[SecurityRatty] tag: filevault

Black Hat Talks Pulled After Industry Pressure

Wed, 06 Aug 2008 08:39:16 +0000

A few Apple-related talks scheduled for next week’s Black Hat conference have been cut from the line-up, presumably because they would reveal too much insider information about vulnerabilities.

Brian Krebs has the details–

Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks.

Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further.

Almost every year, much of the drama leading up to and during Black Hat seems to revolve around talks that are canceled or censored at the last minute for various legal reasons.

Read the full article here.

Full disk encryption for all!

Wed, 05 Mar 2008 07:32:00 +0000

To echo Bruce Schneier's comments, it's important to encrypt the data on your laptops. Yes, the laptops get stolen, they get lost and your private data is on them. So if you scramble up that data (using an encryption product), then you are somewhat insulating yourself from having that data stolen.

A new attack was introduced by Ed Felten and his band of merry Princeton grad students a week ago, which showed how to steal the encryption key and gain access to hard drive data, even if the data is encrypted. Let's just say, this is not an attack that most of you need to worry about. You are still much better off encrypting your data, than not encrypting your data.

I personally use the FileVault capability within Mac OS X. There are a bunch of 3rd party utilities, but FileVault works fine for me. I don't see any reason to make it harder than it needs to be.

Encryption defeated, still an advocate?

Fri, 22 Feb 2008 13:15:15 +0000

Technorati Tag: Encryption

Originally I was not going to write about this because it is not a breach (incident), but...

Yesterday, researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems released an eye-opening report labeled "Lest We Remember: Cold Boot Attacks on Encryption Keys" in which they "present a suite of attacks that exploit DRAM remanence [sic] effects to recover cryptographic keys held in memory".

OK. What does this mean to the non-geek? It means that there are now successful attacks against many encryption implementations, including those most commonly used on mobile devices (laptop, thumb drive, etc.). Here at The Breach Blog I have advocated the use of hard drive encryption in many posts and pointed out the fact that storing confidential information on unencrypted laptops is bad security and poor business. So, what does this all mean?

From Princeton University's Center for Information Technology Policy FAQs:

Q. What encryption software is vulnerable to these attacks?
A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.

Q. What can users do to protect themselves?
A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers’ physical security could be compromised. On most systems, locking the screen or switching to “suspend” or “hibernate” mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.)

Q. Isn’t your attack difficult to carry out? Don’t you need materials like liquid nitrogen?
A. We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.

And from "Lest We Remember: Cold Boot Attacks on Encryption Keys" Conclusion:
"There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."

[Evan] Well, if this ain't a shot to the gut! On the surface I am miffed by research that leaves me wondering what in the world am I supposed to do now? When I think about it more, I am extremely grateful for the work these people do and I'm not really surprised by the findings. People that have been in the information security field for a while, understand some of the concepts that (we think) make us effective in what we do. Nobody can rightfully claim that full disk encryption or any other single technology is the one that protects against everything. We are never 100% secure will all technologies, let alone one. Security is a holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now.

I am still an advocate for using full disk encryption (and encryption in general) as good information security practice. It is another essential cog in the bigger information security machine. Recognize the technology for what it is and understand that it's use does reduce risk when compared to the alternative of using clear-text. Obtaining the encryption keys is obviously very possible, but obtaining clear text information is completely trivial. Long-term this is a great problem to have. I have seen many, many good "out of the box" ideas being kicked around by information security professionals, debating possible solutions. It's the out of the box thinking that spurs creative solutions.

Other News Sources:
CNET.com News story
The New York Times story
SecurityFocus story
InformationWeek story

Disk encryption not enough?

Thu, 21 Feb 2008 14:14:00 +0000

Just saw this come off the wire - from news.com on how disk encryption from Bitlocker and Apple's FileVault has been circumvented by a few researchers. If this is as simple as they make it sound, this is a bit worrisome. However, I am not ready to buy this fully, till I understand this a bit more.

For one, I was under the impression that Bitlocker protected against booting via an alternative OS (especially a system with a TPM chip on it) because it can perform bootup integrity checks. The article seems to claim this is one of the ways in... Hmm, not so sure...

Further questions:
Is this attack valid for all authentication scenarios such as TPM+Pin?
How easy is it to scan the RAM on a locked system?

There was another article recently in eWeek that talked about FDE not being sufficient protection. I personally think that we need defense against multiple scenarios - not sure if the defense-in-depth term can be used, but seems to fit the best...

Looking forward to understanding this a bit more...

Cold Boot Attacks Against Disk Encryption

Thu, 21 Feb 2008 10:29:18 +0000

Nice piece of research:

We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.
[...]

The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of “canned air” dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 °C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power. Just put the chips back into a machine and you can read out their contents.

This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which “everybody knew” would cause the keys to be erased.

Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents. We show very effective methods for finding and extracting keys from memory, even if the contents of memory have faded somewhat (i.e., even if some bits of memory were flipped during the power-off interval). If the attacker is worried that memory will fade too quickly, he can chill the DRAM chips before cutting power.

There seems to be no easy fix for these problems. Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today’s Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module.

The paper is here; more info is here. Articles here.

There is a general security problem illustrated here: it is very difficult to secure data when the attacker has physical control of the machine the data is stored on. I talk about the general problem here, and it's a hard problem.