Blog

Categories:

17. 9. 2024

Security Cryptography

Sharing files with NFS protocol and cryptography

Network File System (NFS) a kryptografie

While file sharing using the Network File System (NFS) currently supports cryptography, this has not always been the case. In addition, it is necessary to be aware of how cryptography is implemented, what it means. Does it address data confidentiality, data integrity, or is it at the core of authentication mechanisms? Answering these questions is not easy. NFS only began to address them in advanced versions around 2000. For these reasons, the main problems are the protection of integrity and confidentiality. These problems have solutions, but it is necessary to get rid of old versions that do not support this functionality.

History and Properties

The original NFS was created around 1983 in SUN's development department and was intended to provide file sharing across different systems. Bad Languages claim that NFS is short for No File Security, and it was certainly true for early versions.

But with the advent of NFSv4, security took on a higher priority. Although there was no new encryption standard at first, at least the DES algorithm was used, later other algorithms were added. Encryption was tied to the Kerberos protocol. While NFS has slightly receded from being the majority platform, it is still an important protocol. It is supported on *NIX systems, various shared disk storage, so it is important to know the limitations and ensure appropriate settings. Below is an overview of the different NFS versions and their functionalities.

Version	Year	Protocols	Features	Accounts
NFSv1	1994	UDP	Basic file sharing 32-bit filesystem structure with files <2GB Basic authentization	Local
NFSv2 (RFC 1049)	1989	UDP	Basic file sharing 32-bit filesystem structure with files <2GB Basic authentization with: - UID and GID (transported over network) - NIS/YP Support for UDP transportFeatures	Local NIS
NFSv3 (RFC 1813	1995	2049/udp 2049/tcp	64-bit filesystem structure with files >2GB Asynchronous operations Support for symbolic links Support for hardlinks Support for large block transport Filesystem metadata support Support for TCP transport Support for NULL authenticationBasic authentization with: - UID and GID (transported over network) - NIS/YP - NIS+ Support for local authentication mechanisms	Local NIS/NIS+ LDAP
WebNFS	1996	2049/tcp	Extension of NFSv2/NFSv3 Support for TCP transport (WITHOUT TLS, REQUIRE VPN)	Local NIS/NIS+ LDAP
NFSv4 (RFC 3010) (RFC 3530)	2000	2049/tcp	Full TCP support (without UDP) Statefull connection Support for file locking Supported ACL and rights delegation Chaining commands in single request Support Kerberos authentication Support encryption (based on Kerberos)	Local NIS/NIS+ LDAP
NFSv4.1 (RFC 5661) (RFC 8881)	2010	2049/tcp	Parallel NFS (NFSp - access parallelization) Better scalling, load balancing and availability Better client and server management	Local NIS/NIS+ LDAP
NFSv4.2 (RFC 7862)	2016	2049/tcp	Support for Server side copy Support for Sparse files Better data checksums Support NFS over TLS (NFSs) Support Integrity Measurement Architecture (IMA - metadata)	Local NIS/NIS+ LDAP

Supported cryptography

Ensuring encryption and integrity checks uses the algorithm chosen when negotiating using the Kerberos protocol. NFS supports only this method to ensure protection of negotiations. The negotiated mechanisms then allow to determine the data encryption algorithm and the cryptographic checksum, where support for each algorithm is listed in the following table.

