Friday, February 22, 2008

FVE: Full "Vulnerable" Encryption...

Ok, so Full Volume Encryption is something I need to ensure my data are safe right? Yes, but skip back to the first lessons your were taught in your crypto classes:

Once the data are encrypted, you must have?

A. A warm fuzzy feeling that you've done everything to protect your data - followed by a double latte
B. More than a modicum of concern about the physical security of the device that holds your encrypted data
C. Good key management practices including backup copies that are physically secured against theft and destruction and access control to the working keys
D. A tinfoil hat, because you are already reading this blog

Answers to follow

In a recent video on the Center for Information Technology Policy site for Princeton University, I saw an example of how BitLocker can be "Bit Unlocked." BitLocker is an underlying FVE engine offered with some flavors of Windows Vista. In the video, the narrator explains, with video evidence, how an attacker could read the encryption keys from RAM even after the the machine was placed in a sleep/hibernate mode and or turned off. Therefore, it is feasible that if your laptop is stolen while running, sleeping or after having just been turned off - your encrypted data are still at risk. So, you need B - more than a modicum of concern about the physical security of your computer. Not using Vista - don't feel too comfortable as the narrator also claims that similar harvesting techniques work against Apple's Filevault, Linux's DMCrypt and could be possible against TrueCrypt.

So, you also need C, good key management practices...In this case, the FVE engines are using RAM to hold the keys for inline use as the computer runs. While this is completely necessary for the system to be able to encrypt and decrypt files, it presents a problem in that the keys are in plain text within the memory. Without a wholesale rewrite of the software to clear memory pages and or provide some transform for the keys there's not much that can be done to prevent this condition. There are configuration options and human actions that can prevent this type of attack. For example, to thwart the attack on BitLocker, one can simply set up Vista to boot to the loader requiring the pass-phrase that was assigned when the volume was encrypted - and then shut the computer down when you are done with it not letting it out of site for at least a few minutes. The downside, if you can call it that, is that boot-ups take longer.

But I have a TPM chip...and I am thirsty for that double latte. Not so fast, according to the accompanying article:

"Trusted Computing hardware, in the form of Trusted Platform Modules (TPMs) [22] is now deployed in some personal computers. Though useful against some attacks, today’s Trusted Computing hardware does not appear to prevent the attacks we describe here.

Deployed TCG TPMs do not implement bulk encryption. Instead, they monitor boot history in order to decide (or help other machines decide) whether it is safe to store a key in RAM. If a software module wants to use a key, it can arrange that the usable form of that key will not be stored in RAM unless the boot process has gone as expected [31]. However, once the key is stored in RAM, it is subject to our attacks. TPMs can prevent a key from being loaded into memory for use, but they cannot prevent it from being captured once it is in memory."
In the end, this is a fairly advanced technique, that in time, I'm sure will become publicly available. Recommended countermeasures include setting the memory in epoxy, using security screws and locks for computer cases to limit physical access to the RAM and even re-engineering the RAM itself to forget faster. Today, however, I'd recommend that you think about these guidelines:
  1. Never let an application remember your password/passphrase
  2. Always shut your computer down when your are done using it if you are in a non-physically secured area
  3. Never set encrypted volumes to auto-mount

No comments: