Linux Kernel Encryption Support for File system

Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20 Mobile Security • Mobil...
Author: Bertina Gardner
20 downloads 0 Views 410KB Size
Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20

Mobile Security • Mobile Security is an important issue

 More data could be more danger with mobile devices

• Android 6.0 FDE(full-disk encryption)

 User data protected against offline attacks  Plaintext -> ciphertext  Based on a Linux Kernel Encryption feature that works at the block device layer

2

Performance Issue (1/2) • Android 5.0(Lollipop) was to have device encryption enabled by default but … • According to Android 6.0 CDD For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience Excerpted from Android 6.0 Compatibility Definition Document

3

Performance Issue (2/2) • Sequential IO Read/Write

 1 CPU core, freq.(0.6~1 GHz) Seq. write

Seq. read 120

250

100

-60%

150 100

-40%

80

MiB/sec.

MiB/sec.

200

60 40

50

20 0

0 ext4 Cpu-freq. 598000

dm-crypt

ext4(encrypt)

Cpu-freq. 819000

eCryptfs

Cpu-freq. 1001000

ext4 cpu-freq. 598000

dm-crypt

ext4(encrypt)

cpu-freq. 819000

eCryptfs

cpu-freq. 1001000

4

Linux Kernel Encryption (1/2) • History

 dm-crypt, merged into 2.6.4 kernel(March, 2004)  eCryptfs, 2.6.19 kernel(November, 2006)  Ext4 encryption, 4.1 kernel(Jun, 2015)

 VFS Crypto engine, 4.6 kernel => Generic File system Encryption Support

5

Linux Kernel Encryption (2/2) • File system-level encryption, FBE

 File-based encryption allows different files to be encrypted with different keys that can be unlocked independently.  File system-level encryption does not typically encrypt filesystem metadata  eCryptfs, ext4 encryption …

• Disk encryption, FDE

 Disk encryption generally uses the same key for encrypting the whole volume, disk partition  dm-crypt … 6

dm-crypt • Part of the device mapper infrastructure, and uses cryptographic routines

• Encrypt whole disks (including removable media), partitions Kernel Internals

User space File system Block layer Virtual device Encrypt/Decrypt

Crypto APIs

Storage 7

eCryptfs • Stacked cryptographic file system

• Mount eCryptfs on top of any single directory to protect it Kernel Internals

User space eCryptfs

Crypto APIs

File system(lower) Block layer

Storage 8

Ext4 Encryption • In a directory tree marked for encryption, file contents, filenames, and symbolic link targets are all encrypted Kernel Internals

User space Ext4(encrypt)

Crypto APIs

Block layer

Storage 9

Case Study • Linux Kernel Encryption Scalability on multi-core system • Testing Environment

 CPU core(x4), freq.(0.6 ~ 1 GHz)  CPU based encryption  Cipher type  eCryptfs, aes-cbc  Ext4-encrypt, aes-xts  dm-crypt, aes-cbc-essiv:sha256

10

Sequential Read Prefetching • Readahead Seq. read(MiB/sec.)

250

25

200

20

150

15

MiB/sec.

MiB/sec.

Seq. read(MiB/sec.)

100

10

50

5

0

0

ext4

ext4-fde ra=disabled

ext4(encrypt) ra=enabled

ecryptfs-ext4

ext4

dm-crypt cpu=1

ext4(encrypt)

eCryptfs

cpu=2

11

Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250

MiB/sec.

200

150 100 50 0 ext4

dm-crypt cpu=1

cpu=2

ext4(encrypt)

eCryptfs

cpu=4

12

Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250

MiB/sec.

200

x1

x2

150

x2

100 50 0 ext4

dm-crypt cpu=1

cpu=2

ext4(encrypt)

eCryptfs

cpu=4

13

Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) 140 120

MiB/sec.

100 80 60 40 20 0 ext4

dm-crypt cpu=1

ext4(encrypt)

eCryptfs

cpu=2

14

Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.)

x2

140

x2

120

MiB/sec.

100

x1

80 60 40 20 0 ext4

dm-crypt cpu=1

ext4(encrypt)

eCryptfs

cpu=2

15

Random Read throughput • Random read(IOPS) Random read(IOPS) 6000 5000

IOPS

4000 3000

2000 1000 0 ext4

dm-crypt IOPS ra=enabled

ext4(encrypt)

eCryptfs

IOPS ra=disabled

16

Random Read throughput • Random read(IOPS) Random read(IOPS)

Lower File system Page Cache

6000 5000

IOPS

4000 3000

2000 1000 0 ext4

dm-crypt IOPS ra=enabled

ext4(encrypt)

eCryptfs

IOPS ra=disabled

17

Improving Read performance (1/4) • Ext4(encrypt) seq. read throughput Seq. read(MiB/sec.)

-75%

250

Decrypt Overhead

MiB/sec.

200

150

100

50

0 ext4

dm-crypt cpu=1

ext4(encrypt)

eCryptfs

cpu=2

18

Improving Read performance (2/4) • Multi-threaded decryption(ext4) Normal IO User space Ext4(encrypt)

Heavy IO

Decrypt thread

Bottleneck

Block layer

Storage 19

Improving Read performance (3/4) • Multi-threaded decryption(ext4) Normal IO User space Ext4(encrypt)

Heavy IO

Decrypt Decrypt thread Decrypt thread Decrypt thread thread

Block layer

Storage 20

Improving Read performance (4/4) • Ext4(encrypt) seq. read throughput: +50% Seq. read(MiB/sec.)

50%

Random read(IOPS)

80

3500

70

3000 2500

50

IOPS

MiB/sec.

60

-18%

40 30

2000 1500 1000

20

500

10 0

0 cpu=1

cpu=2 ext4(encrypt)

Patched

cpu=4

cpu=1

cpu=2 ext4(encrypt)

cpu=4

Patched

21

Conclusion • Seq. read throughput dropped significantly in CPU based encryption, leading to performance degradation • Read(decrypt) overhead: seq. read >> random read • Seq. write throughput falls slightly except eCryptfs • IO throughput of eCryptfs is shown less scalable in multi-core system • Seq. read performance can be improved by applying multi-threaded decryption

22

Q&A

23