[Infowarrior] - More on... Disk encryption may not be secure enough

[Richard Forno]

Disk encryption may not be secure enough, new research finds
Posted by Declan McCullagh | 18 comments
http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede

Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then
view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to
protect sensitive data, the researchers describe how they can extract the
contents of a computer's memory and discover the secret encryption key used
to scramble files. (I tested these claims by giving them a MacBook with
FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the
researchers say. "Simple software changes are likely to be ineffective;
hardware changes are possible but will require time and expense; and today's
Trusted Computing technologies appear to be of little help because they
cannot protect keys that are already in memory. The risk seems highest for
laptops, which are often taken out in public in states that are vulnerable
to our attacks. These risks imply that disk encryption on laptops may do
less good than widely believed."

The nine researchers listed on the paper include San Francisco-area
programmers Jacob Appelbaum and Seth Schoen and a team of Princeton
University computer scientists such as graduate students J. Alex Halderman
and Nadia Heninger and professor Ed Felten. The paper is titled "Lest We
Remember: Cold Boot Attacks on Encryption Keys."
Click for gallery

Their technique doesn't attack the encryption directly. Rather, it relies on
gaining access to the contents of a computer's RAM--through a mechanism as
simple as booting a laptop over a network or from a USB drive--and then
scanning for encryption keys. How the scan is done is one of the most clever
portions of the paper.

The reason I say this research could prompt a rethinking of how to protect
data is that many of us who use encrypted file-systems believe that if our
computers are lost or stolen, our data will be secure. But if a thief (or
nosy border guard, or FBI agent) nabs my laptop locked with a screen saver
or in sleep mode with the RAM intact, the paper shows that encryption
provides no protection.

"You can't rely on the screen saver," said Peter Gutmann, a computer science
professor at the University of Auckland in New Zealand who has done related
work but is not affiliated with Thursday's paper. "If you really are that
worried, you have to turn off your PC."

The researchers say their technique works against Apple's FileVault, the
BitLocker Drive Encryption feature included in the Enterprise and Ultimate
versions of Windows Vista, the open-source product TrueCrypt, and the
dm-crypt subsystem built into Linux kernels starting with 2.6. The other
researchers include William Clarkson, William Paul, and Ariel J. Feldman.

In its marketing literature, Apple promises that, with FileVault turned on,
"the data in your home folder is encoded and your information is secure if
your computer is lost or stolen." When I contacted the company for comment,
Apple would say only this: "Apple takes security very seriously and has a
great track record of addressing potential vulnerabilities before they can
affect users. We always welcome feedback on how to improve security on the
Mac."

Microsoft was more forthcoming, saying:

    The claims detailed in the Princeton paper are not vulnerabilities, per
se, but simply detail the fact that contents that remain in a computer's
memory can be accessed by a determined third party if the system is running.
BitLocker is an effective solution to help safe guard personal and private
data on mobile PCs and provides a number of protection options that meet
different end-user needs. Like all full volume encryption products BitLocker
has a key-in memory when the system is running in order to encrypt/decrypt
data, on the fly, for the drive/s in use. If a system is in 'Sleep mode' it
is, in effect, still running. We recognize users want advice with regards to
BitLocker and have published best practice guidance in the Data Encryption
Toolkit (available here). In it we discuss the balance of security and
usability and detail that the most secure method to use BitLocker is
hibernate mode and with multi-factor authentication.

At this point, clever readers might be thinking: If the attack involves
executing a specific memory-dump utility while rebooting, then Apple, HP,
Toshiba, and so on can simply lock down the hardware to prevent any such
utility from being run until the RAM can be safely wiped. Problem solved?

Well, not so fast. Another interesting technique that Thursday's paper
describes is how to supercool the RAM chips with a can of compressed air
held upside-down. Then the cooled memory can be physically extracted and
inserted in another computer owned by the attacker. (If the memory is
permanently affixed to the motherboard, there are still other methods [PDF]
that can be used.)

