Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encrypting stored data

Similar presentations

Presentation on theme: "Encrypting stored data"— Presentation transcript:

1 Encrypting stored data
Aalto University, autumn 2011

2 Outline Scenarios File encryption Encrypting file system
Full disk encryption Data recovery Simple applications of cryptography Good examples of how difficult it is a build secure systems [These slides are partly based on Microsoft material.]

3 Scenarios

4 Lost and stolen laptops
Laptops are easily lost and stolen airports, taxis, hotel rooms, restaurants, underground, national parks,... Laptops contain confidential data: business secrets confidential client data databases with customer personal information that may enable ID theft personal online banking information and passwords Laptops enable access to corporate intranets automatic and calendar access gets though network access control

5 Stolen and physically compromised servers
Expensive server hardware is attractive to thieves Theft is not common but potential damage is high Underground market for personal data, social security numbers, credit card numbers, etc. Unauthorized insiders can physically compromise server machines Employees often have physical access to server Physical access gives attacker full control over the machine and data on its disks Can reboot to Linux from a CD / USB stick and use hacker tools to access raw data on disk

6 In the news Heathrow airport in London auctioned average 120 unclaimed laptops each month. * A Chicago taxi company collected 4,425 laptops in * University of California laptop with the data of 98,000 Berkeley graduates stolen in * Fidelity Investments laptop with data of 196,000 HP employees stolen in * George Mason University server containing PII of 30,000 students and employees stolen in 2005. U.S. Dept. of Veteran’s Affairs lost hard drive containing personal information of veterans in * See also

7 Decommissioning hard disks
Second-hand hard disks have been found to contain confidential data MIT study in 2003: only 10% of second-hand hard disks were properly sanitized * Secure decommissioning is expensive How to erase magnetic media, solid-state drives? Recycling of used computer hardware is a low-margin business: no time for secure disk wipe Old PCs from the US are shipped to China for recycling

8 Cost of information loss
Financial loss Legal and regulatory compliance SOX, HIPAA, GLBA FSA in UK fined Nationwide £980,000 for a stolen laptop that contained data on 11M customers * Image and credibility Organized crime ensures effective dissemination and use of the information among criminals See e.g. Team Cymru: “The underground economy: priceless” *

9 Data encryption Scenarios:  Risk of disclosure of confidential data
lost and stolen laptop computers stolen servers decommissioning hard disks  Risk of disclosure of confidential data The obvious solution: encrypt data on disk But computer security is never quite so simple: Security often conflicts with usability Security often conflicts with reliability; plan for data recovery is needed System design mistakes or programming errors could compromise data

10 file encryption

11 Simple file encryption
User enters passphrase Passphrase hashed with a cryptographic hash function to produce a key File encrypted with the key E.g. EAS in CBC mode Decryption with the same key Examples: crypt(1), GPG 1 ******* SHA-1 2 d70f3619a209b15 Our plan is.… 3 % gpg --output ciphertext.gpg --symmetric plaintext.doc Enter passphrase:

12 Limitations of file encryption
Encrypting a file normally creates an encrypted copy; what happens to the old plaintext file? No guarantee that the plaintext is not left on the disk Word processors and other software create temporary files and backup copies Unencrypted versions and fragments of the file may be left in locations that the user does not even know about There are tools for deleting temporary files and for wiping free disk space, but none is completely reliable

13 Wiping files Deleting a file simply marks the space free but does not erase the contents Raw data is still on the disk and can be read Overwriting a file may erase the old contents but there is no guarantee File system may organize data in unexpected ways: backups, revision control, copy on write, journal, etc. Wiping all empty disk space by overwriting Deletes a lot of data but also no guarantee Disk drive behavior is not always controllable by the file system driver: bad blocks, optimizations Solid state disks (SSD) write in complex patterns Magnetic data remanence: magnetic medium may retain traces of previous contents even after overwritten

14 Encrypting file system

15 Windows encrypting file system (EFS)
Encryption is a file attribute Possible to enable encryption for all files in a folder  new files encrypted Files are readable only when the user is logged in Encryption and decryption are transparent to applications Similar products exist for Unix but none in wide use

