Create a Random-Key-Encrypted RAMDisk that Won't Be Swapped Out

[watson_de]

If you download a lot, there's certain times you don't want to save anything to a disk, but you still need to have a place to save it.  Maybe you use full disk encryption and the overhead of saving to an encrypted container on a hard drive really slows things down.  Maybe you live in an oppressive regime and need to be able to instantly zap a huge amount of data if stormtroopers kick your door in looking for your list of fellow revolutionaries.  Well, Linux has some cool built-in tools for using free RAM as a virtual disk and making encrypted containers, so we're going to combine them to make an encrypted disk that stays in RAM, is never swapped to a hard drive and can be zapped in a few seconds.

1. Create a mountpoint for the RAMdisk
The first thing we do is make a directory where we can mount the RAMdisk we're about to create
       

Code: [Select]

sudo mkdir /mnt/ramdisk
2. Now we create and mount a RAMdisk
   

Code: [Select]

sudo mount -t ramfs none /mnt/ramdisk -o maxsize=500000
This says to mount a filesystem of type ramfs, not a device, at /mnt/ramdisk and set its maximum size to 500MB (maxsize is measured in KB).  Specifying ramfs as the filesystem type tells the system to create a virtual partition in RAM.  The "-o maxsize" sets a limit on how big the partition can get.  Don't forget this because ramfs dynamically resizes itself and doesn't swap out to disk. (Tmpfs type, which also uses RAM, doesn't do dynamic resizing but it can be swapped out to disk, which is bad for our goals.)  Adjust maxsize to whatever you need and depending on how much RAM you have.  We're going to be creating an encrypted container file of this same size in the ramfs RAMdisk and doing all our writing to that, but it's always good to have limits in case something goes wrong.

3. Then change the permissions on the folder to allow nonroot users to read, write and execute (or however you want to do permissions).
   

Code: [Select]

sudo chmod 777 /mnt/ramdisk
4. Create a container file in the RAMdisk
   

Code: [Select]

dd if=/dev/urandom of=/mnt/ramdisk/cryptainer bs=1M count=500
This creates a file called 'cryptainer' in /mnt/ramdisk that's 500MB (500 blocks of 1M each) in size (adjust count to be the same as the maxsize specification in step 2).

5. Create cryptainer in container file
First we find the first available loop device
   

Code: [Select]

sudo losetup -f
Now we loop mount the file /mnt/ramdisk/cryptainer at the loop device just reported.  This makes the cryptainer file show up as a block device (like a hard drive), but there's still no filesystem on it yet so you can't read and write files directly to it.
   

Code: [Select]

sudo losetup /dev/loopX /mnt/ramdisk/cryptainer
Then we create an encrypted container device inside our loop device with cryptsetup, using AES-XTS as the algorithm, and with a 512-bit key drawn from /dev/urandom.  The way this works is that the container device (cryptramdisk) shows up as a regular block device (at /dev/mapper/cryptramdisk) to the rest of the system but anything that's written to it is encrypted using the random key before being saved into the RAMdisk.  When a file is read the reverse happens.  Ordinarily, when you use cryptsetup you save the key somehow (whether in a file or in your head) so that you can unmount the device and remount it later and still have access to the data.  But we don't care about that.  We want to be able to instantly kill large amounts of data.  Once this container device is closed all data saved in it is gone forever because it's encrypted with an unknown key that's impossible to crack.
   

Code: [Select]

sudo cryptsetup create --cipher aes-xts-plain --key-size 512 cryptramdisk /dev/loopX -d /dev/urandom
Just for good measure to ensure there's plenty of entropy, we'll use badblocks to feed random data into the cryptainer.  Good encryption shows up as random data anyway, but I don't trust any single tool and filling the cryptainer with encrypted random data makes doubly sure there's not even a theoretical possibility of cryptanalysis.
   

