This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration
Back To Schedule
Wednesday, September 13 • 2:50pm - 3:30pm
Using Secure Keys for Disk Encryption - Reinhard Buendgen, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Secure keys are a special kind of wrapped keys: keys wrapped by a wrapping key (KEK) that is securely located in an inaccessible environment (typically a hardware security module, aka HSM). Outside this inaccessible environment, the wrapped (effective) key is never exposed and thus, a secure key can be stored in memory without exposing a secret. The down side of this technology is that all secure key cryptographic operations must be performed inside the inaccessible environment.

Using secure keys instead of clear keys has obvious advantages: it introduces a new authentication factor (something you have), it prevents keys from being subject to theft, and an allows to open volumes autonomously because passphrases are no longer quintessential for the protection of the effective key required to decrypt data read from disk or encrypt data written to disk.

In this presentation, you will learn how secure keys can be used for disk encryption with dm-crypt and see a proposal on how to use secure keys with the LUKS format and LUKS management tools. We will point out challenges in using of secure keys and show solutions to some of the challenges based on the CryptoExpress HSM and the protected key technology of z Systems within the LUKS framework.

The presentation will close with the discussion some open problems and requirements for solutions that solve these problems which will hopefully lead to a vivid discussion with the audience.


Reinhard Buendgen

Crypto Architect for Linux on Z, IBM
Reinhard Buendgen studied computer science at the universities of Karlsruhe, Germany and Delaware in Newark, DE. In 1991 he earned a Ph.D in computer science at the University of Tuebingen. Until 1997 he worked at the University of Tuebingen as a researcher and lecturer. During is... Read More →

Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Georgia I/II
  LinuxCon Tracks