Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lest We Remember Cold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Lest We Remember Cold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A."— Presentation transcript:

1 Lest We Remember Cold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, Edward W. Felten

2 How Safe is a Stolen Laptop? Unlocked Unencrypted No protection Locked Unencrypted Minimal protection Locked Encrypted Industry best practice

3 How Safe is a Stolen Laptop? Locked Encrypted Industry best practice In 2007: 119,000 encrypted laptops with sensitive data lost at major US airports Were they really protected?

4 Disk Encryption Defense File System Disk Drivers On-the-Fly Crypto Password: ********

5 “Sleep” Suspend-to-RAM “Hibernate” Suspend-to-Disk Screen Locked Attack Scenarios

6 Common Attack Scenario Security Assumptions The encryption is strong The OS protects the key in RAM …the attacker might reboot to circumvent the OS, but since RAM is volatile, the key will be lost… Right…?

7 Security Assumptions: Data fades almost instantaneously without refresh Any residual data is difficult to recover 0 Dynamic RAM Volatility 1 Write “1” 1 DRAM Cell (Capacitor) 0 Refresh (Read and rewrite) Refresh Interval ≈ 32 ms What if we don’t refresh?

8

9 Decay After Cutting Power 5 secs30 secs60 secs300 secs

10 DRAM Remanence Gradual Unidirectional Predictable DRAM data disappears almost instantaneously without refresh Decay After Cutting Power 5 secs30 secs60 secs300 secs

11 Capturing Residual Data Any residual data is difficult to recover Complication Booting full OS overwrites large areas of RAM Solution Boot a small low-level program to write out (dump) memory content PXE Dump (9 KB) EFI Dump (10 KB) USB Dump (22 KB) Implementations Residual data can be captured easily, with no special equipment

12 Delivering the Attack

13 Basic Cold-Boot Attack Dumping RAM… Screen-locked machine (if hibernating/sleeping, just wake it up!)

14 What if the BIOS clears RAM? BIOS: Clearing RAM… !!! Common in machines that support ECC RAM

15 Advanced Cold-Boot Attack Attacker’s Computer Dumping RAM… Victim’s Computer

16 Slowing Decay By Cooling -50°C < 0.2% decay after 1 minute

17

18

19 Even Cooler -196°C Liquid Nitrogen < 0.17% decay after 1 hour Not necessary in practice

20 Dealing with Bit Errors Some bit errors inevitable, especially without cooling (increasing with memory density) Given corrupted K’, find K: Brute-force search over low Hamming distance to K’ e.g. 256-bit key with 10% error: > 2 56 guesses (too slow!) Given corrupted K’, find K: Brute-force search over low Hamming distance to K’ e.g. 256-bit key with 10% error: > 2 56 guesses (too slow!) Naïve Approach Most programs store precomputed derivatives of K (e.g. key schedules) These derivatives contain redundancy; we can treat them as error correcting codes Most programs store precomputed derivatives of K (e.g. key schedules) These derivatives contain redundancy; we can treat them as error correcting codes Insight

21 Correcting Bit Errors in DES Key schedule contains ~14 redundant copies of each bit from the key 0100000010000100 ~20% error 0000000000000000 0

22 AES Key Schedule   Round 0 key (K) Round 1 key Round 10 key … … Core 128-bit key K  10 more 128-bit keys for cipher rounds   Byte

23 Correcting Bit Errors in AES  Round 0 key (K) Round 1 key Core  Key schedule recovered from memory (contains errors) 1.Slices: 4 bytes in Round 0 determine 3 bytes in Round 1 2.Enumerate 2 32 possibilities for each 7 byte slice 3.Eliminate values unlikely to have decayed to observed bytes (excludes vast majority)

24 Correcting Bit Errors in AES  Round 0 key (K) Round 1 key Core  Key schedule recovered from memory (contains errors) 4.Repeat for each of the 4 slices 5.Combine possible slice values into candidate keys 6.Test candidates keys by expanding them into full key schedules – compare to recovered memory

25 Recovering Other Keys AES, DES (key schedules) LRW tweak keys (multiplication tables) RSA private keys (primes P and Q) Efficiency vs. Security

26 Finding Keys Previous Methods – Entropy methods But, most high entropy data isn’t key material – Looking for data structure But, need to know internal details about software Our Method –Focuses on key schedules Precise and fully automatic, even with decay Doesn’t require analysis of target program

27 Finding AES Key Schedules Iterate through each byte of memory – 1. Treat following region as an AES key schedule 2. For each word in the “schedule”: Calculate correct value, assuming other bytes correct Take Hamming distance to observed value 3. If total distance is low, output the key

28 Steps of Cold-Boot Attack 1.Extract memory 2.Locate keys in memory 3.Reconstruct decayed keys 4.Decrypt hard drive

29 Demonstrated Attacks Linux dm-crypt Linux LoopAES Windows BitLocker Mac OS FileVault TrueCrypt

30 “BitLocker, Meet BitUnlocker” Demonstration of fully automated attack: Connect USB drive, reboot, and browse files

31 Countermeasures No Magic Bullet Possible Mitigations – Encrypt key in memory when screen-locked – Avoid precomputation – Fully encrypted memory – Trusted Platform Module (TPM)

32 Encrypt Memory During Sleep When entering screen-lock/hibernate/sleep: – Encrypt RAM with user’s password When awakened: – Require user’s password to decrypt RAM Minor behavioral changes Zzzz….

33 Avoid Precomputation This makes recovery harder, but: – Hurts performance (Having key schedule speeds computation) – Attacker can reduce the incidence of errors – Alternative recovery schemes may perform well without this data

34 Encrypted Memory Memory encrypted with key – Randomly chosen at boot On cache read/write – Data encrypted/decrypted when written/read CPU reset clears key

35 TPM? Current TPMs may help attacker Windows BitLocker in Basic Mode – On boot, OS loads key from TPM into RAM (No Password) – Vulnerable to cold-boot attack (Even if completely off) Future TPMs may help – Need bulk encryption

36 Key Points Characterization of DRAM remanence Cold-boot attacks on encryption keys Automatic key finding and recovery Compromises of popular disk encryption tools Discussion of remedies and their limitations

37 Take Aways DRAM decays in seconds without refresh, not milliseconds This is slow enough to allow data recovery, given physical access Software has no safe place to store a key Mitigation requires compromises

38 J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, Edward W. Felten For videos and source code, visit j.alexhalderman.com Lest We Remember Cold-Boot Attacks Against Disk Encryption

Download ppt "Lest We Remember Cold-Boot Attacks Against Disk Encryption J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A."

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Rambling on the Private Data Security

Rambling on the Private Data Security
Security Through the Lens of Failure J. Alex Halderman.

Security Through the Lens of Failure J. Alex Halderman.
White-Box Cryptography

White-Box Cryptography
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Protecting Data on Smartphones & Tablets from Memory Attacks Patrick ColpJiawen Zhang James Gleeson Sahil Suneja Eyal de Lara Himanshu Raj Stefan Saroiu.

Protecting Data on Smartphones & Tablets from Memory Attacks Patrick ColpJiawen Zhang James Gleeson Sahil Suneja Eyal de Lara Himanshu Raj Stefan Saroiu.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Cryptography and Network Security

Cryptography and Network Security
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Similar presentations

Ads by Google