I recently bought a NAS that supports iSCSI. I'd like to create a new LUN, and then from my computer, create a new dm-crypt/LUKS device on it and back up to it.
Is this secure? Could the data or passphrase/key be compromised if an attacker were to either a) initiate a passive (just gather data) or active (change data) man-in-the-middle attack over the link or b) gain access to the NAS? When I think it through, I can't see any problems with it, but I thought I should just check.
The way LUKS works is that it stores a (mostly encrypted) header on the underlying storage device. This header contains, among some other metadata, the actual data encryption key, encrypted under one or more passphrase-derived keys. This is what the LUKS "key slots" are for.
dm-crypt works essentially the same way, minus the header. For the purposes of your question, they can thus be considered for all intents and purposes identical.
All encryption and decryption of data, including LUKS metadata, takes place on the host where the LUKS mapping is made. The storage device underlying the mapping device node (what you'd normally create a file system on in a LUKS setup) only ever sees ciphertext produced by running the wanted-stored data through the selected encryption algorithm.
So as long as what you are doing is entering the passphrase into a process running locally on your own system, there really is nothing to launch a MITM attack against that wouldn't be there for any storage solution. Sure, an attacker can disrupt the storage itself by injecting storage commands to overwrite the critical LUKS metadata area, which will render all data inaccessible, or they can deny you access to the storage entirely, but those same attacks work exactly the same without LUKS so are not really a property of using LUKS, but of being able to issue storage-level commands against your storage without your authorization. You can mitigate this threat somewhat by using dm-crypt, since dm-crypt does not have any critical metadata of its own, or you can securely save a copy of the LUKS header, but you can't fully prevent attacks at this level.
The situation changes drastically if you are running the LUKS commands on the NAS itself, as if you do the NAS will have some degree of knowledge of the passphrase. In such a scenario, by compromising the security of the NAS' connection to your workstation (or the NAS itself) an attacker may very well be able to gain access to your passphrase, enabling easy full-plaintext recovery.
Of course, when running the LUKS commands on your workstation you'd instead have to ensure that the workstation computer is secure. The upside is that a PC running a full OS tends to have security updates delivered in a more timely fashion than most appliances, particularly after the appliance vendor has moved on to the next model, and that the software running on a PC is often easier to inspect than that running on an appliance. The downside is that there tends to be a lot more places to hide something fishy on a full-blown workstation system.
