[Request] Use USB device for encryption key

[Moogle Stiltzkin]

when i tested encryption. there was an option to save encryption key onto usb device. Isn't that what you wanted?

[ukez]

when i tested encryption. there was an option to save encryption key onto usb device. Isn't that what you wanted?

Nah mate, I'm referring to the encryption on the device we're as you set the device to go on full lock down once the power is isolated. When you turn it on you need to have an admin present to login once the systems back online access the HDD menu area and then re-enter the password or plug up your USB stick with the encryption key on it and point the NAS to it before your HDD data is accessible again.

Say for example your on holiday, its your device, you're the admin but you have users in your house, house share or business (just examples) and your system was either accidentally powered down for PAT testing or some other reason or your UPS power depletes (if you even have a UPS) or you have a power outage and the people that you've allowed or given access to shared drives, general usage etc still need to gain access to their data. In cases like that where you have that top security level feature enabled ( which is good if you were burgled and your NAS was stolen ), they would be unable too gain access to their shared drives or any data until such time that they can either contact you, have you log in or you hand over your top level admin password for them to login and re-enable the HDD encryption key.

Keep in mind though if you were to give someone the top level admin rights they could login, access data they aren't even meant to see or worst still accidentally select the wrong menu settings and totally f**k all your data, yet QNAP thinks that's the best way forward..

Personally, I think a user manageable biometric fingerprint reader would be a nice touch for them to simply swipe to re-enable the encryption and HDD data, but that's just my two cents dream i guess

[Moogle Stiltzkin]

when i tested encryption. there was an option to save encryption key onto usb device. Isn't that what you wanted?

Nah mate, I'm referring to the encryption on the device we're as you set the device to go on full lock down once the power is isolated. When you turn it on you need to have an admin present to login once the systems back online access the HDD menu area and then re-enter the password or plug up your USB stick with the encryption key on it and point the NAS to it before your HDD data is accessible again.

Say for example your on holiday, its your device, you're the admin but you have users in your house, house share or business (just examples) and your system was either accidentally powered down for PAT testing or some other reason or your UPS power depletes (if you even have a UPS) or you have a power outage and the people that you've allowed or given access to shared drives, general usage etc still need to gain access to their data. In cases like that where you have that top security level feature enabled ( which is good if you were burgled and your NAS was stolen ), they would be unable too gain access to their shared drives or any data until such time that they can either contact you, have you log in or you hand over your top level admin password for them to login and re-enable the HDD encryption key.

Keep in mind though if you were to give someone the top level admin rights they could login, access data they aren't even meant to see or worst still accidentally select the wrong menu settings and totally f**k all your data, yet QNAP thinks that's the best way forward..

Personally, I think a user manageable biometric fingerprint reader would be a nice touch for them to simply swipe to re-enable the encryption and HDD data, but that's just my two cents dream i guess

Currently you have to manually unlock an encrypted volume on bootup. It would be nice if the QNAP NAS products could be configured to look at a particular USB port/device/partition/path/file for a key on bootup. This should be a fairly simple feature to add.

oo.... i see what you mean. Yeah that does sound awesome and secure. you can add my vote to that petition

uh... in regards to biometrics i heard that optical biometrics got easily circumvented using a printed out picture of the eye by some German hackers
https://www.engadget.com/2017/05/23/gal ... er-hacked/


I only trust complicated passwords preferably 256bit with a supplement of a 2 step approach authentication method. a plug/play usb encrypted key also is nice

[ukez]

If they did want to allow a fingerprint reader we could simply buy one of these stick it in provided they enabled the drivers and menu options.

COBO C2 USB Fingerprint Module


Failing that the USB stick unlock boot option would be fine.

