Encrypting stored data

Encrypting stored data
Tuomas Aura
T-110.4206 Information security technology
Outline
1.
2.
3.
4.
5.
Scenarios
File encryption
Encrypting file system
Full disk encryption
Data recovery
 Simple applications of cryptography
 Good examples of how difficult it is a build secure systems
[Parts based on Microsoft material]
2
SCENARIOS
Lost and stolen laptops
 Laptops are easily lost and stolen
– airports, taxis, hotel rooms, restaurants, underground,
national parks,...
 Laptops contain confidential data:
– business secrets
– confidential client data
– databases with customer personal information that
may enable ID theft
– personal online banking information and passwords
 Laptops enable access to corporate intranets
– automatic email and calendar access
– gets though network access control
4
Stolen and physically compromised servers
 Expensive server hardware is attractive to thieves
– Theft is not common but potential damage is high
– Underground market for personal data, social security
numbers, credit card numbers, etc.
 Unauthorized insiders can physically compromise
server machines
– Employees often have physical access to server
– Physical access gives attacker full control over the
machine and data on its disks
– Can reboot to Linux from a CD / USB stick and use
hacker tools to access raw data on disk
5
In the news
 Heathrow airport in London auctioned average 120
unclaimed laptops each month. *
 A Chicago taxi company collected 4,425 laptops in
2005. *
 University of California laptop with the data of 98,000
Berkeley graduates stolen in 2005. *
 Fidelity Investments laptop with data of 196,000 HP
employees stolen in 2006. *
 George Mason University server containing PII of
30,000 students and employees stolen in 2005.
 U.S. Dept. of Veteran’s Affairs lost hard drive containing
personal information of 48000 veterans in 2007. *
 See also http://breachalerts.trustedid.com/
Decommissioning hard disks
 Second-hand hard disks have been found to
contain confidential data
– MIT study in 2003: only 10% of second-hand hard
disks were properly sanitized *
 Secure decommissioning is expensive
– How to erase magnetic media, solid-state drives?
 Recycling of used computer hardware is a lowmargin business: no time for secure disk wipe
 Old PCs from the US are shipped to China for
recycling
7
Cost of information loss
 Financial loss
 Legal and regulatory compliance
– SOX, HIPAA, GLBA
– FSA in UK fined Nationwide £980,000 for a stolen
laptop that contained data on 11M customers *
 Image and credibility
 Organized crime ensures effective dissemination
and use of the information among criminals
– See e.g. Team Cymru: “The underground economy:
priceless” *
Data encryption
 Scenarios:
– lost and stolen laptop computers
– stolen servers
– decommissioning hard disks
 All can lead to disclosure of confidential data on
hard disks
 The obvious computer security solution:
encrypt data on disk
 But computer security is never quite so simple:
– Security often conflicts with usability
– Security often conflicts with reliability; plan for data recovery is
needed
– System design mistakes or programming errors could compromise
data
9
FILE ENCRYPTION
Simple file encryption
1.
2.
3.



User enters
passphrase
Passphrase hashed
with a cryptographic
hash function
to produce a key
File encrypted
with the key
E.g. EAS in CBC mode
Decryption with
the same key
Examples:
crypt(1), GPG
1
*****
**
SHA-1
2
d70f3
619a2
09b15
3
Our
plan
is.…
% gpg --output ciphertext.gpg --symmetric plaintext.doc
Enter passphrase:
11
Limitations of file encryption
 Encrypting a file normally creates an encrypted
copy; what happens to the old plaintext file?
– No guarantee that the plaintext is not left on the disk
 Word processors and other software create
temporary files and backup copies
– Unencrypted versions and fragments of the file may
be left in locations that the user does not even know
about
 There are tools for deleting temporary files and
for wiping free disk space, but none is completely
reliable
Wiping files
 Deleting a file simply marks the space free but does
not erase the contents
– Raw data is still on the disk and can be read
 Overwriting a file may erase the old contents but no
guarantee
– File system may organize data in unexpected ways:
backups, revision control, copy on write, journal, etc.
 Wiping all empty disk space by overwriting
– Deletes a lot of data but also no guarantee
– Disk drive behavior is not always controllable by the file
system driver: bad blocks, write buffers in SSD
 Magnetic data remanence: magnetic medium may
retain traces of previous contents even after
overwritten
13
ENCRYPTING FILE SYSTEM
Windows encrypting file system (EFS)
 Encryption is a file
attribute
 Can enable encryption
for all files in a folder
 new files encrypted
 Files are readable only
when the user is
logged in
 Encryption and
decryption transparent
to applications
 Similar products exist
for Unix but none in
wire use

15
EFS key
management
1.
2.
3.
4.
5.
6.
User logs in,
enters password
Hashed to
produce key
(PUAPEK)
Used to decrypt
User’s Master
Key
Used to decrypt
User’s Private
EFS Key
Used to decrypt
File Encryption
Key (FEK)
Used to encrypt
on write and
decrypt on read
1
Windows
User
name:
Password:
Log on to:
OK
Username
*********
Domain
Cancel
Shut Down...
Options <<
SHA-1
2 PUAPEK
User’s DPAPI
3 Master Key
Profile
User’s Private
4 EFS Key
Profile
RSA
$EFS
alternate
data stream
5 FEK
6
Encrypted
File
d70f3
619a2
09b15
AES or 3DES
Plaintext
file
Our
plan
is.…
16
EFS limitations
 Encrypts contents of specific files
 User password or smartcard needed for decryption
– System has no access to encrypted files unless user logs in
– Cannot index files offline without the password
– Backups contain encrypted files, not the plaintext
 When encrypting plaintext files, the original file is not wiped, just
deleted; the data remains on the disk
– User must remember to create the file in an encrypted folder
 Transparent decryption
– e.g. when copying to a file share over network or to a FAT partition
 Data that is not encrypted:
– folder and file names
– temp files, earlier unencrypted versions, printer spool
– registry, system files and logs, (usually) page file
 Hibernation file may contain decryption keys
17
EFS and password cracking
 EFS security depends on the secrecy of user password
 Password hashes are stored in a database on the disk
 Password are vulnerable to brute-force attacks
– NT hash and older LM hash use no salt and are therefore
especially vulnerable.
– Rainbow tables (Hellman90, Oechslin03)
 Attacker can boot to another OS, extract the password
hashes from the disk, and crack the user password
 Notes:
– Just resetting user or admin password will not recover
encrypted data on a stolen laptop
– Physical access allows attacker to install a root kit, log
passwords, etc.
Password cracking in practice
 Security accounts management database (SAM) in Registry stores
cryptographic hashes of user passwords
 SAM is encrypted with a locally stored system key (SYSKEY)
– SYSKEY is obfuscated in Registry but possible to find
 Breaking EFS:
1.
2.
3.
4.
Boot from a CD or USB drive, mount the main disk
Find SYSKEY, read SAM, and decrypt password hashes
Crack user or local admin password (requires a brute-force search)
Use the password to decrypt user master key and so on…
 Example of tools for Windows XP:
– BackTrack is a Linux boot disk with hacker tools (backtrack-linux.org);
bkhive recovers syskey; samdump2 extracts the password hashes
– Rainbow Tables and SAMInside are examples of commercial password
crackers (rainbowtables.net, insidepro.com)
Trojans, root kits etc.
 EFS data is vulnerable to Trojans, viruses and
key loggers
 Attacker with access to hardware can
compromise OS and install a root kit
 Note that these are different problems than
laptop theft and loss
– Stolen laptops are usually not returned to owner
after they are compromised
EFS summary
 Encrypts single files and folders; leaves a lot of
information unencrypted
 Requires care from user
– User must understand what is encrypted and what
else happens to the data
– User must backup keys or risk data loss
 System cannot access encrypted files for admin
tasks like backup and indexing
 Hibernation breaks the security
 Apart from hibernation, EFS would be pretty
good for encrypting all files on a data disk (D:)
21
FULL DISK ENCRYPTION
22
Full disk encryption
 Entire disk encrypted:
– Protects all information on disk
– Easier to use correctly than EFS
 Products are available from various hardware and software
vendors including hard disk manufacturers
 Password, key or physical token required to boot or to
mount disk, thereafter transparent
– Usability and reliability issues
– No unsupervised reboot or wakeup
 In software-based products:
– Password must be strong enough to resist brute-force guessing
– Hibernation is problem
 need a hardware solution
23
Trusted platform module
 Trusted hardware enables some things that
otherwise would be impossible
 Trusted platform module (TPM) is a smart-like
module on the computer motherboard
– Holds crypto keys and platform measurements in
platform configuration registers (PCR)
 Useful TPM operations:
– TMP_Seal: encrypt data — in any platform
configuration
– TPM_Unseal: decrypt the data, but only if the
platform configuration is the same as when sealing
Windows BitLocker
 Full-volume encryption in Windows
– Uses TPM for key management
– Optional PIN input and/or USB dongle at boot time
– System volume must be NTFS, data disks can also be FAT
 Sealing the entire system partition:
– Encrypt data with a symmetric key
– Seal the key; store sealed key on disk; unseal when booting
 TPM will check the OS integrity before unsealing the
key
– Can boot to another OS but then cannot unseal the
Windows partition  cannot bypass OS access controls
– For a stolen laptop, forces the thief to hardware attack
against TPM
25
BitLocker partitions
Windows partition contains:
Volume metadata with MAC
Encrypted OS
Encrypted page file
Encrypted temp files
Encrypted data
Encrypted hibernation file
Encrypted
Windows
partition
1.5 GB
Boot partition
Boot partition contains:
MBR
OS loader
Boot utilities
Bitlocker keys
1 Storage Root Key (SRK) inside TPM
2 Volume Master Key (VMK)
Encrypted
keys in
volume
metadata
Full Volume
3 Encryption Key (FVEK)
4
Plaintext
data
and
bring
milk …
Separate VMK/FVEK adds flexibility — how?
Algorithms and key sizes
 Storage root key (SRK) is a 2048-bit RSA key
 Volume master key (VMK) is a 256-bit symmetric key
 Full volume encrypt key (FVEK) is a 128- or 256-bit
symmetric key
 The disk in encrypted with AES-CBC
– Initialization vector (IV) derived from sector number
 No integrity check
– MAC would cause data length to expand
 Disk sectors are pre-processed with a proprietary
diffuser
– Makes attacks against integrity more difficult; the whole
sector is encrypted as if one cipher block (512..8192 bytes)
Software authentication with TPM
 Measuring platform configuration:
– Module n computes hash of module n+1 and extends the
hash into a platform configuration register (PCR) in TPM
– Module n transfers control to module n+1
 At any point, PCRs contain a cumulative fingerprint
(hashes) of all software loaded up to that point
 Sealing and unsealing data:
– TPM binds selected PCR values to the sealed secrets
– TPM unseals secrets only if these PCR values have not
changed
– If attacker tampers with the OS, the OS cannot unseal the
data
 Originally a DRM feature:
– Decrypt music only for untampered OS and media player
29
Secure boot with TPM
Pre-OS
Static OS
measure
and load
CRTM
Dynamic OS
load volume
metadata,
unseal VMK,
verify MAC1
on metadata,
decrypt FVEK
BIOS
MBR
NTFS boot sector
NTFS boot block
Boot manager
decrypt,
verify signature
and load
OS loader2
PCRs
on TPM
Windows
1MAC
keyed with VMK. 2Different loaders for boot, resume etc.
Which PCR values are used?
*PCR 00: CRTM, BIOS and Platform Extensions
(PCR 01: Platform and Motherboard Configuration and Data)
*PCR 02: Option ROM Code
(PCR 03: Option ROM Configuration and Data)
*PCR 04: Master Boot Record (MBR) Code
(PCR 05: Master Boot Record (MBR) Partition Table)
(PCR 06: State Transitions and Wake Events)
(PCR 07: Computer-Manufacturer Specific)
*PCR 08: NTFS Boot Sector
*PCR 09: NTFS Boot Block
*PCR 10: Boot Manager
*PCR 11: BitLocker Critical Components
 If any of the *orange values has changed, the decryption key will not
be unlocked and a recovery password is needed
 BitLocker keys will be unlocked during OS upgrade
BitLocker modes
 TPM only:
– Unsupervised boot (VMK unsealed if the PCR values correct)
– Attacker can boot stolen laptop but not log in
 security depends on OS access controls
– New, very attractive mode of operation enabled by TPM
— but see next slide!
