Odroid HC-1/HC-2 Encryption with link to hardware

Moderators: mdrjr, odroid

Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby denestorn » Mon May 14, 2018 10:07 pm

Hello guys,

I want to make safe my odroid from hdd disk stealing. Because on hdd i have my application, and source code can be stolen with HDD easily.
I have an idea to make encrypted partition with my application on hdd, and, for example, use the odroid mac address as a key to get access to encrypted partition automatically during boot.
Odroid will be always on, and installed in client's localization, but some time there could be AC power loss at night, and i ll not be able to input pass via ssh.

So, I am looking for a way to encrypt the data on Odroid's HDD with a some hardware key taken from Odroid hardware directly, in way that hdd become linked with hardware.
Maybe some one could help me,with some advice's about how to realize those encryption? Now boot files are on SD-Card and other system is on dev/sda1 partition on hdd.

P.S Sorry for my English :)
denestorn
 
Posts: 5
Joined: Mon May 14, 2018 9:50 pm
languages_spoken: english, polish, russian, ukrainian
ODROIDs: Odroid HC-1, HC-2

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby mad_ady » Tue May 15, 2018 12:48 am

Not sure MAC is a random enough password for encryption. If an attacker knows the algorithm he can brute force the password in a month or less (he has to try only 2^24 combinations, because the first three bytes can be guessed). Also, there is no rate limit, no lockdown after x failed attempts. And if he steals the disc with the xu4 attached, it will work automatically.

I would try the following - if your system can "call home" you can have it authentify on a secure https server with a unique key. If the disk gets stolen you disable the key serverside and it remains encrypted
User avatar
mad_ady
 
Posts: 4609
Joined: Wed Jul 15, 2015 5:00 pm
Location: Bucharest, Romania
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby denestorn » Tue May 15, 2018 7:02 pm

Yes, your'e right. I know if someone who know what he doing want to get data from this odroid he will do. But i want to make it secure rather from end-users and installers on a basic level, the main thing here is automation, so i don't need to input password every time it reboots'. I see in two steps way, first that encrypted partiton with hardware key and second is a strong root password. So some one (not a hacker) cant access linux fs directly without any barriers.

Maybe you know how to do this? Or what should i learn to do this? Thanks!
denestorn
 
Posts: 5
Joined: Mon May 14, 2018 9:50 pm
languages_spoken: english, polish, russian, ukrainian
ODROIDs: Odroid HC-1, HC-2

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby Sentilix » Tue May 15, 2018 8:31 pm

Also, if your HC1/HC2 breaks down, you cannot just move the disk to another unit, since the MAC address is here different. And unless you saved your MAC address elsewhere, the contents of the disk would be lost (unless you bruteforce attack it yourself ;-))
Sentilix
 
Posts: 25
Joined: Mon Jan 16, 2017 10:54 pm
languages_spoken: English
ODROIDs: C1+, C2, U3, XU4+CS2, HC1, GO!

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby denestorn » Tue May 15, 2018 8:58 pm

Yeah, it's directly what i want, hdd to be linked with odroid. Maybe i can do it with TrueCrypt and key-flie on sd-card?
denestorn
 
Posts: 5
Joined: Mon May 14, 2018 9:50 pm
languages_spoken: english, polish, russian, ukrainian
ODROIDs: Odroid HC-1, HC-2

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby odroid » Tue May 15, 2018 11:24 pm

Refer this WiKi page. But the encrypted file system access speed was not good.
https://wiki.odroid.com/odroid-xu4/soft ... encryption
User avatar
odroid
Site Admin
 
Posts: 28741
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English
ODROIDs: ODROID

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby denestorn » Wed May 16, 2018 5:41 pm

Oh thank you, that what i need. But, may i after this encryption copy system from sd card to encrypted partition on HDD and make it root changing the UIDs?
denestorn
 
Posts: 5
Joined: Mon May 14, 2018 9:50 pm
languages_spoken: english, polish, russian, ukrainian
ODROIDs: Odroid HC-1, HC-2

Re: Odroid HC-1/HC-2 Encryption with link to hardware

Unread postby denestorn » Wed May 16, 2018 10:49 pm

Tnx for help, with that wikipage i did what i want.
denestorn
 
Posts: 5
Joined: Mon May 14, 2018 9:50 pm
languages_spoken: english, polish, russian, ukrainian
ODROIDs: Odroid HC-1, HC-2


Return to Ubuntu

Who is online

Users browsing this forum: No registered users and 5 guests