[Moogle Stiltzkin]

yeah but i don't trust fingerprint lock security either
http://www.telegraph.co.uk/technology/2 ... ke-prints/


these biometrics.. once that data is available i worry that your password is as good as permanently lost once compromised. India should be most worried since they have the largest biometric database in the world. looks like a sitting ticking time bomb to me :X

Unlike a hex password, you can't just simply change that data/password to be something else. your stuck with it :X

maybe once technology develops to star trek era, security for biometric will be good enough. but i doubt it is right now.

usb is fine as long as you don't willy nilly plug it into unknown usb ports that may just steal your key. make the usb key strictly only for that QNAP unlocking.

[ukez]

yeah but i don't trust fingerprint lock security either
http://www.telegraph.co.uk/technology/2 ... ke-prints/


these biometrics.. once that data is available i worry that your password is as good as permanently lost once compromised. India should be most worried since they have the largest biometric database in the world. looks like a sitting ticking time bomb to me :X

Unlike a hex password, you can't just simply change that data/password to be something else. your stuck with it :X

maybe once technology develops to star trek era, security for biometric will be good enough. but i doubt it is right now.

usb is fine as long as you don't willy nilly plug it into unknown usb ports that may just steal your key. make the usb key strictly only for that QNAP unlocking.

Either or

[Don]

So let me understand this. You want a key stored on a USB stick that is always plugged in so that when a NAS is started (for what ever reason) the encryption is unlocked?

[schumaku]

So let me understand this. You want a key stored on a USB stick that is always plugged in so that when a NAS is started (for what ever reason) the encryption is unlocked?

Yes.
Or not unlocked if not plugged.
Automatically unlocked if plugged.
Automatically locked if removed.

Some Seagate NAS have (or had) this feature.

[Don]

So let me understand this. You want a key stored on a USB stick that is always plugged in so that when a NAS is started (for what ever reason) the encryption is unlocked?

Yes.
Or not unlocked if not plugged.
Automatically unlocked if plugged.
Automatically locked if removed.

Some Seagate NAS have (or had) this feature.

Doesn't seem very secure. If someone steals the NAS they would have the ability to unlock the encryption since the USB drive is attached.

[schumaku]

Doesn't seem very secure. If someone steals the NAS they would have the ability to unlock the encryption since the USB drive is attached.

No, it's not. I'm using a tiny metal USB dongle, which is on my key chain. Granted - key to gain physical access, USB key to unlock - worst case.

[Moogle Stiltzkin]

Personally, I think a user manageable biometric fingerprint reader would be a nice touch for them to simply swipe to re-enable the encryption and HDD data, but that's just my two cents dream i guess

thought you should know that Qualcomm came up with a new fingerprint scanner

Qualcomm Is Taking Fingerprint Scanners below the Surface
Apple and Samsung has been struggling to create fingerprint sensors that can work behind touchscreens, but Qualcomm has apparently beat them to the punch: the company revealed their "Qualcomm Fingerprint Sensors" technology during MWC Shanghai, which uses sensors that can scan through 800 micrometers of cover glass, work underwater, and even pick up a person's heartbeat and blood flow as an extra measure of security. Vivo managed to get first dibs on the technology.

[youtube=]zAp7nhUUOJE[/youtube]

[ukez]

So let me understand this. You want a key stored on a USB stick that is always plugged in so that when a NAS is started (for what ever reason) the encryption is unlocked?

Yes.
Or not unlocked if not plugged.
Automatically unlocked if plugged.
Automatically locked if removed.

Some Seagate NAS have (or had) this feature.

Doesn't seem very secure. If someone steals the NAS they would have the ability to unlock the encryption since the USB drive is attached.

Don, i think you've misunderstood.


1,The encryption key (i.e USB stick) would be used as an 'alternative unlock method' for our HDD data volumes encryption during boot up.

2,The KEY would be used specifically during the boot up process and once unlocked it would be removed and stored away.

3,To overcome concerns with regards to users leaving the KEY plugged in, QNAP's inbuilt alarm could activate at the end of the unlock completion process until the USB key was removed.

Alternatively...

To overcome any concerns with regards to users leaving the key plugged in, the removal of the USB could be a part of the encryption unlock process, whereas the unlock process wont even complete unless the USB stick has been removed.