Type	Algorithms	NFSv1	NFSv2	NFSv3	NFSv4	NFSv4.1	NFSv4.2
0x01	des-cbc-crc (weak)	-	-	-	Yes	Yes	Yes
0x02	des-cbc-md4 (weak)	-	-	-	Yes	Yes	Yes
0x03	des-cbc-md5 (weak)	-	-	-	Yes	Yes	Yes
0x04	reserved (slabé)	-	-	-	-	-	-
0x05	des3-cbc-md5 (weak)	-	-	-	-	-	-
0x06	reserved (slabé)	-	-	-	-	-	-
0x07	des3-cbc-sha1 (weak)	-	-	-	Yes	Yes	Yes
0x09	DSAWithSHA1-CmsOID	-	-	-	-	-	-
0x0a	MD5WithRSAEncryption-CmsOID	-	-	-	-	-	-
0x0b	SHA1WithRSAEncryption-CmsOID	-	-	-	-	-	-
0x0c	rc2-cbc-sha1 (weak)	-	-	-	-	-	-
0x0d	RSAEncryption-EnvOID	-	-	-	-	-	-
0x0e	RSAES-OAEP-EnvOID	-	-	-	-	-	-
0x0f	des-ede3-cbc (weak)	-	-	-	-	-	-
0x10	des3-cbc-sha1-kd	-	-	-	-	-	-
0x11	aes128-cts-hmac-sha1-96 (obsolete)	-	-	-	-	Yes	Yes
0x12	aes256-cts-hmac-sha1-96 (obsolete)	-	-	-	-	Yes	Yes
0x13	aes128-cts-hmac-sha256-128	-	-	-	-	Yes	Yes
0x14	aes256-cts-hmac-sha384-192	-	-	-	-	Yes	Yes
0x17	arcfour-hmac / rc4-hmac (weak)	-	-	-	Yes	Yes	Yes
0x18	arcfour-hmac-ext / rc4-hmac-exp (40b key, weak)	-	-	-	Yes	Yes	Yes
0x19	camellia128-cts-chmac	-	-	-	-	Yes	Yes
0x20	camellia256-cts-cmac	-	-	-	-	Yes	Yes
0x41	subkey-keymaterial	-	-	-	-	-	-

Server side support - Kerberos

Starting NFS on the server side with secured protection requires a functioning Kerberos, preferably tied to some LDAP system for authentication. Since the most commonly used LDAP system at present is Active Directory, it is advisable to use this system and provide central user management.

Initial configuration

To configure on the server side, you must load a set of installation packages, in this case for debian-based distributions:
# apt install realmd krb5-user adcli sssd samba-common nfs-kernel-server gssproxy -y

The /etc/krb5.conf file must contain:
[libdefaults]
  default_realm = NFS.Domain
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
  allow_weak_crypto= false
  default_tkt_enctypes = aes256-cts-hmac-sha1-96

[realms]
  NFS.DOMAIN = {
    kdc = ADServerName.NFS.Domain
    admin_server = ADServerName.NFS.Domain
    default_domain = nfs.domain
  }

[domain_realm]
.NFS.Domain = NFS.Domain
NFS.Domain = NFS.Domain

Where the ADServerName item is the Active Directory name of the server and the NFS.Domain is the domain name in which the NFS is provided. Thanks to the NSS, a domain can be e.g. a DNS domain. Within the configuration, it is possible to define the type of encryption required, where AD currently only supports RC4 and AES-CTS with integrity check using SHA1 (on top of that, trimmed from 160 bits to 96 bits). However, specifying the required encryption may conflict with the defined policy, in which case it will not be possible to connect.

The /etc/nfs.conf file must contain:
[gssd]
use-gss-proxy=1

The /etc/default/nfs-common file must contain:
NEED_GSSD="yes"

You also need to enter the following commands from the shell environment to initialize the shell environment:
# kinit Administrator
# realm discover NFS.Domain
# realm join --user-principal=linuxnfsuser/ThisMachineFQDN@NFS.Domain NFS.Domain

For NFS server it is necessary to enter
# realm join --user-principal=linuxnfsuser/kerberos-nfsserver.NFS.Domain@NFS.Domain NFS.Domain

For NFS client it is necessary to enter
# realm join --user-principal=linuxnfsuser/kerberos-nfsclient.NFS.Domain@NFS.Domain NFS.Domain

Configure DNS records and SPNs

For proper functionality it is necessary to add corresponding records for the NFS server (kerberos-nfsserver) and for the NFS client (kerberos-nfsclient). In this case, these records are at addresses 192.168.1.10 and 192.168.1.11, they must refer to the NS domain NFS.Domain.
# Add-DnsServerResourceRecordA -CreatePtr -Name kerberos-nfsserver -IPv4Address 192.168.1.10 -ZoneName NFS.Domain
# Add-DnsServerResourceRecordA -CreatePtr -Name kerberos-nfsclient -IPv4Address 192.168.1.11 -ZoneName NFS.Domain

You also need to set the Service Principal Name for NFS:
# setspn -S linuxnfsuser/ThisMachineFQDN kerberos-nfsserver
# setspn -S linuxnfsuser/ThisMachineFQDN kerberos-nfsclient

# setspn -L kerberos-nfsserver
# setspn -L kerberos-nfsclient

This completes the configuration of DNS records and SPNs, further it is possible to continue with the configuration of NFS server and NFS client.

Configuration on the NFS server side

Since we have Linux associated with Active Directory using Kerberos and created SPNs, it is possible to start configuring your own NFS server for sharing.

