SUMware
Premium
join:2002-05-21
| Disk encryption may not be secure enough
From C|Net News
February 21, 2008 - quote:
Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and view the contents of supposedly secure files.
In a paper [pdf] published on Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files.
"There seems to be no easy remedy for these vulnerabilities," the researchers say. "Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today's Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."
It's complicated, so read the article and pdf. |
|
OneHeart
join:2002-02-20 | TrueCrypt is also on the list. |
|
SUMware
Premium
join:2002-05-21
| said by OneHeart  :TrueCrypt is also on the list. Yes. said by C|Net :
The researchers say their technique works against Apple's FileVault, the BitLocker Drive Encryption feature included in the Enterprise and Ultimate versions of Windows Vista, the open-source product TrueCrypt, and the dm-crypt subsystem built into Linux kernels starting with 2.6.
|
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to SUMware
Concerns about this very thing when using WDE (whole disk encryption) in the latest version of TrueCrypt. No easy solution, apparently.
I just use straight volume encryption with TrueCrypt, and have it set to not cache passwords. I also have Windows set to clear the pagefile on shutdown. I lose no sleep.
I'm confident that if anyone can find a way to fix this issue in WDE, it's the fine and brilliant folks at TrueCrypt. |
|
SUMware
Premium
join:2002-05-21
1 edit | reply to SUMware
Countermeasures?
said by C|Net :
So what are the countermeasures? As I noted above, shutting down the system, zeroing memory on boot, and unmounting encrypted volumes are some options. The paper suggests others, including limiting booting from network or removable drives, better methods of putting a computer to sleep (perhaps involving encrypting the portions of memory with the keys to the file system), recomputing keys when they're needed to avoid keeping copies in memory, and hardware changes such as tamperproof or encrypting RAM.
There is one irony here. One Princeton Ph.D. student, Joseph Calandrino, is listed as having "performed this research while under appointment to the Department of Homeland Security." Because this research lets them bypass filesystem encryption in some cases, police agencies are the most obvious and immediate beneficiaries of this research.
As early as 1984, the FBI Laboratory began developing computer forensics hardware. And we know from the Scarfo, Forrester-Alba, and Boucher cases how intent federal police agencies are in trying to find ways to circumvent the privacy that encryption provides. If the feds didn't know about these techniques already--remember, they were years ahead of everyone else in inventing public key cryptography--today will be a very good day for Homeland Security.
[edit - added links] |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
3 edits | reply to SUMware
Re: Disk encryption may not be secure enough
If they can get SYSTEM access to my computer when its running, well, ofcourse they can get the encryption keys currently in use. Nothing strange here. If SYSTEM could not get the keys, it could not decrypt anything I have in the system.
LESSON: Dont let anyone to get your box OWN3D while its running with crypto going on. And for havens sake, dont let anything write the encryption keys or passphrases on plaintext on hdd or other media!
OK, I forgot this portion of the news:"describes is how to supercool the RAM chips with a can of compressed air held upside-down. Then the cooled memory can be physically extracted and inserted in another computer owned by the attacker."
THIS is a problem. Serious problem. We are used to believe that RAM is pretty safe, since when power is down, its content is gone. Well, it isnt. If someone can clearly find and point out what memory types are not vulnerable, PLEASE POST IT UP.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
The Snowman
Premium
join:2007-05-20 | reply to SUMware
Question:
would encrpting the Paging File prior to shut-down/deletion be of any help to twart this ?
|
|
ihaddsl
join:2001-12-05
/dev/hda0
 ·Comcast
1 edit | said by The Snowman : Question: would encrpting the Paging File prior to shut-down/deletion be of any help to twart this ? no, that does nothing for the RAM which is the attack vector. Similarly if you were to over write RAM on (graceful) shutdown, that doesn't help the case where the system is simply powered off forcibly. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to SUMware
Is there any way to easily overwrite old data in RAM?
I mean, starting computer up doesnt clear the whole RAM or does it? Booting some lame Knoppix wont consume enought RAM to clear it from sensitive data either? What can you do - except wait and hope for best?
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
·RoadRunner Cable
| Proves once again that physical access = owned.
