I want to prevent potential theft of my web application (source code + database) by my local hosting company, that I don't fully trust for some reason (but have no other choice but to use as they give, by far, the best latency over here).
I'm planning to encrypt a partition with cryptsetup
, and store the web directory + database files there.
The only issue is that I'll have to unlock the partition on every reboot (even uncontrolled ones), before I can start the web & database servers; but I guess I'm ready to live with that for now.
However, as far as I can read all over the web, encryption keys are stored as is in memory, and can be read given physical access to the machine, even from a dedicated machine using cold boot attacks. On a VM, I guess this is even simpler, as the hypervisor can take a snapshot of the whole server state (storage + RAM).
So as far as I can tell, it should be pretty easy to take a memory dump, and locate the encryption key at any time.
Is there any way to prevent this?
I know that controlling the hypervisor gives a huge advantage to someone attempting to steal data, and as such I'm not looking for a perfect solution here; but I'm rather trying to make it as hard as possible to get access to the data, so that it would not be economically viable to spend time & resources to get them.
I'm not really optimistic here, as encryption keys must be stored in some form in memory for decrypting, but I hope I missed something.
Edit - clarification
From my comment below:
I'm sure the hosting company's hypervisors are not modified in any way to perform any malicious operation; their business is hosting, not stealing things, and the company is relatively trustworthy. What I'm trying to protected against is someone bribing an employee to sell them a snapshot of the data. As long as the encryption key cannot be recovered from any snapshot the stock hypervisor can do, I consider the solution good enough for my use case.