The /etc/exports file must contain the following definitions for /nfsshare folder sharing:
/nfsshare gss/krb5p(rw,sync)

Where the following encryption set transfer from Kerberos ticket is valid for cryptographic protection settings:
- krb5: Authentication
- krb5i: Authentication and integrity
- krb5p: Authentication, Integrity and Encryption

It is then necessary to restart NFS services from the command line:
# service rpc-gssd restart
# service gssproxy restart
# service nfs-kernel-server restart
# /etc/init.d/nfs-common restart

NFS Client Configuration:

After setting up the NFS server and providing the shared folder, it is possible to allow the client to connect to the NFS server. This requires the following series of modifications:
# apt install nfs-common gssproxy -y

In /etc/nfs.conf you need to set:
use-gss-proxy=1

In /etc/default/nfs-common you need to set:
NEED_GSSD="yes"

In /etc/gssproxy/99-nfs-client.conf you need to set:
[service/nfs-server]
  mechs = krb5
  socket = /run/gssproxy.sock
  cred_store = keytab:/etc/krb5.keytab
  cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
  cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
  cred_usage = initiate
  allow_any_uid = yes
  trusted = yes
  kernel_nfsd = yes
  euid = 0

It is then necessary to restart the services associated with providing the NFS function of the client:
# service rpc-gssd restart
# service gssproxy restart
# /etc/init.d/nfs-common restart

Finally, you can attach a folder from the server side:
# mount -t nfs4 -o sec=krb5p kerberos-nfsserver.nfs.domain:/nfsshare /mnt

If you need to provide the user side with Kerberos token recovery automation, you can enter a command in the .profile file to provide the service:
/usr/bin/kinit KRB-CLT$ -t /etc/krb5.keytab

Reference:

Solaris
Zdroj: https://docs.oracle.com
FreeBSD
Zdroj: https://docs.freebsd.org
ArchLinux
Zdroj: https://wiki.archlinux.org
Debian
Zdroj: https://wiki.debian.org
Ubuntu
Zdroj: https://ubuntu.com
Microsoft
Zdroj: https://learn.microsoft.com

Autor článku:

Jan Dušátko

Jan Dušátko has been working with computers and computer security for almost a quarter of a century. In the field of cryptography, he has cooperated with leading experts such as Vlastimil Klíma or Tomáš Rosa. Currently he works as a security consultant, his main focus is on topics related to cryptography, security, e-mail communication and Linux systems.

1. Introductory Provisions

1.1. These General Terms and Conditions are, unless otherwise agreed in writing in the contract, an integral part of all contracts relating to training organised or provided by the trainer, Jan Dušátko, IČ 434 797 66, DIČ 7208253041, with location Pod Harfou 938/58, Praha 9 (next as a „lector“).
1.2. The contracting parties in the general terms and conditions are meant to be the trainer and the ordering party, where the ordering party may also be the mediator of the contractual relationship.
1.3. Issues that are not regulated by these terms and conditions are dealt with according to the Czech Civil Code, i.e. Act No.89/2012 Coll.
1.4. All potential disputes will be resolved according to the law of the Czech Republic.

2. Creation of a contract by signing up for a course

2.1. Application means unilateral action of the client addressed to the trainer through a data box with identification euxesuf, e-mailu with address register@cryptosession.cz or register@cryptosession.info, internet pages cryptosession.cz, cryptosession.info or contact phone +420 602 427 840.
2.2. By submitting the application, the Client agrees with these General Terms and Conditions and declares that he has become acquainted with them.
2.3. The application is deemed to have been received at the time of confirmation (within 2 working days by default) by the trainer or intermediary. This confirmation is sent to the data box or to the contact e-mail.
2.4. The standard time for registration is no later than 14 working days before the educational event, unless otherwise stated. In the case of a natural non-business person, the order must be at least 28 working days before the educational event.
2.5. More than one participant can be registered for one application.
2.6. If there are more than 10 participants from one Client, it is possible to arrange for training at the place of residence of the intermediary or the Client.
2.7. Applications are received and processed in the order in which they have been received by the Provider. The Provider immediately informs the Client of all facts. These are the filling of capacity, too low number of participants, or any other serious reason, such as a lecturer's illness or force majeure. In this case, the Client will be offered a new term or participation in another educational event. In the event that the ordering party does not agree to move or participate in another educational event offered, the provider will refund the participation fee. The lack of participants is notified to the ordering party at least 14 days before the start of the planned term.
2.8. The contract between the provider and the ordering party arises by sending a confirmation from the provider to the ordering party.
2.9. The contract may be changed or cancelled only if the legal prerequisites are met and only in writing.