 TPM and PIN:
– TPM requires a PIN during the secure boot
– TMP will be locked after a small number of incorrect PINs
– Attacker must break the TPM hardware
 TPM (and PIN) and USB dongle:
– Secure boot and strong keys on a physical token
 high security
 USB dongle without TPM
– Traditional software-based full-disk encryption; no secure boot
32
Secure path issues
 Attacker who can modify or replace the
computer could spoof the PIN input, e.g. by
replacing the BIOS, and capture the PIN
– Similarly, can capture the keys on the USB dongle
 This requires the attacker to have access to
the computer twice: first to install the Trojan,
then to use the captured PIN
– Inside attacker, e.g. IT support
– Not a problem for lost and stolen laptops and
disks
33
Cold boot attack
 Laptop memory is designed for low power consumption  slow
refresh rate  data stays in memory for seconds after power loss
 Data remanence in DRAM:
– Pull out memory from a running computer and plug it into a reader
– Some bits will be random but some will retain their values  still
helps to recover crypto keys
– Use cold spray or liquid nitrogen to reduce data loss
 Cold boot attack:
– Reboot into minimal hacker OS from USB stick or CD
– Memory power lost only for a fraction of a second during reboot
 memory contents almost unchanged
 Lessons:
– Breaks full-disk encryption if attacker has access to the running
computer
– Sleeping laptop = running laptop  most laptops vulnerable
– Breaks BitLocker in TPM-only mode even if it is powered down
– OS access controls, e.g. screen lock, do not stop a physical attacker
34
DATA REVOCERY
Data recovery
 If the decryption key is lost, encrypted files
will be lost
– EFS:
password reset tools, profile cleaning tools
deleting private keys
– BitLocker:
installing Linux boot loader, replacing the
motherboard, TPM boot PIN forgotten or
mistyped, moving disk to another computer
 good idea to backup keys
Data recovery in EFS
 Administrator or Group Policy can define a data recovery
agent (DRA)
– FEK encrypted also with DRA public key
– In a domain, Domain Admin is the default DRA
 Standalone machine has no default DRA
– Backup user private key by exporting the user’s EFS certificate
(including the private key)
– Local Admin can configure a DRA on the local machine (see
cipher.exe)
 Questions:
– In Win 2000, local Admin was the default DRA; why was this not
a good idea?
– Local Admin cannot read other users’ encrypted files because
the user password is needed to decrypt them; how can the
Admin get around this?
37
Data recovery in EFS

File encryption key (FEK) is encrypted with one or more
recovery agents’ public keys
–
The same mechanism is used for sharing encrypted files
between users
Recovery Agent’s
Private EFS Key
FEK
Plaintext
file
Our
plan
is.…
User’s Private
EFS Key
FEK
File
attribute
Encrypted
File
d70f3
619a2
09b15
Plaintext
file
Our
plan
is.…
38
Data recovery in BitLocker
 Recovery password:
– User can print a 48-digit recovery password or store it on a
USB stick, CD or remote disk; it is actually a 128-bit key
– BitLocker encrypts the VMK with the recovery password
and stores it with the volume metadata (in the same way
as the TMP-sealed VMK)
– Multiple backups of volume metadata are stored in the
volume
 Organizational recovery policy:
– Windows Domain Admin can require the recovery
password or keys to be uploaded to the Active Directory
 Installing another OS for dual boot will trigger recovery
– User can accept the new boot configuration after entering
the recovery password
Exercises
 What secure methods are there for erasing
– magnetic hard drives and tapes
– USB stick or solid-state drives
– paper documents
 How to delete a specific file from a computer without erasing the
whole disk?
 What security properties does GPG file encryption EFS provide that
full-disk encryption does not?
 Why do EFS and BitLocker have so many levels of keys? Are some
unnecessary?
 Compare the security of software-based full-disk encryption and
the TPM approach against brute-force password guessing
 How to mitigate the risk of cold-boot attacks (both against BitLocker
and more generally)?
 Transparent operation improves usability of data encryption, but
are there risks associated with the transparency?
40
Related reading
 Online:
– Halderman et al., Lest We Remember: Cold Boot
Attacks on Encryption Keys.
http://citp.princeton.edu/memory/
 Stallings and Brown: Computer security,
principles and practice, 2008, chapter 10.5
41