There is a software memory wiper called SMEM. It was included in older versions of the System Rescue CD. I haven't downloaded a copy of System Rescue lately, so I don't know if it is still one of their packages. You would have to boot the System Rescue CD, then wipe your memory to go that route. I have used it when completely wiping a machine. In order for it to not stall and crash, I found that I had to set up a swap drive bigger than the amount of RAM in the machine (which System Rescue CD doesn't do on it's own). |
|
amungus
Premium
join:2004-11-26
America
clubs:
| reply to SUMware
Very interesting article SUMware.
This little part here almost made me laugh:
---
"Notably, using BitLocker with a Trusted Platform Module (TPM) sometimes makes it less
secure, allowing an attacker to gain access to the data even if the machine is stolen while it is completely
powered off."
page 13 - »citp.princeton.edu/pub/coldboot.pdf
---
I'm curious about one thing... why wouldn't Vista's "address space randomization" (whatever it's called...) do any good here? Should that not make it more difficult to find the keys? Could there be any way to sufficiently randomize it such that an analyst couldn't tell which pieces to put back together? Granted, that'd probably take some serious work, but it seems like it might be one way of making things more difficult... |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland | reply to SUMware
Easiest way to clear and wipe RAM is to reboot and let BIOS do the "Power-On Self Test" (POST). It will read/write whole RAM three times. End of game. |
|
Anon users
@anonymouse.org
| What's worse IS some new machines HAVE so-called Turbo flash memory installed AND some new HDs HAVE flash memory bundled with their magnetic dishes... Those are the Dream machines for your adversary...PowerDown won't help... 'They' just read it OUT from the FLASH MEMORY!!! |
|
Anon users
@anonymouse.org
| After reading the coldboot pdf, the best combo to combat this side-channel attack is STILL 'a Laptop running WDE with Truecrypt 5.0a' 
Imagine 'They' break in with WMD pointing to your head and You SHOULD HAVE unplugged your machine, what should 'they' do??? Rapidly remove your RAM from your machine and put it in a liquid Nitrogen container. Now that's the point why LAPTOP is better!!! Get a laptop that needs screws to replace RAM!!! Laptop motherboard is much hotter than your DESKTOP pc, at least 50 C, data in RAM be GONE in 60 SECONDS!!!
Also, figure 5 in the pdf is an overstated example. a key is just 32byte long and the key schedule a little bit longer. While our cognitive skill let us visualize 'the lady', doesn't mean 'they' can construct a key with 45-50 bit loss, come on!!!
So Dump your copy of PGP; Use WDE with Truecrypt 5.0a!!! The Tide HAS CHANGED |
|
SUMware
Premium
join:2002-05-21
| reply to mikenolan7
said by mikenolan7 :There is a software memory wiper called SMEM. It was included in older versions of the System Rescue CD. I haven't downloaded a copy of System Rescue lately, so I don't know if it is still one of their packages. Yes, thanks. SMEM is one of numerous integrated Linux commands.
From Sysresccd-manual-en Secure Deletion of Data quote:
SMEM from the THC-Secure Deletion Tools ( see »www.thc.org/releases.php?q=delete ) does a secure overwriting of unused memory (RAM)
For more information about SMEM, SRC, SHRED, etc. see:
Howto: Delete Files Permanently and Securely in Linux
smem - Secure memory wiper; used to wipe traces of data from your computer's memory (RAM) |
|
SUMware
Premium
join:2002-05-21 | reply to SUMware
Video presentation available here. |
|
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs: | reply to SUMware
Yeah, I saw this over at SANS. Swa Frantzen did a write up on it. |
|
The Snowman
Premium
join:2007-05-20 | reply to SUMware
Finally found time to read the pdf.....and to very quickly sum my thoughts up on this.......I definitely wont be lossing any sleep over this.....not so much as a wink. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to SUMware
This has been a known issue for a long time. I first learned of it back in the '90s but I don't remember exactly. As I recall, most any good ram checker will mitigate the problem and some computer BIOS software can check ram during POST, over-writing it with zeros and ones.
--
15 Answers to Creationist Nonsense
www.sciam.com/article.cfm?articleID=000D4FEC-7D5B-1D07-8E49809EC588EEDF |
|
jig
join:2001-01-05
Hacienda Heights, CA
 ·Verizon west (ex G..
| almost everyone has post checks turned off, and further, almost no-one does more than sleep, not power off.
in addition, if you swipe the whole laptop and it's in sleep mode, all you need to do is bring it to another machine where you've turned off all post clearing and swap the memory (frozen, if you want). |
|