3. Termination of the contract by cancellation of the application

3.1. The application may be cancelled by the ordering party via e-mail or via a data mailbox.
3.2. The customer has the right to cancel his or her application for the course 14 days before the course takes place without any fees. If the period is shorter, the subsequent change takes place. In the interval of 7-13 days, an administrative fee of 10% is charged, cancellation of participation in a shorter interval than 7 days then a fee of 25%. In case of cancellation of the application or order by the customer, the possibility of the customer's participation in an alternative period without any additional fee is offered. The right to cancel the application expires with the implementation of the ordered training.
3.3. In case of cancellation of the application by the trainer, the ordering party is entitled to a full refund for the unrealized action.
3.4. The ordering party has the right to request an alternative date or an alternative training. In such case, the ordering party will be informed about all open courses. The alternative date cannot be enforced or enforced, it depends on the current availability of the course. If the alternative training is for a lower price, the ordering party will pay the difference. If the alternative training is for a lower price, the trainer will return the difference in the training prices to the ordering party.

4. Price and payment terms

4.1. By sending the application, the ordering party accepts the contract price (hereinafter referred to as the participation fee) indicated for the course.
4.2. In case of multiple participants registered with one application, a discount is possible.
4.3. The participation fee must be paid into the bank account of the company held with the company Komerční banka č. 78-7768770207/0100, IBAN:CZ5301000000787768770207, BIC:KOMBCZPPXXX. When making the payment, a variable symbol must be provided, which is indicated on the invoice sent to the client by the trainer.
4.4. The participation fee includes the provider's costs, including the training materials. The provider is a VAT payer.
4.5. The client is obliged to pay the participation fee within 14 working days of receipt of the invoice, unless otherwise stated by a separate contract.
4.6. If the person enrolled does not attend the training and no other agreement has been made, his or her absence is considered a cancellation application at an interval of less than 7 days, i.e. the trainer is entitled to a reward of 25% of the course price. The overpayment is returned within 14 days to the sender's payment account from which the funds were sent. Payment to another account number is not possible.
4.7. An invoice will be issued by the trainer no later than 5 working days from the beginning of the training, which will be sent by e-mail or data box as agreed.

5. Training conditions

5.1. The trainer is obliged to inform the client 14 days in advance of the location and time of the training, including the start and end dates of the daily programme.
5.2. If the client is not a student of the course, he is obliged to ensure the distribution of this information to the end participants. The trainer is not responsible for failure to comply with these terms and conditions.
5.2. By default, the training takes place from 9 a.m. to 5 p.m. at a predetermined location.
5.3. The trainer can be available from 8 a.m. to 9 a.m. and then from 17 a.m. to 6 p.m. for questions from the participants, according to the current terms and conditions.
5.4. At the end of the training, the certificate of absorption is handed over to the end users.
5.5. At the end of the training, the end users evaluate the trainer's approach and are asked to comment on the evaluation of his presentation, the manner of presentation and the significance of the information provided.

6. Complaints

6.1. If the participant is grossly dissatisfied with the course, the trainer is informed of this information.
6.2. The reasons for dissatisfaction are recorded in the minutes in two copies on the same day. One is handed over to the client and one is held by the trainer.
6.3. A statement on the complaint will be submitted by e-mail within two weeks. A solution will then be agreed within one week.
6.4. The customer's dissatisfaction may be a reason for discontinuing further cooperation, or financial compensation up to the price of the training, after deduction of costs.

7. Copyright of the provided materials

7.1. The training materials provided by the trainer in the course of the training meet the characteristics of a copyrighted work in accordance with Czech Act No 121/2000 Coll.
7.2. None of the training materials or any part thereof may be further processed, reproduced, distributed or used for further presentations or training in any way without the prior written consent of the trainer.

8. Liability

8.1. The trainer does not assume responsibility for any shortcomings in the services of any third party that he uses in the training.
8.2. The trainer does not assume responsibility for injuries, damages and losses incurred by the participants in the training events or caused by the participants. Such costs, caused by the above circumstances, shall be borne exclusively by the participant in the training event.

9. Validity of the Terms

9.1 These General Terms and Conditions shall be valid and effective from 1 October 2024.