1 / 38

Lest We Remember Cold-Boot Attacks Against Disk Encryption

Lest We Remember Cold-Boot Attacks Against Disk Encryption. J. Alex Halderman , Seth D. Schoen, Nadia Heninger , William Clarkson, William Paul, Joseph A. Calandrino , Ariel J. Feldman, Jacob Appelbaum , Edward W. Felten. How Safe is a Stolen Laptop?. Unlocked Unencrypted No protection.

deirdre-lane
Download Presentation

Lest We Remember Cold-Boot Attacks Against Disk Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lest We RememberCold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, Edward W. Felten

  2. How Safe is a Stolen Laptop? UnlockedUnencrypted No protection LockedUnencrypted Minimal protection Locked Encrypted Industry best practice

  3. How Safe is a Stolen Laptop? In 2007: 119,000 encrypted laptops with sensitive data lost at major US airports Locked Encrypted Industry best practice Were they really protected?

  4. Disk Encryption Defense Password: ******** File System On-the-Fly Crypto Disk Drivers

  5. Attack Scenarios “Sleep” Suspend-to-RAM “Hibernate” Suspend-to-Disk Screen Locked

  6. Common Attack Scenario Security Assumptions The encryption is strong The OS protects the key in RAM …the attacker might reboot to circumvent the OS, but since RAM is volatile, the key will be lost… Right…?

  7. Dynamic RAM Volatility DRAM Cell(Capacitor) Security Assumptions:Data fades almost instantaneously without refreshAny residual data is difficult to recover 0 1 1 0 Write “1” Refresh(Read and rewrite) Refresh Interval ≈ 32 ms What if we don’t refresh?

  8. Decay After Cutting Power 5 secs 30 secs 60 secs 300 secs

  9. DRAM Remanence Decay After Cutting Power 5 secs 30 secs 60 secs 300 secs DRAM data disappears almost instantaneously without refresh Gradual Unidirectional Predictable

  10. Capturing Residual Data Any residual data is difficult to recover Residual data can be captured easily, with no special equipment ComplicationBooting full OS overwrites large areas of RAM SolutionBoot a small low-level program to write out (dump) memory content Implementations PXE Dump(9 KB) EFI Dump(10 KB) USB Dump(22 KB)

  11. Delivering the Attack

  12. Basic Cold-Boot Attack Screen-locked machine(if hibernating/sleeping,just wake it up!) DumpingRAM…

  13. What if the BIOS clears RAM? !!! BIOS:ClearingRAM… Common in machines that support ECC RAM

  14. Advanced Cold-Boot Attack DumpingRAM… Victim’s Computer Attacker’s Computer

  15. Slowing Decay By Cooling -50°C < 0.2% decay after 1 minute

  16. Even Cooler -196°C Liquid Nitrogen < 0.17% decay after 1 hour Not necessary in practice

  17. Dealing with Bit Errors Some bit errors inevitable, especially without cooling(increasing with memory density) Given corrupted K’, find K: Brute-force search over low Hamming distance to K’e.g. 256-bit key with 10% error: > 256 guesses (too slow!) Most programs storeprecomputed derivatives of K(e.g. key schedules) These derivatives contain redundancy; we can treat them as error correcting codes Naïve Approach Insight

  18. Correcting Bit Errors in DES Key schedule contains ~14 redundant copies of each bit from the key 0100000010000100 ~20% error 0 0000000000000000

  19. AES Key Schedule 128-bit key K  10 more 128-bit keys for cipher rounds  Round 0 key (K)    Core Round 1 key … … Round 10 key Byte

  20. Correcting Bit Errors in AES Key schedule recovered from memory (contains errors)  Round 0 key (K)    Core Round 1 key • Slices: 4 bytes in Round 0 determine 3 bytes in Round 1 2. Enumerate 232 possibilities for each 7 byte slice 3. Eliminate values unlikely to have decayed to observed bytes (excludes vast majority)

  21. Correcting Bit Errors in AES Key schedule recovered from memory (contains errors)  Round 0 key (K)    Core Round 1 key 4. Repeat for each of the 4 slices 5. Combine possible slice values into candidate keys 6. Test candidates keys by expanding them into full key schedules – compare to recovered memory

  22. Recovering Other Keys AES, DES (key schedules) LRW tweak keys (multiplication tables) RSA private keys (primes P and Q) Efficiency vs. Security

  23. Finding Keys Previous Methods • Entropy methods But, most high entropy data isn’t key material • Looking for data structure But, need to know internal details about software Our Method • Focuses on key schedules Precise and fully automatic, even with decay Doesn’t require analysis of target program

  24. Finding AES Key Schedules Iterate through each byte of memory – 1. Treat following region as an AES key schedule 2. For each word in the “schedule”: Calculate correct value, assuming other bytes correct Take Hamming distance to observed value 3. If total distance is low, output the key

  25. Steps of Cold-Boot Attack • Extract memory • Locate keys in memory • Reconstruct decayed keys • Decrypt hard drive

  26. Demonstrated Attacks Windows BitLocker Mac OS FileVault Linux dm-crypt Linux LoopAES TrueCrypt

  27. “BitLocker, Meet BitUnlocker” Demonstration of fully automated attack: Connect USB drive, reboot, and browse files

  28. Countermeasures No Magic Bullet Possible Mitigations • Encrypt key in memory when screen-locked • Avoid precomputation • Fully encrypted memory • Trusted Platform Module (TPM)

  29. Encrypt Memory During Sleep When entering screen-lock/hibernate/sleep: • Encrypt RAM with user’s password When awakened: • Require user’s password to decrypt RAM Minor behavioral changes Zzzz….

  30. Avoid Precomputation This makes recovery harder, but: • Hurts performance (Having key schedule speeds computation) • Attacker can reduce the incidence of errors • Alternative recovery schemes may perform well without this data

  31. Encrypted Memory Memory encrypted with key • Randomly chosen at boot On cache read/write • Data encrypted/decrypted when written/read CPU reset clears key

  32. TPM? Current TPMs may help attacker Windows BitLocker in Basic Mode • On boot, OS loads key from TPM into RAM (No Password) • Vulnerable to cold-boot attack (Even if completely off) Future TPMs may help • Need bulk encryption

  33. Key Points Characterization of DRAM remanence Cold-boot attacks on encryption keys Automatic key finding and recovery Compromises of popular disk encryption tools Discussion of remedies and their limitations

  34. Take Aways • DRAM decays in seconds without refresh, not milliseconds • This is slow enough to allow data recovery, given physical access • Software has no safe place to store a key • Mitigation requires compromises

  35. Lest We RememberCold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, Edward W. Felten For videos and source code, visitj.alexhalderman.com

More Related