The concept is NOT insecure at all, the way its developed could be but that would be down to the developer, the concerns of someone leaving the USB key knocking about is no greater than the concerns of someone leaving their admin password written down and left about too.


- - - - - - - - - - - - - - - - - -


Note: In 'some instances' QNAP admins or owners have their QNAP data volume encryption set to LOCK HDD volume during a power outage or system shutdown. Which is extra secure and great for protecting your data if your property was ever burgled and someone ran off with your NAS; the second they powered your device down to run off with it your HDD data would at least be secure and remain encrypted.


- - - - - - - - - - - - - - - - - -


If you have a QNAP in an office or home and its set with that type of security mentioned above and you're the admin (owner) and you have numerous users in the property, home or business that rely on shared drives 'on your device', if their ever was a temporary or accidental powered down or outage they will all instantly all lose access to their data.

In situations like that, even when the QNAP is switched back on it will still boot up, but its HDD encryption will remain LOCKED until such time that an admin physically logs in to QTS (QNAP GUI), navigates to the storage manager and then physically unlocks the encryption before anyone can regain access to their files.

Allot of the time users can't always instantly get hold of an admin any time soon for one reason or another to have them login to QTS to unlock the volume encryption. In fact allot of the time allot of the users of these QNAP devices are family's with the device admin being a mere family member who's at work, on vacation or simply unreachable.

Its in situations like that is where I think it would be more convenient to have a local USB encryption key alternative unlock method, which can specifically be used to unlock the QNAP's HDD encryption during its boot up process. It would be 10x easier for a family or staff member to plug in a USB encryption key during boot up than it would trusting them to log in via QTS and not accidentally f**king anything else up in the process.


- - - - - - - - - - - - - - - - - -


It would enable users to regain access to their data, and would definitely be more secure and convenient than issuing more users with full admin privilege just so they log in to the QNAPs QTS menu with all those privileges and access just to unlock the HDD's encryption. In fact giving more people admin rights where they would have access to everything, including files and data that they aren't even meant to see, devices settings where they can totally destroy all data is more scary and less manageable than it is simply allowing specific users to plug up a USB stick to unlock the encryption and then login as normal using their own credentials to regain access to their own data.

Worrying about losing, misplacing a USB stick and that being risky or a security risk is rubbish. You walk around with your house keys, car keys, your £700+ mobile phones with email accounts attached to them everyday in public and don't even think twice about that. Worry about issuing a simple HDD encryption key on a USB stick to people you trust or putting a KEY in a safe place until someone needs it by comparison is nothing really..

If i can allow someone keys to my business, keys to my home, permission to use shared drives, trust them around money and my family I'm pretty sure i can trust them with a USB stick. Its easier to trust them with a USB stick than it is trusting a none computer savvy person to full admin privilege where they might accidentally log in and push the wrong thing and destroy everyone's data, that's something else entirely.

[OneCD]

I think this would be a nice project for someone to take on. I'd be happy to write something up, but don't have the time right now and I don't use encrypted volumes (although, testing could be done with an external encrypted volume).

Some thoughts:

• "authorise" or "pair" a selected USB drive and use this as a dongle. USB drives don't always contain embedded serial numbers, so use something like dd to write a unique value into a sector (maybe first unused sector on first track, etc...). This wouldn't make it copy-proof - merely harder to copy a paired drive for the average person.
• Store the volume unlock code somewhere on the NAS. This does present a slight security risk. Thinking out-loud, maybe store this on the DOM? Then if NAS drives-only are stolen, the unlock key wont travel with them. Or use some obfuscation method so unlock key isn't stored plaintext.
• Add an autorun system.
• Add a script to check for the existence of the paired USB drive during NAS boot and read the unique value. If correct, then use the NAS stored unlock code to unlock volume via a script with addition of audible alarms, LCD messages or flashing LEDs to prompt operator (where possible).
• make all this into a QPKG.

[buggy82]

I like the idea of a USB flash drive to unlock encrypted volumes for more reasons, than already been stated before in this thread:

• You could store the actual key (not password!!) as a file on the flash drive and don´t have to make compromises by having a (whatever complicated) password to decrypt the volumes. Passwords are always lowering security in comparison to using encryption key files. Imho this is why any shortcuts to decrypt a device ("Bitlocker Recovery Key") using anything shorter than the original encryption key is not a good thing from a security perspective.
• *Tin-foil-hat on* If you have USB flash drive decryption only and password based decryption disabled, you cannot be forced to hand out a password in certain situations. Those "forcing" authorities could be the US´ or your nations´ IRS, CIA, NSA, MPAA, RIAA, you name it.

This might be one reason, this feature is not implemented yet. This thread is from 2009, right?
*Tin-foil-hat off*

@OneCD: I really like your idea of a user/the community implementing such a feature on its own, while the manufacturer ignores this feature request obviously. As such a feature is likely to compromise security if not implemented right, some professionals should at least peer-review the design and implementation.

Some feedback to some of your points:

Some thoughts:

• Store the volume unlock code somewhere on the NAS. This does present a slight security risk. Thinking out-loud, maybe store this on the DOM? Then if NAS drives-only are stolen, the unlock key wont travel with them. Or use some obfuscation method so unlock key isn't stored plaintext.
  .

Sorry, but this is not just "a slight security risk" but the one of the worst security "NO-NO" I´ve read about for some time.

1. The DOM is just a simple USB device with Linux partitions on it. If you want to put volume decryption keys on it, they must be encrypted with just the same security level as the harddisks themselves, not just "some obfuscation". Summary: You need a full decryption key to decrypt another (set of) full decryption key(s). Where is the sense in doing that?
2. What if someone just takes/steals the whole NAS ?

• "authorise" or "pair" a selected USB drive and use this as a dongle. USB drives don't always contain embedded serial numbers, so use something like dd to write a unique value into a sector (maybe first unused sector on first track, etc...). This wouldn't make it copy-proof - merely harder to copy a paired drive for the average person.

Nice idea, but I think you need special hardware for this. It won´t work out using retail USB flash drives without a hard-coded (e.g. write-protected) unique identifier on it, that cannot be emulated on another device. Anything you can write by software on a USB flashdrive you can also copy to another stick. As you need multiple USB flash drives for redundancy reasons anyway, I don´t think a copy-protection is worth implementing.

Kind Regards,
buggy82

Reading Recommendation: Wikipedia (en): Veracrypt

[OneCD]

You could store the actual key (not password!!) as a file on the flash drive and don´t have to make compromises by having a (whatever complicated) password to decrypt the volumes.

Great! I didn't know volume encryption supported key files but, yes, this would be much better. As mentioned, I don't use encrypted volumes.

As such a feature is likely to compromise security if not implemented right, some professionals should at least peer-review the design and implementation.

Agreed. I'm not a security professional, so I welcome any feedback from those who are.

Sorry, but this is not just "a slight security risk" but the one of the worst security "NO-NO" I´ve read about for some time.

No worries - thanks (see above). My intention here was to contain the unlock password in a secure environment (within the NAS) instead of keeping it out in the open (on a USB stick). I guess though, that to use the unlock key password or key file, the user still needs to login to the NAS as admin. If they can't do that, then there's probably no issue storing the unlock file external to the NAS.

Nice idea, but I think you need special hardware for this. It won´t work out using retail USB flash drives without a hard-coded (e.g. write-protected) unique identifier on it, that cannot be emulated on another device. Anything you can write by software on a USB flashdrive you can also copy to another stick. As you need multiple USB flash drives for redundancy reasons anyway, I don´t think a copy-protection is worth implementing.

For the idea I suggested, no special hardware is needed. 'dd' can do this. It was only to prevent the average person copying the USB stick (and associated identifier). Naturally, someone who knows what they're doing would have no trouble copying this.