Code: [Select]

sudo badblocks -swt random /dev/mapper/cryptramdisk
6. Mount the cryptainer
Next we make an ext2 filesystem on our cryptainer so that we can mount it like a regular hard drive.
   

Code: [Select]

sudo mkfs.ext2 /dev/mapper/cryptramdisk
Create a mountpoint
   

Code: [Select]

sudo mkdir /mnt/cryptramdisk
Mount the random-key-encrypted RAMdisk at /mnt/cryptramdisk
   

Code: [Select]

sudo mount /dev/mapper/cryptramdisk /mnt/cryptramdiskdelusions
Change the permissions so that you can write to the RAMdisk without being root
   

Code: [Select]

sudo chmod 777 /mnt/cryptramdisk
7. Write files
If you hate the lost+found folder like me get rid of it
   

Code: [Select]

cd /mnt/cryptramdisk
rm -rf ./lost+found
NOW, if you want to download a file from the Interwebs and don't want it to ever be saved in cleartext form or on a disk even in encrypted form, just save it to your RAMdisk.  The file will be encrypted before being stored in RAM but be accessible like it's stored on a regular hard disk or flash drive.  One thing you'll notice though is that things may download MUCH faster since your OS doesn't have to wait for the slow spinning drive to catch up.  It can write directly into RAM.

   Interwebs -> /mnt/cryptramdisk -> /dev/mapper/cryptramdisk -> /dev/loopX -> /mnt/ramdisk/cryptainer -> encrypted into RAM

If you want to keep the file, you can copy it to another (preferably encrypted) device or, if keeping others from getting your data is more important than losing it, just keep it in the RAMdisk and when the RAM loses power your data disappears into that big bit bucket in the sky.  Since the file is stored in RAM in encrypted form even a coldboot RAM attack won't enable access to it.  (Well, unless the adversary can also find the decryption key somewhere else in RAM, but I don't know how likely that is either.  Epoxy your RAM to the motherboard if you're really worried about cold-boot attacks.)

   Encrypted file in RAM -> /mnt/ramdisk/cryptainer -> /dev/loopX -> /dev/mapper/cryptramdisk -> /mnt/cryptramdisk -> Interwebs

8. When you're done, unmount the cryptainer
   

Code: [Select]

sudo umount /mnt/cryptramdisk
THIS IS THE LAST CHANCE TO SAVE YOUR DATA! Once you close the cryptainer the data is gone forever and ever because you don't know the 512-bit key.  A 512-bit key is 1.34078079 × 10^154.  Brute forcing it at a trillion trillion trillion trillion keys per second would take you 4251587994672754946 7275494672754946727 5494672754946727549 4672754946727549467 2754946727549467275 49467 millenia!  But I think that's a lot longer than the black helicopters will be after you so you'll be OK.
   

Code: [Select]

sudo cryptsetup remove cryptramdisk
Unmount the loop device
   

Code: [Select]

sudo losetup -d /dev/loopX
9. Just for good measure, overwrite the cryptainer file w/ random data and remove it
By default, shred overwrites 3 times, which is more than enough for RAM.  One time would probably be more than enough.
   

Code: [Select]

shred -ufv /mnt/ramdisk/cryptainer
10. Unmount the ramdisk and that RAM should be available for use by the system again.
   

Code: [Select]

sudo umount /mnt/ramdisk

If you're really worried about the stormtroopers kicking your door down you can set up a cron job or something that will run every few minutes and ask you to press a button or enter a code to keep your RAMdisk from being zapped.  Or you can script steps 8 through 10 and hook them to a keyboard shortcut or panic button.  The possibilities are endless.  One thing for sure is that with this method you don't have to worry about having to wait a long time to permanently destroy the data.  Securely wiping a few GB of RAM will only take a few seconds, and as far as I know there's no way even in the most paranoid delusions to recover what was stored in RAM a few write cycles ago.  And this method uses all standard Linux tools, so if you don't keep a shell history there won't even be a way to recover what commands you used.