The paper states:

    Contrary to the expectation that DRAM loses its state quickly if it is
not regularly refreshed, we found that most DRAM modules retained much of
their state without refresh, and even without power, for periods lasting
thousands of refresh intervals. At normal operating temperatures, we
generally saw a low rate of bit corruption for several seconds, followed by
a period of rapid decay. We obtained surface temperatures of approximately
?50 degrees C with a simple cooling technique: discharging inverted cans of
"canned air" duster spray directly onto the chips. At these temperatures, we
typically found that fewer than 1% of bits decayed even after 10 minutes
without power. To test the limits of this effect, we submerged DRAM modules
in liquid nitrogen (ca. ?196 degrees C) and saw decay of only 0.17% after 60
minutes out of the computer.

Gutmann, the New Zealand computer scientist, previewed this kind of attack
in a 1996 paper that said: "To extend the life of stored bits with the power
removed, the temperature should be dropped below -60 degrees C. Such cooling
should lead to weeks, instead of hours or days, of data retention."

But in reality, such extreme methods probably won't be necessary. If
thieves, FBI agents, or border guards have physical access to a computer
that's turned on, they have other options. In 2004, Maximillian Dornseif
showed how to extract the contents of a computer's memory merely by plugging
in an iPod to the Firewire port. A subsequent presentation by "Metlstorm" in
2006 expanded the Firewire attack to Windows-based systems.

Translation: If you use an encrypted file-system and want privacy and
security when you're not using your computer, you need to shut down your
computer and wait a few minutes for the RAM contents to vanish. Another
option for sensitive files is to use an encrypted volume like a PGP disk and
unmount it as soon as you're done.

That assumes PGP erases the encryption keys from memory once the volume is
unmounted, which the company swears it does. "We go well beyond that," said
John Dasher, PGP Corporation's director of product management, adding that
PGP products take "very elaborate measures to make sure that things are
properly and completely disposed of."

He downplayed the potential threat to users of PGP, which provides both
whole disk encryption and volume encryption and the researchers speculate
will be vulnerable as well. "We never say buy whole disk and you're done,"
Dasher said. "You want to protect the device. You want to protect the data
itself. And of course you're not going to get rid of your network
protection. Security's not about buying whole disk encryption (and calling
it a day)."

In response to the overall claim about the vulnerability of encrypted
file-systems, Dasher said, "Even if it's true, I don't know if it changes my
behavior."

It's been known for a long time--at least since Gutmann's 1996 paper--that
encryption keys are vulnerable when stored in memory. And additional
research (PDF) by Adi Shamir and Nicko van Someren two years later talks
about identifying encryption keys by scanning hard drives.

By demonstrating the limits of off-the-shelf encryption products, what the
research published on Thursday may do is shift the debate from academic
arguments to how to protect users in real-world situations. It also advances
previous research by calculating how long dynamic RAM chips hold their
contents at different temperatures (little decay until a few seconds elapse)
and offering algorithms to reconstruct encryption keys even when the
contents of memory have begun to decay.

The reconstruction technique works by taking into account what's known as a
"key schedule" for algorithms such as DES and AES, the U.S. government's
Advanced Encryption Standard. A key schedule is used in certain kinds of
ciphers that do multiple rounds of encryption. The computer scientists said
that it takes them "a few seconds" to reconstruct AES keys with 10 percent
of the bits decayed; the more decay, the longer it takes.

So what are the countermeasures? As I noted above, shutting down the system,
zeroing memory on boot, and unmounting encrypted volumes are some options.
The paper suggests others, including limiting booting from network or
removable drives, better methods of putting a computer to sleep (perhaps
involving encrypting the portions of memory with the keys to the file
system), recomputing keys when they're needed to avoid keeping copies in
memory, and hardware changes such as tamperproof or encrypting RAM.

There is one irony here. One Princeton Ph.D. student, Joseph Calandrino, is
listed as having "performed this research while under appointment to the
Department of Homeland Security." Because this research lets them bypass
file-system encryption in some cases, police agencies are the most obvious
and immediate beneficiaries of this research.

As early as 1984, the FBI Laboratory began developing computer forensics
hardware. And we know from the Scarfo, Forrester-Alba, and Boucher cases how
intent federal police agencies are in trying to find ways to circumvent the
privacy that encryption provides. If the feds didn't know about these
techniques already--remember, they were years ahead of everyone else in
inventing public key cryptography--today will be a very good day for
Homeland Security.

Update 12:30pm: I've been asked whether encrypted swap was turned on in our
test to see if they could bypass FileVault. It was. But it actually doesn't
matter; remember, they're analyzing the contents of RAM, not the contents of
the hard drive.