Disk encryption, backups, and your threat model

January 5, 2012

In response to my two entries on some of the problems with full disk encryption, several people have suggested that the answer is backups. At this point I want to note that the EFF's suggestion is specifically not just disk encryption on laptops, but disk encryption on every computer you own. Given this, we now get to talk about the threat model you want to assume, which is computer security terminology for 'what are you worried about and want to prevent?'

One fundamental security constant about backups is that backups need to be as well protected as what they're a backup of, since they are effectively another copy of it. There's no point in locking one copy in a safe if you are just going to leave the other copy out on the lounge table for anyone to read or take. Does this mean that backups also need to be encrypted (with the accompanying risks of total loss of the backups if the decryption key is lost)? That depends on your threat model.

One threat model is specifically concern about data on your laptop when you are out of what you consider a secure place (such as your home). You worry about your laptop being stolen, inspected at the border, and the like, but you don't worry about your laptop being stolen (or seized) while it's home. Another threat model is to worry about computers being stolen even if they are at home (or alternately in the office). In the first threat model, unencrypted backups at home are protected because you're assuming that your home is safe and secure in general. In the second threat model, your home is not secure; unencrypted backups sitting around your home are just as much a risk as an unencrypted computer.

(In an office, you might consider backups on a disk that is physically in your office area to be at risk while backups sitting on a server in the secured machine room to not be at risk, on the grounds that things not infrequently get stolen from offices but almost never from machine rooms.)

Since the EFF is telling people to use disk encryption on all machines, their threat model seems to be much closer to my second threat model than my first one. This means that you need either encrypted backups or some sort of secure in-the-cloud backups. Both have (extra) total loss scenarios over unencrypted backups, so they are not a complete cure for the drawback of disk encryption. You have perhaps reduced your risk but you have not eliminated it; you're still prioritizing non-disclosure over availability.

Sidebar: on requiring backups

If you believe that full disk encryption requires some form of backup in order to be viable, you implicitly believe that full disk encryption is not appropriate for the large portion of the computer-using public that doesn't back their machines up on a routine basis. This holds both for backing up all of the data and for backing up vital portions of metadata. The less obvious, easy, and automated such backups are, the fewer people the system is suitable for.

(Please note that blaming people when they predictably don't back up their machines is not solving the problem. Real security systems are designed for real people, not theoretical ideal ones.)

Written on 05 January 2012.
« How to lose your data with full disk encryption the easy way
Nailing down RPM epoch numbers »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Jan 5 00:32:34 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.