tested as far as i know
so we are experimenting with it but this is in early stages yet
maybe we should see if there is any interest in such offering ?
anyone here would be interested if we managed to make it ?
Sound interesting. I'm looking forward to see how it's implemented...When it comes to security, the devil is in the details. BTW, it looks like the NSA might have a hand in Xen vTPM development.
From my perspective, the current full disk encryption with dmcrypt and grub2 is cumbersome due to the need to enter a passphrase at every boot. I searched high/low for a solution but have not found a secured one. Logically, I doubt that a secured solution exists.
Most users on this site probably don't care about VPS encryption but some do. As far as I know, there has never been a fully encrypted VPS offering so you would have a pretty unique service if you can solve this problem.
You might be interested to google 'Clevis Tang LUKS' . Not sure it'll help with your single VPS instance but you might find it interesting.
It may work over WAN but faces its own issue with having an unencrypted /boot partition (required for Clevis). Think code injection into initrd.
this solution is very promising and will add it as plan B in case vTPM didn't work
but vTPM solution is way better than this. let me explain why
1- in TPM or vTPM solution the encryption key is stored int he TPM module in the motherboard , this module will generate unique key based on the hardware ids on the system . (this is really important)
2- once you add or remove any hardware from the system the id change and TPM wont allow you to retrieve the key anymore (you need to store you key another time)
why this is important ?
1- no one can take the disk and decrypt it somewhere else because they dont have the TPM device in this case
2- also no one can clone the vm (vTPM do add unique ids per vm ) and start it without having the key as the vTPM device for the cloned vm is different and wont be able to decrypt the files.
3- even mounting the disk as read only on same host wont work because you cant retrieve the vTPM unique id and use it to query the TPM device
that mean with TPM / vTPM the only way for anyone who want to access your data including your ISP (us) is to login normally to the vps through ssh or rdp depending on the OS. and if your OS is secure it will be extremely difficult to access your files without you giving us permission or not noticing all failed login attempts
the thing i like about TPM is that even us (ISP) cant access your files except by logging in normally to your VPS (no back doors here) . This has good legal implications as well but thats for another discussion