Methodology of Crack Full Disk Encryption
You just turned off your computer and hard drive is fully encrypted you could hand over your laptop to anyone and the information would be perfectly safe; however, that is incorrect. Most security experts assume that a computer’s memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment.
They show that these assumptions are incorrect. Contrary to popular belief, DRAMs used in most modern computers retain their contents for several seconds after power is lost, even at room temperature. In addition, if it’s removed from a motherboard. According to the article they show this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. Take a step back, from the cryptographic information and apply any information can be captured.
They present a suite of attacks that exploit DRAM remanence effects to recover cryptographic keys held in memory defeating several popular disk encryption systems, including BitLocker, TrueCrypt, and FileVault. These are three of the biggest SME players with BitLocker and FileVault being native OS file encryptions.
In the article, they “obtained surface temperatures of approximately −50 C with a simple cooling technique: discharging inverted cans of “canned air” duster spray directly onto the chips. At these temperatures, they typically found that less than 1% of bits decayed even after 10 minutes without power. To test the limits of this effect, they submerged DRAM modules in liquid nitrogen (ca. −196_C) and saw decay of only 0.17% after 60 minutes out of the computer.
They measured only 14,000 bit errors within a 1 MB test region (0.17% decay). This suggests that, even in modern memory modules, data may be recoverable for hours or days with sufficient cooling.”
While our principal focus is disk encryption, any sensitive data present in memory when an attacker gains physical access to the system can be subject to attack. Encrypting hard are the common countermeasure against data theft, and many users assume that disk encryption products will protect sensitive data even if an attacker has physical access to the machine. However, even a moderately skilled attacker can circumvent many disk encryption products.
Worse yet they were able to extracting RSA private keys from Apache web servers. As they have shown, SSL-enabled web servers are vulnerable, since they often keep in memory private keys needed to establish SSL sessions. Furthermore, methods similar to our key-finder would likely be effective for locating passwords, account numbers, or other sensitive data in memory.
They demonstrate the effectiveness of attacks by attacking several widely used disk encryption products, including BitLocker, TrueCrypt, and FileVault. Notably, using BitLocker with a Trusted Platform Module (TPM) sometimes makes it less secure, allowing an attacker to gain access to the data even if the machine is stolen while it is completely powered off.
Crack Full Disk Encryption
BitLocker differs from other disk encryption products in the way that it protects the keys when the disk is not mounted. In its default “basic mode,” BitLocker protects the disk’s master key solely with the Trusted Platform Module (TPM) found on many modern PCs. BitLocker differs from other disk encryption products in the way that it protects the keys when the disk is not mounted. In its default “basic mode,” BitLocker protects the disk’s master key solely with the Trusted Platform Module (TPM) found on many modern PCs.
A user-supplied password decrypts a header that contains both the AES key and a second key used to compute the IVs. With the recovered AES key but not the IV key, they can decrypt 4080 bytes of each 4096 byte disk block since the IV key is present in memory. In addition, login passwords are often used to protect the default keychain, which may protect passphrases for FileVault disk images.
They tested TrueCrypt versions running on a Linux system. By mounting an volume encrypted with a 256-bit AES key, briefly cut power to the system and used their memory imaging tools to record an image of the retained memory data. In both cases, their keyfind program was able to identify the 256-bit AES encryption key, which did not contain any bit errors.
Other methods for obtaining memory images without removing the DRAM is using privileged software running under the host operating system, or using DMA transfer on an external bus, such as PCI, mini-PCI, Firewire or PC Card. Unlike these techniques, their attacks do not require access to a privileged account on the target system, they do not require specialized hardware, and they are resistant to operating system countermeasures.
As an example, in a typical attack setup, a laptop connected to the target machine via an Ethernet crossover cable runs DHCP and TFTP servers as well as a simple client application for receiving the memory data. They have extracted memory images at rates up to 300 Mb/s (around 30 seconds for a 1 GB RAM) with gigabit Ethernet cards.
The simplest is to reboot the machine and launch a custom kernel with a small memory footprint that gives the adversary access to the retained memory. A more advanced attack briefly cuts power to the machine, then restores power and boots a custom kernel; this deprives the operating system of any opportunity to scrub memory before shutting down.
Many believe ECC-capable systems perform this wiping operation whether or not ECC memory is installed. However, ECC DRAMs are not immune to retention effects, and an attacker could transfer them to a non-ECC machine that does not wipe its memory on boot. Though, it is a possible avenue to explore.
During a warm boot, will normally ensure that the memory has no chance to degrade, though software will have an opportunity to wipe sensitive data prior to shut down; although, a cold boot, initiated using the system’s restart physical switch or by briefly removing and restoring power, will result in little or no decay pending the memory’s retention time. Restarting the system in this way denies the operating system and applications any chance to scrub memory before shutting down even with ECC.
Though they discuss several strategies for partially mitigating these risks, they know of no simple remedy that would eliminate them. Memory imaging attacks are difficult to defend against because cryptographic keys that are in active use need to be stored somewhere.
Physically protecting DRAM chips, and possibly making the contents of memory decay more readily but juggles the balance between security and usability.
Another approach is to encrypt data in the hard disk controller hardware, as in Full Disk Encryption (FDE) systems such as Seagate’s “DriveTrust” technology. This approach differs from typical disk encryption systems in that encryption and decryption are done by the disk controller rather than by software in the main CPU, and that the main encryption keys are stored in the disk controller rather than in DRAM.
Personally I believe a burned in chip on the motherboard to temporary store the keys will be the best mitigation. But for now, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys.