Tuomas AuraT-110.4206 Information security technology

Encrypting stored data

Outline

1. Scenarios

2. File encryption

3. Encrypting file system

4. Full disk encryption

5. Data recovery

Simple applications of cryptography

Good examples of how difficult it is a build secure systems

[Parts based on Microsoft material]

2

SCENARIOS

Lost and stolen laptops Laptops are easily lost and stolen

– airports, taxis, hotel rooms, restaurants, underground, national parks,...

Laptops contain confidential data:– business secrets– confidential client data– databases with customer personal information that

may enable ID theft – personal online banking information and passwords

Laptops enable access to corporate intranets– automatic email and calendar access– gets though network access control

4

Stolen and physically compromised servers

Expensive server hardware is attractive to thieves

– Theft is not common but potential damage is high

– Underground market for personal data, social security numbers, credit card numbers, etc.

Unauthorized insiders can physically compromise server machines

– Employees often have physical access to server

– Physical access gives attacker full control over the machine and data on its disks

– Can reboot to Linux from a CD / USB stick and use hacker tools to access raw data on disk

5

In the news Heathrow airport in London auctioned average 120

unclaimed laptops each month. * A Chicago taxi company collected 4,425 laptops in

2005. * University of California laptop with the data of 98,000

Berkeley graduates stolen in 2005. * Fidelity Investments laptop with data of 196,000 HP

employees stolen in 2006. * George Mason University server containing PII of

30,000 students and employees stolen in 2005. U.S. Dept. of Veteran’s Affairs lost hard drive containing

personal information of 48000 veterans in 2007. * See also http://breachalerts.trustedid.com/

Decommissioning hard disks

Second-hand hard disks have been found to contain confidential data– MIT study in 2003: only 10% of second-hand hard

disks were properly sanitized *

Secure decommissioning is expensive– How to erase magnetic media, solid-state drives?

Recycling of used computer hardware is a low-margin business: no time for secure disk wipe

Old PCs from the US are shipped to China for recycling

7

Cost of information loss

Financial loss

Legal and regulatory compliance

– SOX, HIPAA, GLBA

– FSA in UK fined Nationwide £980,000 for a stolen laptop that contained data on 11M customers *

Image and credibility

Organized crime ensures effective dissemination and use of the information among criminals

– See e.g. Team Cymru: “The underground economy: priceless” *

Data encryption Scenarios:

– lost and stolen laptop computers– stolen servers– decommissioning hard disks

All can lead to disclosure of confidential data on hard disks

The obvious computer security solution: encrypt data on disk

But computer security is never quite so simple:– Security often conflicts with usability– Security often conflicts with reliability; plan for data recovery is

needed– System design mistakes or programming errors could compromise

data

9

FILE ENCRYPTION

Simple file encryption1. User enters

passphrase2. Passphrase hashed

with a cryptographic hash functionto produce a key

3. File encrypted with the key

E.g. EAS in CBC mode Decryption with

the same key Examples:

crypt(1), GPG

11

11**********

****

22

SHA-1

d70f3619a209b15

Our plan is.…33

% gpg --output ciphertext.gpg --symmetric plaintext.docEnter passphrase:

Limitations of file encryption

Encrypting a file normally creates an encrypted copy; what happens to the old plaintext file?– No guarantee that the plaintext is not left on the disk

Word processors and other software create temporary files and backup copies– Unencrypted versions and fragments of the file may

be left in locations that the user does not even know about

There are tools for deleting temporary files and for wiping free disk space, but none is completely reliable

Wiping files Deleting a file simply marks the space free but does

not erase the contents– Raw data is still on the disk and can be read

Overwriting a file may erase the old contents but no guarantee– File system may organize data in unexpected ways:

backups, revision control, copy on write, journal, etc.

Wiping all empty disk space by overwriting– Deletes a lot of data but also no guarantee– Disk drive behavior is not always controllable by the file

system driver: bad blocks, write buffers in SSD

Magnetic data remanence: magnetic medium may retain traces of previous contents even after overwritten

13

ENCRYPTING FILE SYSTEM

Windows encrypting file system (EFS)

Encryption is a file attribute

Can enable encryption for all files in a folder new files encrypted

Files are readable only when the user is logged in

Encryption and decryption transparent to applications

Similar products existfor Unix but none in wire use

15

EFS key management

1. User logs in, enters password

2. Hashed to produce key (PUAPEK)

3. Used to decrypt User’s Master Key

4. Used to decrypt User’s Private EFS Key

5. Used to decrypt File Encryption Key (FEK)

6. Used to encrypt on write and decrypt on read

11

22

SHA-1

d70f3619a209b15

Our plan is.…

66

User

name:

Windows

Password:

Log on to:

Username

*********

Domain

OK Cancel Shut Down... Options <<

33

44

PUAPEK

User’s DPAPIMaster Key

User’s PrivateEFS Key

55 FEK

Profile

Profile

$EFS alternate

data stream

EncryptedFile

16

Plaintextfile

RSA

AES or 3DES

EFS limitations Encrypts contents of specific files User password or smartcard needed for decryption

– System has no access to encrypted files unless user logs in– Cannot index files offline without the password– Backups contain encrypted files, not the plaintext

When encrypting plaintext files, the original file is not wiped, just deleted; the data remains on the disk– User must remember to create the file in an encrypted folder

Transparent decryption– e.g. when copying to a file share over network or to a FAT partition

Data that is not encrypted:– folder and file names– temp files, earlier unencrypted versions, printer spool– registry, system files and logs, (usually) page file

Hibernation file may contain decryption keys

17

EFS and password cracking EFS security depends on the secrecy of user password Password hashes are stored in a database on the disk Password are vulnerable to brute-force attacks

– NT hash and older LM hash use no salt and are therefore especially vulnerable.

– Rainbow tables (Hellman90, Oechslin03)

Attacker can boot to another OS, extract the password hashes from the disk, and crack the user password

Notes: – Just resetting user or admin password will not recover

encrypted data on a stolen laptop– Physical access allows attacker to install a root kit, log

passwords, etc.

Password cracking in practice Security accounts management database (SAM) in Registry stores

cryptographic hashes of user passwords SAM is encrypted with a locally stored system key (SYSKEY)

– SYSKEY is obfuscated in Registry but possible to find

Breaking EFS: 1. Boot from a CD or USB drive, mount the main disk2. Find SYSKEY, read SAM, and decrypt password hashes3. Crack user or local admin password (requires a brute-force search)4. Use the password to decrypt user master key and so on…

Example of tools for Windows XP:– BackTrack is a Linux boot disk with hacker tools (backtrack-linux.org);

bkhive recovers syskey; samdump2 extracts the password hashes– Rainbow Tables and SAMInside are examples of commercial password

crackers (rainbowtables.net, insidepro.com)

Trojans, root kits etc.

EFS data is vulnerable to Trojans, viruses and key loggers

Attacker with access to hardware can compromise OS and install a root kit

Note that these are different problems than laptop theft and loss

– Stolen laptops are usually not returned to owner after they are compromised

EFS summary

Encrypts single files and folders; leaves a lot of information unencrypted

Requires care from user– User must understand what is encrypted and what

else happens to the data

– User must backup keys or risk data loss

System cannot access encrypted files for admin tasks like backup and indexing

Hibernation breaks the security

Apart from hibernation, EFS would be pretty good for encrypting all files on a data disk (D:)

21

FULL DISK ENCRYPTION

22

Full disk encryption Entire disk encrypted:

– Protects all information on disk– Easier to use correctly than EFS

Products are available from various hardware and software vendors including hard disk manufacturers

Password, key or physical token required to boot or to mount disk, thereafter transparent– Usability and reliability issues– No unsupervised reboot or wakeup

In software-based products:– Password must be strong enough to resist brute-force guessing– Hibernation is problem

need a hardware solution

23

Trusted platform module

Trusted hardware enables some things that otherwise would be impossible

Trusted platform module (TPM) is a smart-like module on the computer motherboard

– Holds crypto keys and platform measurements in platform configuration registers (PCR)

Useful TPM operations:

– TMP_Seal: encrypt data — in any platform configuration

– TPM_Unseal: decrypt the data, but only if the platform configuration is the same as when sealing

Windows BitLocker

25

Full-volume encryption in Windows– Uses TPM for key management– Optional PIN input and/or USB dongle at boot time– System volume must be NTFS, data disks can also be FAT

Sealing the entire system partition:– Encrypt data with a symmetric key– Seal the key; store sealed key on disk; unseal when booting

TPM will check the OS integrity before unsealing the key– Can boot to another OS but then cannot unseal the

Windows partition cannot bypass OS access controls– For a stolen laptop, forces the thief to hardware attack

against TPM

BitLocker partitions

EncryptedWindows partition

Boot partition

Windows partition contains:

Volume metadata with MAC

Encrypted OS

Encrypted page file

Encrypted temp files

Encrypted data

Encrypted hibernation file

Boot partition contains: MBROS loaderBoot utilities

1.5 GB

Bitlocker keys

Storage Root Key (SRK) inside TPM1

4

2 Volume Master Key (VMK)

3Full Volume Encryption Key (FVEK)

Plaintext data

and bring

milk …

Separate VMK/FVEK adds flexibility — how?

Encrypted keys in

volume metadata

Algorithms and key sizes Storage root key (SRK) is a 2048-bit RSA key

Volume master key (VMK) is a 256-bit symmetric key

Full volume encrypt key (FVEK) is a 128- or 256-bit symmetric key

The disk in encrypted with AES-CBC– Initialization vector (IV) derived from sector number

No integrity check – MAC would cause data length to expand

Disk sectors are pre-processed with a proprietary diffuser– Makes attacks against integrity more difficult; the whole

sector is encrypted as if one cipher block (512..8192 bytes)

Software authentication with TPM Measuring platform configuration:

– Module n computes hash of module n+1 and extends the hash into a platform configuration register (PCR) in TPM

– Module n transfers control to module n+1

At any point, PCRs contain a cumulative fingerprint (hashes) of all software loaded up to that point

Sealing and unsealing data:– TPM binds selected PCR values to the sealed secrets– TPM unseals secrets only if these PCR values have not

changed– If attacker tampers with the OS, the OS cannot unseal the

data

Originally a DRM feature:– Decrypt music only for untampered OS and media player

29

Secure boot with TPM

CRTMCRTM

Boot managerBoot manager

NTFS boot blockNTFS boot block

NTFS boot sectorNTFS boot sector

MBRMBR

BIOSBIOS

measure and load

Static OS Dynamic OSPre-OS

PCRson TPM

decrypt,verify signatureand load

load volume metadata,

unseal VMK,verify MAC1

on metadata,decrypt FVEK

1MAC keyed with VMK. 2Different loaders for boot, resume etc.

WindowsWindows

OS loaderOS loader2

Which PCR values are used? *PCR 00: CRTM, BIOS and Platform Extensions(PCR 01: Platform and Motherboard Configuration and Data)

*PCR 02: Option ROM Code(PCR 03: Option ROM Configuration and Data)

*PCR 04: Master Boot Record (MBR) Code(PCR 05: Master Boot Record (MBR) Partition Table)(PCR 06: State Transitions and Wake Events)(PCR 07: Computer-Manufacturer Specific)

*PCR 08: NTFS Boot Sector*PCR 09: NTFS Boot Block*PCR 10: Boot Manager*PCR 11: BitLocker Critical Components

If any of the *orange values has changed, the decryption key will not be unlocked and a recovery password is needed

BitLocker keys will be unlocked during OS upgrade

BitLocker modes TPM only:

– Unsupervised boot (VMK unsealed if the PCR values correct)– Attacker can boot stolen laptop but not log in security depends on OS access controls

– New, very attractive mode of operation enabled by TPM — but see next slide!

TPM and PIN: – TPM requires a PIN during the secure boot– TMP will be locked after a small number of incorrect PINs– Attacker must break the TPM hardware

TPM (and PIN) and USB dongle: – Secure boot and strong keys on a physical token high security

USB dongle without TPM– Traditional software-based full-disk encryption; no secure boot

32

Secure path issues

Attacker who can modify or replace the computer could spoof the PIN input, e.g. by replacing the BIOS, and capture the PIN

– Similarly, can capture the keys on the USB dongle

This requires the attacker to have access to the computer twice: first to install the Trojan, then to use the captured PIN

– Inside attacker, e.g. IT support

– Not a problem for lost and stolen laptops and disks

33

Cold boot attack Laptop memory is designed for low power consumption slow

refresh rate data stays in memory for seconds after power loss Data remanence in DRAM:

– Pull out memory from a running computer and plug it into a reader– Some bits will be random but some will retain their values still

helps to recover crypto keys– Use cold spray or liquid nitrogen to reduce data loss

Cold boot attack:– Reboot into minimal hacker OS from USB stick or CD– Memory power lost only for a fraction of a second during reboot memory contents almost unchanged

Lessons:– Breaks full-disk encryption if attacker has access to the running

computer– Sleeping laptop = running laptop most laptops vulnerable– Breaks BitLocker in TPM-only mode even if it is powered down– OS access controls, e.g. screen lock, do not stop a physical attacker

34

DATA REVOCERY

Data recovery

If the decryption key is lost, encrypted files will be lost

– EFS:

password reset tools, profile cleaning tools deleting private keys

– BitLocker:

installing Linux boot loader, replacing the motherboard, TPM boot PIN forgotten or mistyped, moving disk to another computer

good idea to backup keys

Data recovery in EFS Administrator or Group Policy can define a data recovery

agent (DRA)– FEK encrypted also with DRA public key – In a domain, Domain Admin is the default DRA

Standalone machine has no default DRA– Backup user private key by exporting the user’s EFS certificate

(including the private key)– Local Admin can configure a DRA on the local machine (see

cipher.exe)

Questions:– In Win 2000, local Admin was the default DRA; why was this not

a good idea?– Local Admin cannot read other users’ encrypted files because

the user password is needed to decrypt them; how can the Admin get around this?

37

Data recovery in EFS File encryption key (FEK) is encrypted with one or more

recovery agents’ public keys– The same mechanism is used for sharing encrypted files

between users

d70f3619a209b15

Fileattribute

Our plan is.…

User’s PrivateEFS Key

FEK

38

EncryptedFile

Our plan is.…

FEK

Recovery Agent’s Private EFS Key

Plaintextfile

Plaintextfile

Data recovery in BitLocker Recovery password:

– User can print a 48-digit recovery password or store it on a USB stick, CD or remote disk; it is actually a 128-bit key

– BitLocker encrypts the VMK with the recovery password and stores it with the volume metadata (in the same way as the TMP-sealed VMK)

– Multiple backups of volume metadata are stored in the volume

Organizational recovery policy:– Windows Domain Admin can require the recovery

password or keys to be uploaded to the Active Directory

Installing another OS for dual boot will trigger recovery– User can accept the new boot configuration after entering

the recovery password

Exercises What secure methods are there for erasing

– magnetic hard drives and tapes– USB stick or solid-state drives– paper documents

How to delete a specific file from a computer without erasing the whole disk?

What security properties does GPG file encryption EFS provide that full-disk encryption does not?

Why do EFS and BitLocker have so many levels of keys? Are some unnecessary?

Compare the security of software-based full-disk encryption and the TPM approach against brute-force password guessing

How to mitigate the risk of cold-boot attacks (both against BitLocker and more generally)?

Transparent operation improves usability of data encryption, but are there risks associated with the transparency?

40

Related reading

Online:

– Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys.http://citp.princeton.edu/memory/

Stallings and Brown: Computer security, principles and practice, 2008, chapter 10.5

41