16 EFS key management PBKDF2 User logs in, enters password
*) DPAPI = Data Protection application programming interface 1 PBKDF2 User logs in, enters password Hashed to produce key Used to decrypt User’s Master Key Used to decrypt User’s Private EFS Key Used to decrypt File Encryption Key (FEK) Used to encrypt on write and decrypt on read 2 key User’s DPAPI* Master Key 3 Profile User’s Private EFS Key 4 Profile RSA $EFS alternate data stream FEK 5 Plaintext file 6 d70f3619a209b15 Our plan is.… Encrypted File AES or 3DES

17 EFS limitations Encrypts contents of specific files
User password or smartcard needed for decryption System has no access to encrypted files unless user logs in Cannot index files offline without the password Backups contain encrypted files, not the plaintext When encrypting plaintext files, the original file is not wiped, just deleted; the data remains on the disk User must remember to create the file in an encrypted folder Transparent decryption e.g. data decrypted transparently when copying to a file share over network or to an un-encrypted FAT partition Some data is not encrypted: folder and file names temp files, earlier unencrypted versions, printer spool registry, system files and logs page file can now be encrypted but requires policy configuration Hibernation file may contain decryption keys

18 EFS and password cracking
EFS security depends on the secrecy of user password Password hashes are stored in a database on the disk Password are vulnerable to brute-force attacks NT hash and older LM hash use no salt and are therefore especially vulnerable Rainbow tables (Hellman90, Oechslin03) Attacker can boot to another OS, extract the password hashes from the disk, and crack the user password Notes: Just resetting user or admin password will not recover encrypted data on a stolen laptop Physical access allows attacker to install a root kit, log passwords, etc.

19 Password cracking in practice
Security accounts management database (SAM) in Registry stores cryptographic hashes of user passwords SAM is encrypted with a locally stored system key (SYSKEY) SYSKEY is obfuscated in Registry but possible to find Breaking EFS: Boot from a CD or USB drive, mount the main disk Find SYSKEY, read SAM, and decrypt password hashes Crack user or local admin password (requires a brute-force search) Use the password to decrypt user master key and so on… Example of tools for Windows XP: BackTrack is a Linux boot disk with hacker tools (; bkhive recovers syskey; samdump2 extracts the password hashes Rainbow Tables and SAMInside are examples of commercial password crackers (,

20 Trojans, root kits etc. EFS data is vulnerable to Trojans, viruses and key loggers Attacker with access to hardware can compromise OS and install a root kit or key logger Note that these are different problems than laptop theft and loss Stolen laptops are usually not returned to owner after they are compromised

21 EFS summary Encrypts single files and folders; leaves a lot of information unencrypted Requires care from user User must understand what is encrypted and what else happens to the data User must backup keys or risk data loss System cannot access encrypted files for admin tasks like backup and indexing Hibernation breaks the security Apart from hibernation, EFS would be pretty good for encrypting all files on a data disk (D:)

22 Full disk encryption

23 Full disk encryption Entire disk encrypted:
Protects all information on disk Easier to use correctly than EFS Products are available from various hardware and software vendors including hard disk manufacturers Password, key or physical token required to boot or to mount disk; thereafter transparent Usability and reliability issues? No unsupervised reboot or wakeup In software-based products: Password must be strong enough to resist brute-force guessing Hibernation is problem  need a hardware solution

24 Trusted platform module
Trusted hardware enables some things that otherwise would be impossible Trusted platform module (TPM) is a smart-like module on the computer motherboard Holds crypto keys and platform measurements in platform configuration registers (PCR) Useful TPM operations: TMP_Seal: encrypt data — in any platform configuration TPM_Unseal: decrypt the data, but only if the platform configuration is the same as when sealing

