Presentation on theme: "Encrypting stored data"— Presentation transcript:
1Encrypting stored data Tuomas AuraCSE-C3400 Information securityAalto University, autumn 2014
2Outline Scenarios File encryption Encrypting file system Simple application of cryptography — and a good example of how difficult it is to build secure systemScenariosFile encryptionEncrypting file systemFull disk encryptionData recoveryAcknowledgement: These slides are partly based on Microsoft material.This lecture is uses Windows as an example. The same principles and questions apply to competing file and disk encryption products
3Scenarios for data encryption Lost and stolen laptopsContain confidential data and access credentialsPhysically compromised serversContain business secrets, customer data and PIIUnauthorized insiders have physical accessDecommissioned hard disksSecure decommissioning is expensiveHardware recycling is typically done in the cheapest and fastest way: no time for secure disk wipeOld PCs from the US are shipped to China for recycling
4Data encryption Scenarios: Risk of disclosure of confidential data lost and stolen laptop computersstolen serversdecommissioning hard disks Risk of disclosure of confidential dataThe obvious solution: encrypt data on diskBut computer security is never quite so simple:Security often conflicts with usabilitySecurity often conflicts with reliability; plan for data recovery is neededSystem design mistakes or programming errors could compromise data
6Simple file encryption User enters passphrasePassphrase hashed with a cryptographic hash function to produce a keyFile encrypted with the keyE.g. AES in CBC modeDecryption with the same keyExamples: crypt(1), GPG1*******SHA-12d70f3619a209bOur plan is.…3% gpg --output ciphertext.gpg --symmetric plaintext.doc Enter passphrase:
7Limitations of file encryption User action needed, and users are lazyAutomated use (scripting) hard to implement because where do you store the secret passphrase?Brute-forcing the passphase possibleCan be mitigate with a slow hash (e.g. PBKDF2)Encrypting a file normally creates an encrypted copy; what happens to the old plaintext file?No guarantee that the plaintext is not left on the diskWord processors and other software create temporary files and backup copiesUnencrypted versions and fragments of the file may be left in locations that the user does not even know aboutThere are tools for deleting temporary files and for wiping free disk space, but none is completely reliableCloud storage keep all old data
8Wiping filesDeleting a file simply marks the space free but does not erase the contents: raw data is still on the diskOverwriting a file does not always erase the old contents:File system may organize data in unexpected ways: backups, revision control, copy on write, journal, etc.Solid state disks (SSD) write in complex patternsWiping all empty disk space by overwritingDeletes most data but no guaranteeDisk drive behavior is not always controllable by the file system driver: bad block replacement, optimizationsMagnetic data remanence: magnetic medium may retain traces of previous contents even after overwrittenPhysical destruction: grinding disks, heating magnetic medium above Curie temperatureFlash memory (SSD) fragments may retain data
10Windows encrypting file system (EFS) Encryption is a file attributePossible to enable encryption for all files in a folder new files encryptedFiles are readable only when the user is logged inEncryption and decryption are transparent to applicationsSimilar products exist for Unix
11EFS key management PBKDF2 User logs in, enters password *) DPAPI = Data Protection application programming interface1PBKDF2User logs in, enters passwordHashed to produce keyUsed to decrypt User’s Master KeyUsed to decrypt User’s Private EFS KeyUsed to decrypt File Encryption Key (FEK)Used to encrypt on write and decrypt on read2keyUser’s DPAPI* Master Key3User profileUser’s Private EFS Key4User profileRSA$EFS alternate data streamFEK5Plaintext file6d70f3619a209b15Encrypted FileOur plan is.…AES or 3DES
12EFS limitations Encrypts contents of specific files only User login credentials (password) needed for decryptionSystem has no access to encrypted files unless user logs inSystem cannot index files without the user passwordBackups contain encrypted files, not the plaintextWhen encrypting plaintext files, the original file is not wiped, just deleted; the data remains on the diskUser should create files in an encrypted folderTransparent decryptione.g. data decrypted transparently when copying to a file share over network or to an un-encrypted FAT partitionSome data is not encrypted:folder and file namestemp files, earlier unencrypted versions, printer spoolregistry, system files and logspage file can now be encrypted but requires policy configurationHibernation file may contain decryption keys
13EFS and password cracking EFS security depends on the secrecy of user passwordPassword hashes are stored in a database on the diskPassword are vulnerable to brute-force attacksNT hash and historical LM hash use no salt and are therefore especially vulnerableRainbow tables (Hellman90, Oechslin03)Attacker can boot to another OS, extract the password hashes from the hard disk and crack the user passwordNote: resetting user or admin password does not enable access to encrypted filesEFS supports smart cards as an alternative login method
14Trojans, root kits etc.EFS data is vulnerable to Trojans, viruses and key loggersAttacker with access to hardware can compromise OS and install a root kit or key loggerNote that these problems do not apply to lost or stolen laptops
15EFS summaryEncrypts single files and folders; leaves a lot of information unencryptedRequires care from userUser must understand what is encrypted and what else happens to the dataUser of a non-domain computer must backup keys or risk data lossSecurity depends on a strong passwordSystem cannot access encrypted files for admin tasks like backup and indexingHibernation breaks the securityApart from the hibernation issue, EFS would be pretty secure way of encrypting all files on a data disk (D:)
