The use of data encryption is quickly becoming a mandated component of corporate security policies, and especially so for mobile devices.  It is difficult to get exact figures for the number of lost or stolen laptops, much less USB drives, but no one wants to be in the position of having to disclose the loss of important information.

Overview

For consumers, a number of good encryption solutions exist for Windows, Linux and Macintosh OSX.  For the enterprise, disk encryption products fall into two categories:

  1. Software solutions
  2. Hardware-based solutions

Commercial software solutions for mobile device encryption is dominated by a small number of players, including PGP and Checkpoint (PointSec), each of which also have support for the Macintosh. Others may follow.

Hardware-based solutions utilize an on-board trusted platform module (TPM) and a disk drive with support for on-the-fly encryption/decryption.  Dell, HP, and more recently, Fujitsu make business-class laptops with an onboard TPM.  Disk drive manufacturers including Seagate and Hitachi sell SATA drives for full disk encryption (FDE) in laptops.  As an example of enterprise management solutions, Wave Systems delivers the Embassy Remote Administration Server.  It uses SQLserver on the backend, and either MMC or command-line interaction on the front-end.  Although not without problems or fully mature, the Wave solution is a harbinger.  All software solutions will suffer from performance degradation given that encryption/decryption is done using resources (CPU and memory) that are then not available to the user.  I expect that a 15-25% CPU performance penalty is quite normal.  Hardware-based solutions are tantilizing, since the processing is pushed to specialized hardware which may approach bus speed.

Enterprise Solutions for the Mac?

If you (as an enterprise) decide to become an early adopter of hardware-based solutions, you have no integrated solution for Macs.  So what options remain?

  1. Use an enterprise-grade solution with support for Macs.
  2. Roll your own enterprise recovery solution using tools built into Mac OSX.

The rest of the this article will focus on the second option.

FileVault

OSX provides FileVault for encrypting specific folders or an entire home directory.  Prior to Leopard (10.5), FileVault used sparse images; an encrypted folder would appear as one large file.  This means that a backup utility such as Time Machine would copy the entire blob each time a small change was made.  Beginning with 10.5, FileVault uses sparse bundles so that an encrypted folder is actually a series of smaller bands — changes to one file would likely only result in changes in only one bundle.  Recovery from Time Machine is still not fully integrated.  See this Mac OSX hint for more information.  If you upgraded from an earlier version of OSX, FileVault used sparse images instead and it will not convert to sparse bundles for you — you’ll have to turn off FileVault and re-enable it, but this means that you’ll have to have free space to hold a copy of the encrypted folder.  You’d probably want to follow this operation with a secure erase of all free space on your hard drive.  Regardless, FileVault does not provide any enterprise recovery solution.  Holding passwords in escrow is not really a valid (or efficient) option either.

Encrypted Disk Images

By using hdiutil (see the manpage for complete details), additional flexibility is available, plus enterprise recovery options.  Images can be protected with a passphrase, but also provide a secondary access method using a certificate.  The end-user can set the passphrase, but the enterprise holds the private key for the certificate so that recovery is always possible.  All of the initial setup can be done on any system with openssl but some preparation for recovery must be done on a Macintosh.  Let’s start!

Sparse Encrypted Image Setup

The example below uses openssl commands, so that you can, if you wish, perform most of the steps on another system and only copy one file to the Macintosh, and use a dmg image (which can be on removable media) for recovery.

IMPORTANT:  You will be asked to create or re-enter passphrases/passwords for many of these commands.  Please be sure to properly record this information in a safe way, e.g. using a password safe or a private, password-protected keychain on a Mac.

-Establish a certificate authority

It’s best to sign the certificate that will be created, but you don’t want the signing certificate to expire any time soon, so creating one with a lifetime of 10 or 20 years is not out of the question.  First generate the CA key, then create the CA certificate with information about your enterprise:

$ openssl genrsa -des3 -out MacStorageCA.key 4096
$ openssl req -new -x509 -days 3650 -key MacStorageCA.key -out MacStorageCA.crt

-Generate the private key for Mac encrypted volumes

$ openssl genrsa -des3 -out macvol.key 4096

-Create the certificate signing request (CSR)

$ openssl req -new -key macvol.key -out macvol.csr

-Create the certificate in PEM format

$ openssl x509 -req -days 3650 -in macvol.csr -CA MacStorageCA.crt
-CAkey MacStorageCA.key -set_serial 01 -out macvol.crt

-Make a copy in DER format, which hdiutil will use during the image volume creation process

$ openssl x509 -in macvol.crt -inform pem -out macvol.der -outform der

-Bundle the PEM format certificate and the private key in a PKCS#12 package

Be sure to set an export passphrase — you will need this to import the .p12 file into a keychain on a Mac, and I’ve seen no indication that this is [easily] possible without a passphrase.
$ openssl pkcs12 -export -in macvol.crt -inkey macvol.key -out macvol.p12

Volume Creation

-Copy the DER format certificate to the Macintosh

Following the example above, copy macvol.der to the Macintosh on which you want to create the encrypted disk image.

-Use hdiutil to create the encrypted image

Due to the agentpass option, you will prompted for a passphrase — do not store this in your keychain since this would defeat the entire purpose of a separately encrypted volume.
hdiutil create -type SPARSE -encryption aes-256 \
-certificate ~/macvol.der \
-agentpass -fs HFS+J -volname "Company Documents" \
-size 20g ~/MyCompanyDocs

You can choose a volume type of SPARSEBUNDLE is you want to use Time Machine for backups.  I suspect that SPARSE volumes have better performance, but I have no direct evidence to support or deny this; they will work best with manual backups though.

Recovery

Now let’s imagine that the end-user is unavailable (no longer employed, or worse).  How can you recover the data on the encrypted volume?

-Preparation for Recovery

The steps are straightforward, and all are done on a Mac.

  1. Create a private, password-protected keychain.
    In KeyChain Access, File… New Keychain… and specify a name, location to store it (a separate folder will work well for step #3 below).
  2. Import the PKCS#12 package into the keychain.
    In KeyChain Access, File… Import Items…, select the proper file, e.g. macvol.p12.
  3. Create a disk image, e.g. from the folder that contains the private keychain.
    In Disk Utility, File… New > Disk Image from Folder…, select the folder with the private keychain.  In the bottom portion of the window, make the image read-only and encrypted.  You will be asked for a password; you will have to enter this when you mount the disk image.
  4. Place this small disk image on removable media so that you can attach it to any Mac with an encrypted disk image for which the certificate in the private keychain was specified as a secondary means of access.

-Actual Recovery

Gaining access to files in the encrypted image are as follows:

  1. Mount the encrypted disk image with the private keychain.
  2. Either open the keychain file, or launch KeyChain Access and add the keychain (File… Add Keychain…).
  3. Use hdiutil to mount the encrypted volume, similar to the example shown below.

hdiutil attach -recover ~/path-to-keychain/macvol.keychain ~/path-to-vol/MyCompanyDocs.sparseimage

Final Notes and an Additional Important Use Case

One of the main advantages of full disk encryption is that the end-user does not have to make any decisions about what should be stored in encrypted storage and what is safe to store in plaintext.  This type of solution forces the user to decide every time data is stored, but having this decision is better than not having it, and ensuring corporate recovery of data is possible is an absolute necessity.

Auto-mounting Disk Images

To have a disk image mount when you login, simply add the image to your login items.  You do this by:

System Preferences… Accounts… (select your account) Login Items… then click on the plus sign (+) and navigate to and select the sparse image file.  That’s it!

What about e-mail and temporary storage for Office documents?

However, not all intellectual property and sensitive information is encapsulated in documents.  We still use e-mail as one of our primary means of passing information.  Of course, it would be better to place information in corporate knowledge management stores and then pass references to it by e-mail, rather than the actual information, but offline access is often vital with an increasingly mobile workforce.  Exchange mailboxes make this easy for the information in or attached to e-mail messages.  To protect this data, it would advisable to create a separate encrypted disk image.  The steps are as follows if you use Office for Mac/Entourage:

  1. Use the hdiutil command as shown above with an appropriate size (perhaps 5-10GB).
  2. Mount the disk image.
  3. Stop all Office applications
  4. Copy all of your Office user data to the encrypted disk image, e.g.
    tar -cf - ~/Documents/Microsoft\ User\ Data/ |
    (cd /path-to-vol/; tar -xvpf -)
  5. Move your current copy to a new location (for possible recovery if your testing fails), e.g.
    mv ~/Documents/Microsoft\ User\ Data  \
    ~/Documents/Microsoft\ User\ Data.old
  6. Create a link from the expected location to the encrypted disk image.
    ln -s /path-to-vol/Microsoft\ User\ Data/  \
    ~/Documents/Microsoft\ User\ Data/
  7. Start Entourage and test!

Don’t forget about caches!

Even though you may store all of your important e-mail and documents in an encrypted volume, funny how other conveniences undermine that security.  For example, if Spotlight indexes all of your volumes and stores cached information in plaintext, guess what?  Your information isn’t all that secure!  If you want to secure that information too (and browser cache, etc.), then simply use the same technique above to re-direct…

/Library/Caches

and…

~/Library/Caches

…to some appropriate location within an encrypted volume.  You will have to always mount those volumes for the caches to be accessible and useful.  Once you have finished, you will probably have to tell Spotlight to index these locations too.  For example:

$ sudo mdutil -i on /Volumes/<volumeName>

Shortcomings

Unfortunately, there still may be a fly in the ointment.  Time Machine does not currently backup mounted volumes.  You can ask it to backup external hard drives, but I have not found a way to get it to backup other mounted volumes.  Ideally you would be able to use a hardware-encrypted external hard drive for backups.  Right now, Time Machine will just backup all of the individual bands of your sparse bundle volumes, making it less useful in a situation where you need to restore.  Other commercial backup solutions may solve this problem.  Otherwise, don’t hold your breathe for Apple to add functionality Time Machine.

Acknowledgements

Many thanks for my colleague JSON for tracking down the proper hdiutil syntax, openssl commands, and troubleshooting with me!

Advertisements