Encryption defeated, still an advocate?
Technorati Tag: Encryption
Originally I was not going to write about this because it is not a breach (incident), but...
Yesterday, researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems released an eye-opening report labeled "Lest We Remember: Cold Boot Attacks on Encryption Keys" in which they "present a suite of attacks that exploit DRAM remanence [sic] effects to recover cryptographic keys held in memory".
OK. What does this mean to the non-geek? It means that there are now successful attacks against many encryption implementations, including those most commonly used on mobile devices (laptop, thumb drive, etc.). Here at The Breach Blog I have advocated the use of hard drive encryption in many posts and pointed out the fact that storing confidential information on unencrypted laptops is bad security and poor business. So, what does this all mean?
From Princeton University's Center for Information Technology Policy FAQs:
Q. What encryption software is vulnerable to these attacks?
A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.
Q. What can users do to protect themselves?
A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers’ physical security could be compromised. On most systems, locking the screen or switching to “suspend” or “hibernate” mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.)
Q. Isn’t your attack difficult to carry out? Don’t you need materials like liquid nitrogen?
A. We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.
And from "Lest We Remember: Cold Boot Attacks on Encryption Keys" Conclusion:
"There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."
[Evan] Well, if this ain't a shot to the gut! On the surface I am miffed by research that leaves me wondering what in the world am I supposed to do now? When I think about it more, I am extremely grateful for the work these people do and I'm not really surprised by the findings. People that have been in the information security field for a while, understand some of the concepts that (we think) make us effective in what we do. Nobody can rightfully claim that full disk encryption or any other single technology is the one that protects against everything. We are never 100% secure will all technologies, let alone one. Security is a holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now.
I am still an advocate for using full disk encryption (and encryption in general) as good information security practice. It is another essential cog in the bigger information security machine. Recognize the technology for what it is and understand that it's use does reduce risk when compared to the alternative of using clear-text. Obtaining the encryption keys is obviously very possible, but obtaining clear text information is completely trivial. Long-term this is a great problem to have. I have seen many, many good "out of the box" ideas being kicked around by information security professionals, debating possible solutions. It's the out of the box thinking that spurs creative solutions.
I was at a seminar recently with Joshua Corman, IBM Principal Security Strategist and he said something the resonated with me that I thought was relevant to this posting. He said "We are not in the risk elimination business, we are in the risk reduction business". Does encryption reduce risk? Absolutely it does.
Other News Sources:
CNET.com News story
The New York Times story
SecurityFocus story
InformationWeek story
Originally I was not going to write about this because it is not a breach (incident), but...Yesterday, researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems released an eye-opening report labeled "Lest We Remember: Cold Boot Attacks on Encryption Keys" in which they "present a suite of attacks that exploit DRAM remanence [sic] effects to recover cryptographic keys held in memory".
OK. What does this mean to the non-geek? It means that there are now successful attacks against many encryption implementations, including those most commonly used on mobile devices (laptop, thumb drive, etc.). Here at The Breach Blog I have advocated the use of hard drive encryption in many posts and pointed out the fact that storing confidential information on unencrypted laptops is bad security and poor business. So, what does this all mean?
From Princeton University's Center for Information Technology Policy FAQs:
Q. What encryption software is vulnerable to these attacks?
A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.
Q. What can users do to protect themselves?
A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers’ physical security could be compromised. On most systems, locking the screen or switching to “suspend” or “hibernate” mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.)
Q. Isn’t your attack difficult to carry out? Don’t you need materials like liquid nitrogen?
A. We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.
And from "Lest We Remember: Cold Boot Attacks on Encryption Keys" Conclusion:
"There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed."
[Evan] Well, if this ain't a shot to the gut! On the surface I am miffed by research that leaves me wondering what in the world am I supposed to do now? When I think about it more, I am extremely grateful for the work these people do and I'm not really surprised by the findings. People that have been in the information security field for a while, understand some of the concepts that (we think) make us effective in what we do. Nobody can rightfully claim that full disk encryption or any other single technology is the one that protects against everything. We are never 100% secure will all technologies, let alone one. Security is a holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now.
I am still an advocate for using full disk encryption (and encryption in general) as good information security practice. It is another essential cog in the bigger information security machine. Recognize the technology for what it is and understand that it's use does reduce risk when compared to the alternative of using clear-text. Obtaining the encryption keys is obviously very possible, but obtaining clear text information is completely trivial. Long-term this is a great problem to have. I have seen many, many good "out of the box" ideas being kicked around by information security professionals, debating possible solutions. It's the out of the box thinking that spurs creative solutions.
I was at a seminar recently with Joshua Corman, IBM Principal Security Strategist and he said something the resonated with me that I thought was relevant to this posting. He said "We are not in the risk elimination business, we are in the risk reduction business". Does encryption reduce risk? Absolutely it does.
Other News Sources:
CNET.com News story
The New York Times story
SecurityFocus story
InformationWeek story
Posts Atom 1.0
We've long known that full disk encryption only properly protects the data when the system is shutdown.
There is an easy mitigation to this attack for machines that have been shutdown by the encryption systems simply overwriting the encryption key with random data after it has unmounted the encrypted disk.
Perhaps the NSA and other FIS may be able to still gather overwrote data from RAM chips, but that is a lot more complex than the attack recently described.
Reply to this