17Full disk encryption Entire disk is encrypted: Protects all information on diskEasier to use correctly than EFSProducts are available from various hardware and software vendors including hard disk manufacturersPassword, key or physical token required to boot or to mount disk; thereafter transparentUsability and reliability issues?Requires user/admin to be present at boot timeIn software-based products:Password must be strong enough to resist brute-force guessingHibernation is a problem Hardware solution would be better
18Trusted platform module Trusted hardware enables some things that otherwise would be impossibleTrusted platform module (TPM) is a smart-card-like module on the computer motherboard or, preferably, embedded in the CPUHolds crypto keys and platform measurements in platform configuration registers (PCR)Useful TPM operations:TMP_Seal: encrypt data — in any platform configurationTPM_Unseal: decrypt the data, but only if the platform configuration is the same as when sealing
19Windows BitLocker Full-volume encryption in Windows Uses TPM for key managementOptional PIN input and/or USB dongle at boot timeSystem volume must be NTFS, data disks can also be FATSealing the entire system partition:Encrypt data with a symmetric keySeal the key; store sealed key on disk; unseal when bootingTPM checks the OS integrity before unsealing the keyCan boot to another OS but then cannot unseal the Windows partition cannot bypass OS access controlsFor a stolen laptop, forces the thief to hardware attack against TPM
20Encrypted Windows partition BitLocker partitionsWindows partition contains:Volume metadata with MACEncrypted OSEncrypted page fileEncrypted temp filesEncrypted dataEncrypted hibernation file1.5 GBEncrypted Windows partitionBoot partitionBoot partition contains: MBR OS loader Boot utilities
22Algorithms and key sizes Storage root key (SRK) is a 2048-bit RSA keyVolume master key (VMK) is a 256-bit symmetric keyFull volume encrypt key (FVEK) is a 128 or 256-bit symmetric keyThe disk in encrypted with AES-CBCInitialization vector (IV) derived from sector number (because there is no space for storing a random IV in the disk block)No integrity checkAdding a MAC would increase the data sizeDisk sectors are pre-processed with a proprietary diffuser algorithmMakes attacks against integrity more difficult; the whole sector is encrypted as if it was one cipher block ( bytes)
23Software authentication with TPM Measuring platform configuration:Module n computes hash of module n+1 and extends the hash into a platform configuration register (PCR) in TPMModule n transfers control to module n+1At any point, PCRs contain a cumulative fingerprint (hashes) of all software loaded up to that pointSealing and unsealing data:TPM binds selected PCR values to the sealed secretsTPM unseals secrets only if these PCR values have not changedIf attacker tampers with the OS or the boot process, the OS cannot unseal the dataOriginally designed as a DRM feature:Decrypt music only for untampered OS and media playerSlightly different from traditional secure boot: does not prevent booting to any OS or system configurationAnother feature based on the TPM and platform measurements is attestation i.e. proving host integrity to another host server across the Internet
24Secure boot with TPM Pre-OS Static OS Dynamic OS CRTM measure and load load volume metadata, unseal VMK,verify MAC1on metadata,decrypt FVEKBIOSMBRNTFS boot sectorNTFS boot blockdecrypt, verify signature and loadCRTM = Core Root of Trust Measurement.BIOS executes code from the first physical sector of the disk, called the Master Boot Record (= MBR = master boot block). The MBR contains with 446 bytes of code and 64 bytes partition table. The code loads the first sector of the boot partition, called boot sector, which contains 512 bytes of code.BitLocker stores multiple copies of the volume metadata, and the first copy can be located from information in the BIOS Parameter Block (BPB). The BPB is located at the first 0x54 bytes of the first sector of the volume. Chapter 30 of the Windows Vista Resource KitOS loader is C:\Windows\System32\winload.exeBoot managerOS loader2PCRs on TPMWindows1MAC keyed with VMK. 2Different loaders for boot, resume etc.
25Which PCR values are used for sealing? *PCR 00: CRTM, BIOS and Platform Extensions(PCR 01: Platform and Motherboard Configuration and Data)*PCR 02: Option ROM Code(PCR 03: Option ROM Configuration and Data)*PCR 04: Master Boot Record (MBR) Code(PCR 05: Master Boot Record (MBR) Partition Table)(PCR 06: State Transitions and Wake Events)(PCR 07: Computer-Manufacturer Specific)*PCR 08: NTFS Boot Sector*PCR 09: NTFS Boot Block*PCR 10: Boot Manager*PCR 11: BitLocker Critical ComponentsIf any of the *-values has changed, the decryption key will not be unlocked and a recovery password is neededBitLocker keys will be unlocked before OS upgrade
26BitLocker modes TPM only: TPM and PIN: TPM (and PIN) and USB stick: Unsupervised boot (VMK unsealed if the PCR values correct)Attacker can boot stolen laptop but not log in security depends on OS access controlsVery attractive mode of operation enabled by TPM — but see the following slides!TPM and PIN:TPM requires a PIN during the secure bootTMP will be locked after a small number of incorrect PINsAttacker must break the TPM hardware to decrypt the diskAttacker may also sniff communication between chips on a live systemTPM (and PIN) and USB stick:Secure boot and strong keys on a physical token high securityUSB stick without TPMTraditional software-based full-disk encryption; no secure bootNetwork unlockServer can reboot if on the same network with AD
27eDriveOffloading the data encryption and decryption (AES) to hardware on the drive(in Windows 8 and Server 2012)Obtain the Authentication Key e.g. by unsealing it1Authentication Key:sent to the drive, decrypts the Data Encryption KeyEncrypted key on the drive23Data Encryption Key (DEK) never leaves the drive4Encrypted datad70f3619a209b15and bring milk …Plaintext dataSeparate VMK/FVEK adds flexibility — how?
28Secure path issuesThe PIN input is not secure if the attacker can hack the hardwareAttacker can modify the BIOS or by replace the computer without the user’s knowledgeKey logger on external keyboard can capture the PINSimilarly, a hacked computer can capture the keys on the USB stickMalware can also fake the reboot process and ask for the PINThis requires the attacker to have access to the computer twice: first to install the Trojan, then to use the captured PINInside attacker, e.g. IT supportNot a problem for lost and stolen computers
29Cold boot attackLaptop memory is designed for low power consumption slow refresh rate data stays in memory for seconds after power lossData remanence in DRAM:Pull out memory from a running computer and plug it into a readerSome bits will be random but some will retain their values might be possible to recover most bits of a cryptographic key in the memoryUse cold spray or liquid nitrogen to reduce data lossCold boot attack:Reboot into minimal hacker OS from USB stick or CDMemory power lost only for a fraction of a second during reboot memory contents remain almost unchangedLessons:Breaks full-disk encryption if attacker has access to the running computerSleeping laptop = running laptop most laptops vulnerableBreaks BitLocker in TPM-only mode even if it is powered downOS access controls, e.g. screen lock, do not stop a physical attacker from gaining access to memory and files
31Need for data recoveryIf the decryption key is lost, encrypted files will be lostIf Admin resets user password, EFS files cannot be readPassword reset and hacking tools have the same effectUser can change the password back to the old one – if rememberedBackup files become unreadable if the user’s old (archived) private key’s is lostCan happen when rebuilding or cleaning user profileBitLocker risks: installing Linux boot loader, replacing the motherboard, TPM boot PIN forgotten or mistyped many times, moving disk to another computer Good idea to backup decryption keys
32Data recovery in EFS Windows domain has a data recovery agent (DRA) FEK is encrypted also with DRA public keyDomain Admin is the default DRAOther DRAs can be defined in a Group Policy in the domainStandalone machine has no default DRALatest password reset disk also recovers EFS private keyUser may also export the user’s EFS certificate (including the private key) to a backup diskLocal Admin can configure a DRA on the local machine (see cipher.exe)Questions:Local Admin cannot read the users’ encrypted files without the user passwords; can the Admin get around this?Win 2000 had local Admin as default DRA for non-domain machines; why was this not a good idea?
33Data recovery in EFSFile encryption key (FEK) is encrypted with one or more recovery agents’ public keysThe same mechanism is used for sharing encrypted files between usersOur plan is.…FEKRecovery Agent’s Private EFS KeyPlaintext fileUser’s Private EFS KeyFEKFile attributePlaintext filed70f3619a209b15Encrypted FileOur plan is.…33
34Data recovery in BitLocker Recovery password:User can print a 48-digit recovery password or store it on a USB stick, CD or remote disk; it is actually a 128-bit keyBitLocker encrypts the VMK with the recovery password and stores it with the volume metadata (in the same way as the TMP-sealed VMK)Multiple backups of volume metadata are stored in the volume in case a part of the volume is corruptedUser can save the recovery key to Microsoft account (online)Organizational recovery policy:Windows Domain Admin can require the recovery password to be uploaded to the Active DirectoryInstalling another OS for dual boot will trigger recoveryUser can accept the new boot configuration after entering the recovery password
35ExercisesWhat secure methods are there for erasing magnetic hard drives and tapes, USB stick or solid-state drives (SSD), and paper documents?How to delete a specific file from a computer securely without erasing the whole disk?What security properties does GPG file encryption or EFS provide that full-disk encryption does not?How vulnerable is EFS to password guessing?Why do EFS and BitLocker have so many levels of keys? Are some unnecessary?Compare the security of software-based full-disk encryption and the TPM approach against brute-force password guessingHow to mitigate the risk of cold-boot attacks (both against BitLocker and more generally)?Explain what effect do powering down the laptop computer, hibernation and sleep mode have on the cold boot attack?Transparent operation (happens without the user or application even knowing) improves usability of data encryption, but are there risks associated with the transparency?How would you design the encryption of files in cloud strorage?
36Related reading Online: Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys.Stallings and Brown: Computer security, principles and practice, 2008, chapter 10.5