This is my first tutorial, and I'm still learning the details of some of these tools, so I'm sure there's room for improvement.  Please leave feedback. 

Happy privacy!   

[Maxxx]

If you're really worried about the stormtroopers kicking your door down you can set up a cron job or something that will run every few minutes and ask you to press a button or enter a code to keep your RAMdisk from being zapped.  Or you can script steps 8 through 10 and hook them to a keyboard shortcut or panic button.  The possibilities are endless.  One thing for sure is that with this method you don't have to worry about having to wait a long time to permanently destroy the data.  Securely wiping a few GB of RAM will only take a few seconds, and as far as I know there's no way even in the most paranoid delusions to recover what was stored in RAM a few write cycles ago.  And this method uses all standard Linux tools, so if you don't keep a shell history there won't even be a way to recover what commands you used.

This is my first tutorial, and I'm still learning the details of some of these tools, so I'm sure there's room for improvement.  Please leave feedback. 

Happy privacy!   

I love the ideas at the end of your post. The possibilities are endless with it, and it is a very good part to an overall method.

One thing to watch out for would be not the data you're downloading being sent to swap but other actual web browser artifacts. Like URLs typed and so on. Also you'd have to be aware of artifacts cached by the browser itself. Such as the sqlite databases with Firefox.

I love this idea though and this is an excellent and structured tutorial as well. I may post it on the main blog like I have some of KenTheFurry's forum postings.

[watson_de]

Thank you Maxxx for your comments.  I would feel honored to have this posted on the main blog, especially since it's the very first post I've made here!

I'll look into those artifacts you spoke of, and when I'm confident that I've figured out how to deal with them I'll make an update or, depending on how involved it is, another tutorial.

[chango]

Interesting idea. But I see some weak points, and I dont think it's safe to use this alone. Let me explain myself:

With your idea, you are storing data in a temporary encrpypted filesystem in memory, and you assume it will never get swapped to disk. But, the memory of the processes that use that data can be swapped to disk, and in those processes memory the data is not encrypted. So with this idea alone you can never be really sure that incriminating data was not written plain to the harddisk. Also, even after unmounting the encrypted filesystem and wipeing it from memory, you cant be sure that parts of the data have not survived in memory, for example in filesystem buffers in kernel memory. And as plaintext data could also survive in the memory of userland processes.

1. The best way to be really sure that the contents of RAM are clean is to power off the computer and unplug power and battery for a few seconds (or minutes). See http://en.wikipedia.org/wiki/Cold_boot_attack
2. And for the harddisk, to be sure that the contents of RAM are not written to swap you can turn swap off. Or at least you should keep swap encrypted with a temporary key that is created randomly at boot time (not with a fixed key).

And as Maxxx pointed out, you still can be leaking incriminating data BEFORE you write it to your encrypted file system, for example it can leak while you're downloading it, etc (Maxxx example was firefox storing URLs in that sqlite db). To be more secure I would avoid any complex piece of software like firefox... is hard to feel safe when you dont know what your system is doing. If you want to download something you can use wget or curl, or even better netcat or socat with openssl, or ssh, etc.

Anyway I'm not trying to discredit you, your idea is very interesting and can be useful if combined with other antiforensic measures, IMHO
Chango

[watson_de]

Chango, thanks for your post.  Very good points.  I wasn't intending this to be used alone, but I didn't mention it.  I always run from a fully-encrypted system anyway like you suggested, so anything that does get swapped (in the very rare circumstance I run out of free RAM) doesn't get swapped out in plaintext form.  Unfortunately shutting swap off isn't an option for some people that don't have a lot of RAM.

When I post the next project I've been working on I hope you'll give it the same thorough attention.  You'll know it when you see it.  Thanks again.