25 Windows BitLocker Full-volume encryption in Windows
Uses TPM for key management Optional PIN input and/or USB dongle at boot time System volume must be NTFS, data disks can also be FAT Sealing the entire system partition: Encrypt data with a symmetric key Seal the key; store sealed key on disk; unseal when booting TPM will check the OS integrity before unsealing the key Can boot to another OS but then cannot unseal the Windows partition  cannot bypass OS access controls For a stolen laptop, forces the thief to hardware attack against TPM

26 Encrypted Windows partition
BitLocker partitions Windows partition contains: Volume metadata with MAC Encrypted OS Encrypted page file Encrypted temp files Encrypted data Encrypted hibernation file 1.5 GB Encrypted Windows partition Boot partition Boot partition contains: MBR OS loader Boot utilities

27 Bitlocker keys Separate VMK/FVEK adds flexibility — how?
Storage Root Key (SRK) inside TPM 1 Volume Master Key (VMK) 2 Encrypted keys in volume metadata Full Volume Encryption Key (FVEK) 3 Plaintext data 4 and bring milk … Separate VMK/FVEK adds flexibility — how?

28 Algorithms and key sizes
Storage root key (SRK) is a 2048-bit RSA key Volume master key (VMK) is a 256-bit symmetric key Full volume encrypt key (FVEK) is a 128- or 256-bit symmetric key The disk in encrypted with AES-CBC Initialization vector (IV) derived from sector number No integrity check MAC would cause data length to expand Disk sectors are pre-processed with a proprietary diffuser algorithm Makes attacks against integrity more difficult; the whole sector is encrypted as if one cipher block ( bytes)

29 Software authentication with TPM
Measuring platform configuration: Module n computes hash of module n+1 and extends the hash into a platform configuration register (PCR) in TPM Module n transfers control to module n+1 At any point, PCRs contain a cumulative fingerprint (hashes) of all software loaded up to that point Sealing and unsealing data: TPM binds selected PCR values to the sealed secrets TPM unseals secrets only if these PCR values have not changed If attacker tampers with the OS or the boot process, the OS cannot unseal the data Originally designed as a DRM feature: Decrypt music only for untampered OS and media player

30 Secure boot with TPM Pre-OS Static OS Dynamic OS CRTM measure and load
load volume metadata, unseal VMK, verify MAC1 on metadata, decrypt FVEK BIOS MBR NTFS boot sector NTFS boot block decrypt, verify signature and load CRTM = Core Root of Trust Measurement. BIOS executes code from the first physical sector of the disk, called the Master Boot Record (= MBR = master boot block). The MBR contains with 446 bytes of code and 64 bytes partition table. The code loads the first sector of the boot partition, called boot sector, which contains 512 bytes of code. BitLocker stores multiple copies of the volume metadata, and the first copy can be located from information in the BIOS Parameter Block (BPB). The BPB is located at the first 0x54 bytes of the first sector of the volume.  Chapter 30 of the Windows Vista Resource Kit OS loader is C:\Windows\System32\winload.exe Boot manager OS loader2 PCRs on TPM Windows 1MAC keyed with VMK. 2Different loaders for boot, resume etc.

31 Which PCR values are used?
*PCR 00: CRTM, BIOS and Platform Extensions (PCR 01: Platform and Motherboard Configuration and Data) *PCR 02: Option ROM Code (PCR 03: Option ROM Configuration and Data) *PCR 04: Master Boot Record (MBR) Code (PCR 05: Master Boot Record (MBR) Partition Table) (PCR 06: State Transitions and Wake Events) (PCR 07: Computer-Manufacturer Specific) *PCR 08: NTFS Boot Sector *PCR 09: NTFS Boot Block *PCR 10: Boot Manager *PCR 11: BitLocker Critical Components If any of the *-values has changed, the decryption key will not be unlocked and a recovery password is needed BitLocker keys will be unlocked during OS upgrade

