WEBVTT

0
00:01.600 --> 00:11.560
In this video we'll discuss full disk encryption using dm-crypt and luks. Mobile devices such as mobile

1
00:11.560 --> 00:19.930
phones, tablets and laptops or even USB sticks have the unfortunate property of being lost or stolen

2
00:20.020 --> 00:22.130
easily.

3
00:22.150 --> 00:29.680
This can be disastrous for a company if a device is lost or stolen while containing sensitive information

4
00:29.890 --> 00:39.790
like intellectual property. According to different statistics between 40-50 percent of breaches occurred

5
00:39.850 --> 00:44.550
due to stolen laptops or other storage devices.

6
00:44.740 --> 00:52.660
Just because a laptop are password protected, files are not necessarily safe from unauthorized 

7
00:52.750 --> 00:53.890
access.

8
00:53.890 --> 01:01.570
Hackers can easily boot the computer from a USB drive and then access all the files on the computer. 

9
01:02.210 --> 01:11.060
As I suppose you already know there are a lot of ways of recovering  the root or admin password. HTTPS, 

10
01:11.390 --> 01:19.850
SSH and other encrypted protocols protect data that’s in transit across across the network while full disk

11
01:19.880 --> 01:30.560
encryption, also known as data at rest protection, protects data that’s at rest on disk. Full disk encryption

12
01:30.650 --> 01:38.420
also differs from file encryption in that the later only encrypts the individual files you specify for

13
01:38.420 --> 01:45.500
encrypting. Full disk encryption is a cryptographic method that applies encryption to the entire hard

14
01:45.500 --> 01:51.070
drive including, files, the operating system and software programs. 

15
01:51.230 --> 01:59.330
In this lecture I'll show you how to fully encrypt your drive partitions using dm-crypt and LUKS 

16
01:59.510 --> 02:08.810
which is the standard for encrypting disks on Linux. dm-crypt is a feature rich and very efficient in

17
02:08.810 --> 02:11.160
terms of resource consumption.

18
02:11.390 --> 02:20.650
It can also be configured to encrypt  to encrypt RAID volumes and LVM physical volumes. Dm- crypt is a  kernel-

19
02:20.660 --> 02:26.670
level encryption mechanism which offers transparent disk encryption.

20
02:26.670 --> 02:34.230
This means that the files are immediately available without any additional interaction after mounting.

21
02:35.290 --> 02:42.790
I myself for example have a very large external hard drive and use it to back up all my professional

22
02:42.850 --> 02:44.730
and personal information.

23
02:44.800 --> 02:49.820
It's encrypted  using dm-crypt and luks which is extremely secure

24
02:49.900 --> 02:58.700
and if I lose it or gets stolen no one can access my private photos or documents. A common concern surrounding

25
02:58.700 --> 03:06.110
full disk encryption is the fear that the encryption and decryption process will cause a noticeable

26
03:06.170 --> 03:08.820
slowdown of processor speeds.

27
03:09.230 --> 03:19.080
It’s not the case with new hardware and dm-crypt.
dm-crypt and LUKS also offer plausible deniability

28
03:19.290 --> 03:23.760
which is an important concept when it comes to disk encryption.

29
03:23.760 --> 03:29.650
In short it means that you can do or have something and nobody can suspect or prove that 

30
03:29.910 --> 03:36.960
(if you don't admit it, of course). And then you can deny having or doing that thing, 

31
03:37.020 --> 03:41.910
if someone wants to accuse you, because (let's repeat it) nobody can prove it. 

32
03:42.270 --> 03:50.250
In case of disk encryption the plausible deniability property means that if you have an encrypted disk

33
03:50.610 --> 03:53.220
no one can prove that's encrypted,

34
03:53.430 --> 04:01.020
of course if you don't admit it and asa logical consequence you cannot be forced to decrypt that

35
04:01.020 --> 04:07.550
disk. dm-crypt is the kernel module used for encryption. 

36
04:07.550 --> 04:16.600
But what is LUKS? LUKS is short for ”Linux Unified Key Setup” and has been invented to standardize

37
04:16.620 --> 04:25.490
key setup while most disk encryption software implements different incompatible formats  LUKS implements

38
04:25.610 --> 04:34.130
a platform-independent standard on-disk format for use in various tools. With LUKS all information like

39
04:34.130 --> 04:42.650
the master encryption key or headers needed for the encryption are saved on the partition that's encrypted.

40
04:42.950 --> 04:43.540
Okay.

41
04:43.610 --> 04:52.850
This was a short introduction to full disk encryption using dm-crypt and LUKS. Also note that this is

42
04:52.850 --> 04:57.020
a Linux solution; in the following lecture

43
04:57.020 --> 05:01.410
I'll show your live how to set up an encrypted USB stick.

44
05:01.670 --> 05:02.800
See you in a second!