 Hi, we're from a community ISP and we want to present you our solution for it's a tool we wrote it's called arbor and We wrote it to manage hard disk encryption keys next slide so you probably a lot of you know the problem you have like a Server with an encrypted hard disk and we have a lot of admins that need to access this hard disk. So next slide So what you do you share a password? Well, we can do better. I think Next slide Then there's another problem. You don't just have one server You have a whole bunch of servers and you need to have access to all of them. So you need to know like Several passwords and the next slide You need to type all those passwords for example consider you have a power outage and you have to type in like for half an hour Password so that's not really a convenient solution next slide so We thought well we can do better and we wrote a tool to address those problems and I want to start with a wish list that Captures what we want this tool to fulfill next slide Yeah, so we have mainly two things first that that's the per admin policy So we like to be able to say that a certain amount of admins have access to this and that disk and another subset of admins have access to all the disk and one admin has access to only one disk and We also like to ease the disk the key distribution next slide so for for the different kind of accesses we Kind of map a user to a lock slot. So looks has eight key slots and You just define which user is in which slot slot and then we can set the access like that next slide So If Alice wants to add access for Bob's she types Arbor at user Bob and the disk and then Arbor will add and will generate a new key next slide we'll generate the random locks key and Put that key into Bob slot next slide Further it will take the random locks key and encrypt it with Bob's GPG public key and Then we have an encrypted Locks random key which we can hand over to Bob next slide We can hand over this key distribution. We are male We can put it in a git repository push it and tell Bob to pull it next slide and Then Bob can actually just type in I want to open that disk and if the disk was closed Next slide It will take the encrypted file decrypted with the private key Send the key to the slot and open the disk next slide So there are two more items on our checklist. We want to do automation. So next slide I fear two examples of commands you can execute with Arbor. So in the first example you show that Arbor groups your disks by server and by location and You can just apply commands to to a whole bunch of disk by just saying I want to apply it to the whole server And you also have script hooks where you can define what kind of scripts get executed after After a certain action is performed. So You might imagine in the first command that there would be a post open hook That just starts all the v-servers after all the disks are opened and that works all automatically Then another very handy use case for automation is if if you consider that for example, you don't trust if anymore You want to remove her from all the disk you have so that should be also something that should happen really fast and time Okay, next slide then another item on our checklist is deniability, so We want to provide at least some form of deniability And this is achieved by storing the all the metadata that we have about the key also in the encrypted format So when you look at the at the Arbor key, you don't know For which server there is a key in it and you don't even know how many keys are in it because we apply random padding to the To the keys so you can always deny that you're even on the that you can even access a disk next slide That's a feature future work that you want to do and next slide