32 BitLocker modes TPM only: TPM and PIN: TPM (and PIN) and USB stick:
Unsupervised boot (VMK unsealed if the PCR values correct) Attacker can boot stolen laptop but not log in  security depends on OS access controls Very attractive mode of operation enabled by TPM — but see the following slides! TPM and PIN: TPM requires a PIN during the secure boot TMP will be locked after a small number of incorrect PINs Attacker must break the TPM hardware to decrypt disk TPM (and PIN) and USB stick: Secure boot and strong keys on a physical token  high security USB stick without TPM Traditional software-based full-disk encryption; no secure boot

33 Secure path issues The PIN input is not secure if the attacker can hack the hardware Attacker can modify the BIOS or by replace the computer without the user’s knowledge Key logger on external keyboard can capture the PIN Similarly, a hacked computer can capture the keys on the USB stick This requires the attacker to have access to the computer twice: first to install the Trojan, then to use the captured PIN Inside attacker, e.g. IT support Not a problem for lost and stolen computers

34 Cold boot attack Laptop memory is designed for low power consumption  slow refresh rate  data stays in memory for seconds after power loss Data remanence in DRAM: Pull out memory from a running computer and plug it into a reader Some bits will be random but some will retain their values  might be possible to recover most bits of a cryptographic key in the memory Use cold spray or liquid nitrogen to reduce data loss Cold boot attack: Reboot into minimal hacker OS from USB stick or CD Memory power lost only for a fraction of a second during reboot  memory contents almost unchanged Lessons: Breaks full-disk encryption if attacker has access to the running computer Sleeping laptop = running laptop  most laptops vulnerable Breaks BitLocker in TPM-only mode even if it is powered down OS access controls, e.g. screen lock, do not stop a physical attacker

35 Data Revocery

36 Data recovery If the decryption key is lost, encrypted files will be lost EFS risks: password reset tools may change password without re-encrypting the user private key; profile cleaning tools could delete the private keys BitLocker risks: installing Linux boot loader, replacing the motherboard, TPM boot PIN forgotten or mistyped many times, moving disk to another computer  good idea to backup keys

37 Data recovery in EFS Administrator or Group Policy can define a data recovery agent (DRA) FEK encrypted also with DRA public key In a Windows domain, Domain Admin is the default DRA Standalone machine has no default DRA Backup user private key by exporting the user’s EFS certificate (including the private key) Local Admin can configure a DRA on the local machine (see cipher.exe) Questions: In Win 2000, local Admin was the default DRA; why was this not a good idea? Local Admin cannot read other users’ encrypted files because the user password is needed to decrypt them; how can the Admin get around this?

38 Data recovery in EFS File encryption key (FEK) is encrypted with one or more recovery agents’ public keys The same mechanism is used for sharing encrypted files between users Our plan is.… FEK Recovery Agent’s Private EFS Key Plaintext file User’s Private EFS Key FEK File attribute Plaintext file d70f3619a209b15 Encrypted File Our plan is.… 38

39 Data recovery in BitLocker
Recovery password: User can print a 48-digit recovery password or store it on a USB stick, CD or remote disk; it is actually a 128-bit key BitLocker encrypts the VMK with the recovery password and stores it with the volume metadata (in the same way as the TMP-sealed VMK) Multiple backups of volume metadata are stored in the volume Organizational recovery policy: Windows Domain Admin can require the recovery password or keys to be uploaded to the Active Directory Installing another OS for dual boot will trigger recovery User can accept the new boot configuration after entering the recovery password

40 Exercises What secure methods are there for erasing
magnetic hard drives and tapes USB stick or solid-state drives paper documents How to delete a specific file from a computer without erasing the whole disk? What security properties does GPG file encryption EFS provide that full-disk encryption does not? Why do EFS and BitLocker have so many levels of keys? Are some unnecessary? Compare the security of software-based full-disk encryption and the TPM approach against brute-force password guessing How to mitigate the risk of cold-boot attacks (both against BitLocker and more generally)? Transparent operation improves usability of data encryption, but are there risks associated with the transparency?

41 Related reading Online:
Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys. Stallings and Brown: Computer security, principles and practice, 2008, chapter 10.5

Download ppt "Encrypting stored data"

Similar presentations

Ads by Google