linux kernel encryption support for file...
TRANSCRIPT
Linux Kernel Encryption Support for File system
Kyungsik Lee
SW Platform Lab., Corporate R&D
LG Electronics, Inc.
2016/10/20
Mobile Security
• Mobile Security is an important issue More data could be more danger with mobile devices
• Android 6.0 FDE(full-disk encryption) User data protected against offline attacks
Plaintext -> ciphertext
Based on a Linux Kernel Encryption feature that works at the block device layer
2
Performance Issue (1/2)
• Android 5.0(Lollipop) was to have device encryption enabled by default but …
• According to Android 6.0 CDD
For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default atthe time the user has completed the out-of-box setup experience
Excerpted from Android 6.0 Compatibility Definition Document
3
Performance Issue (2/2)
• Sequential IO Read/Write 1 CPU core, freq.(0.6~1 GHz)
0
50
100
150
200
250
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. read
Cpu-freq. 598000 Cpu-freq. 819000 Cpu-freq. 1001000
4
0
20
40
60
80
100
120
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. write
cpu-freq. 598000 cpu-freq. 819000 cpu-freq. 1001000
-60%-40%
Linux Kernel Encryption (1/2)
• History dm-crypt, merged into 2.6.4 kernel(March, 2004)
eCryptfs, 2.6.19 kernel(November, 2006)
Ext4 encryption, 4.1 kernel(Jun, 2015)
VFS Crypto engine, 4.6 kernel=> Generic File system Encryption Support
5
Linux Kernel Encryption (2/2)
• File system-level encryption, FBE File-based encryption allows different files to be encrypted with
different keys that can be unlocked independently.
File system-level encryption does not typically encrypt filesystem metadata
eCryptfs, ext4 encryption …
• Disk encryption, FDE Disk encryption generally uses the same key for encrypting the
whole volume, disk partition
dm-crypt …
6
dm-crypt
• Part of the device mapper infrastructure, and uses cryptographic routines
• Encrypt whole disks (including removable media), partitions
Storage
Block layer
User space
File system
Virtual deviceEncrypt/Decrypt
Crypto APIs
7
Kernel Internals
eCryptfs
• Stacked cryptographic file system
• Mount eCryptfs on top of any single directory to protect it
Storage
File system(lower)
User space
eCryptfs
Block layer
Crypto APIs
8
Kernel Internals
Ext4 Encryption
• In a directory tree marked for encryption, file contents, filenames, and symbolic link targets are all encrypted
Storage
User space
Ext4(encrypt)
Block layer
Crypto APIs
9
Kernel Internals
Case Study
• Linux Kernel Encryption Scalability on multi-core system
• Testing Environment CPU core(x4), freq.(0.6 ~ 1 GHz)
CPU based encryption
Cipher typeeCryptfs, aes-cbc
Ext4-encrypt, aes-xts
dm-crypt, aes-cbc-essiv:sha256
10
Sequential Read Prefetching
• Readahead
11
0
50
100
150
200
250
ext4 ext4-fde ext4(encrypt) ecryptfs-ext4
MiB
/sec.
Seq. read(MiB/sec.)
ra=disabled ra=enabled
0
5
10
15
20
25
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. read(MiB/sec.)
cpu=1 cpu=2
Read throughput
• CPU-cores(1/2/4)
0
50
100
150
200
250
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. read(MiB/sec.)
cpu=1 cpu=2 cpu=4
12
Read throughput
• CPU-cores(1/2/4)
0
50
100
150
200
250
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. read(MiB/sec.)
cpu=1 cpu=2 cpu=4
x2
x2
x1
13
Write throughput
• CPU-cores(1/2)
0
20
40
60
80
100
120
140
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. write(MiB/sec.)
cpu=1 cpu=2
14
Write throughput
• CPU-cores(1/2)
0
20
40
60
80
100
120
140
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. write(MiB/sec.)
cpu=1 cpu=2
x2
x2
x1
15
Random Read throughput
• Random read(IOPS)
0
1000
2000
3000
4000
5000
6000
ext4 dm-crypt ext4(encrypt) eCryptfs
IOPS
Random read(IOPS)
IOPS ra=enabled IOPS ra=disabled
16
Random Read throughput
• Random read(IOPS)
0
1000
2000
3000
4000
5000
6000
ext4 dm-crypt ext4(encrypt) eCryptfs
IOPS
Random read(IOPS)
IOPS ra=enabled IOPS ra=disabled
Lower File system Page Cache
17
Improving Read performance (1/4)
• Ext4(encrypt) seq. read throughput
18
0
50
100
150
200
250
ext4 dm-crypt ext4(encrypt) eCryptfs
MiB
/sec.
Seq. read(MiB/sec.)
cpu=1 cpu=2
Decrypt Overhead
-75%
Improving Read performance (2/4)
• Multi-threaded decryption(ext4)
19
Storage
User space
Ext4(encrypt)
Block layer
Normal IO Heavy IO
Decrypt thread
Bottleneck
Improving Read performance (3/4)
• Multi-threaded decryption(ext4)
20
Storage
User space
Ext4(encrypt)
Block layer
Normal IO Heavy IO
Decrypt threadDecrypt threadDecrypt threadDecrypt thread
Improving Read performance (4/4)
• Ext4(encrypt) seq. read throughput: +50%
0
10
20
30
40
50
60
70
80
cpu=1 cpu=2 cpu=4
MiB
/sec.
Seq. read(MiB/sec.)
ext4(encrypt) Patched
21
0
500
1000
1500
2000
2500
3000
3500
cpu=1 cpu=2 cpu=4
IOPS
Random read(IOPS)
ext4(encrypt) Patched
-18%
50%
Conclusion
• Seq. read throughput dropped significantly in CPU based encryption, leading to performance degradation
• Read(decrypt) overhead: seq. read >> random read
• Seq. write throughput falls slightly except eCryptfs
• IO throughput of eCryptfs is shown less scalable in multi-core system
• Seq. read performance can be improved by applying multi-threaded decryption
22
Q & A
23