[KenTheFurry]

Well I only see a few possible problems with this method, if you are just looking at the method and not the system as a whole...
lol first xts is a great mode but that not add essiv?
Second if you make it so anyone can read the contents of your folder in /mnt if an attacker had access you your system they would be able to get basic information about what is inside they could use hexdump or something like that, so I would sudo chown $USER: /mnt/cryptramdisk then sudo chmod 700 /mnt/cryptramdisk
(Note lol with mkfs.ext2, use the -m0 flag so no space is reserved you get more bang for your buck ) If it were me I would first create the holder with /dev/zero then once i use cryptsetup --cipher=aes-xts-essiv:sha256 --hash=whirlpool --key-size=512 --key-file=/dev/urandom create tmpfs-$RANDOM /dev/loopX
then I would use dd if=/dev/urandom of=/dev/mapper/tmpfs-(result from random number) bs=5M
Then give it a file system, and from there mount it with noexec,nosuid,nodev
once it is mounted give change the ownership of the folder over to yourself and make it so only the user can access it.

But I personally do not see the use of just placing things in ram when a physical disk works just as well and carries the same chances as chango brought up of a Cold Boot attack. also I have a fairly secure way of creating cryptographically secure keys that can be stored in plain sight and still keep your data secure. If someone wants me to post it please let me know.

[Maxxx]

But I personally do not see the use of just placing things in ram when a physical disk works just as well and carries the same chances as chango brought up of a Cold Boot attack. also I have a fairly secure way of creating cryptographically secure keys that can be stored in plain sight and still keep your data secure. If someone wants me to post it please let me know.

I'm sure everyone wants to know You're a pioneer in this field. Many who know what they're talking about won't go public. Either it's a trade secret or they could lose their whitehat job. Seems anti-forensics gets a bad rep.

[KenTheFurry]

-=:Semi-Advance Key Files:=-
Lol well the simple way to look at it is like this...
With Linux anything and everything can be treated like a block device... So why not chose your favorite song or least favorite song out of a library in the thousands, or maybe its a article... Some type of file and if you want you could just google some random things and download a picture that you could just repeat the process to get the file back.
Once you have that mount it as a loop device...
you use cryptsetup with what ever options you want using what ever alg, hash,key size, offset etc. This makes it so any file on the system even something like ping could be used as a key but it is much more than that because you can use any combination of options as long as your logs are properly disposed of any one file ever could have almost infinite possible keys because of all the separate options will be custom to each person who uses it and their key had better be unique also lol because if they change there key even by one bit there "decrypted" key will be different.
If this jumbled mess didnt make any sence to you here is a little script that does what I was mumbling about...

Code: [Select]

#!/bin/sh
#Note: If you are going to use this script make sure you have some why to make sure logs are destroyed /var/log/
#Logs may hold things like [CMD] losetup /dev/loop0 /path/to/key... that is not a good thing

#Root variables / things to edit
cipher="aes-xts-essiv:sha256" #Cipher used
hash="sha512" #Hashing method
keysize="512" #Size of your key
repeatPassword="1" #1=ask for password twice, 0=do not check password
myId=$(id -u)
if [ "$myId" != "0" ] ; then
  echo "This needs to be run as root."
  exit 2 # not root
fi
keyLocation="$1"
if [ -z "$keyLocation" ] ; then
  echo "No Key file given"
  exit 1 # 1 means bad keyfile
fi
if [ ! -r "$keyLocation" ] ; then
  echo "File does not exist"
  exit 1
fi
#Sets up the key file
loX=$(losetup -f)
losetup $loX $keyLocation
#Decrypts the key file with your password
if [ $repeatPassword = "1" ] ; then
  cryptsetup --cipher="$cipher" --hash="$hash" --key-size="$keysize" create Key $loX -y
else
  cryptsetup --cipher="$cipher" --hash="$hash" --key-size="$keysize" create Key $loX
fi
echo "Ok now use cryptsetup with what ever options you want just add\n--key-file=/dev/mapper/Key"
read varx
#Shutdown process
cryptsetup remove Key
losetup $loX -d
losetup $loX /dev/null # Hide path to key file
echo "Done ^^"
exit 0


[PSimon23]

I sent you in pm