Practical Methods for Dealing with Full Disk Encryption. Jesse Kornblum



Similar documents
Practical Cryptographic Key Recovery

Forensic Decryption of FAT BitLocker Volumes

Analysis of FileVault 2: Apple's full disk encryption. Omar Choudary Felix Grobert Joachim Metz

Introduction to BitLocker FVE

Secure Storage. Lost Laptops

Guidelines on use of encryption to protect person identifiable and sensitive information

Disk encryption... (not only) in Linux. Milan Brož

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Disk Encryption. Aaron Howard IT Security Office

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Windows 7 BitLocker Drive Encryption Security Policy For FIPS Validation

SAS Data Set Encryption Options

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

USB Portable Storage Device: Security Problem Definition Summary

Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker

Encrypting stored data. Tuomas Aura T Information security technology

DriveLock and Windows 7

How to create a portable encrypted USB Key using TrueCrypt

Computer Security: Principles and Practice

USB Portable Storage Device: Security Problem Definition Summary

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Full Drive Encryption Security Problem Definition - Encryption Engine

A Software Response to Hard Drive Encryption. Justin John McCarty III. Thesis submitted to the. College of Engineering and Mineral Resources

Penetration Testing Windows Vista TM BitLocker TM

DriveLock and Windows 8

Encrypting a USB Drive Using TrueCrypt

Comodo Disk Encryption

Security Policy for FIPS Validation

Microsoft Windows Common Criteria Evaluation

Pulse Secure, LLC. January 9, 2015

YubiKey Integration for Full Disk Encryption

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SecureDoc Disk Encryption Cryptographic Engine

Sending Files to a Social Security Laptop

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

Firmware security features in HP Compaq business notebooks

{ecasey,

Certification Report

Passware Kit User Guide

PGP Whole Disk Encryption Training

ERNW Newsletter 42 / December 2013

SafeGuard Enterprise Web Helpdesk

Computer Forensics. Securing and Analysing Digital Information

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

The Misuse of RC4 in Microsoft Word and Excel

Crystal Practice Management Encrypting the Database

2007 Microsoft Office System Document Encryption

MAC/OSX - How to Encrypt Data using TrueCrypt. v

Chapter 5: Operating Systems Part 1

Management of Hardware Passwords in Think PCs.

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Smart TPM. User's Manual. Rev MD-STPM-1001R

How to enable Disk Encryption on a laptop

introducing COMPUTER ANTI FORENSIC TECHNIQUES

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

Installing Ubuntu LTS with full disk encryption

McAfee Endpoint Encryption for PC 7.0

Recovery of deleted files on a TrueCrypt volume March 23, 2010 rationallyparanoid.com

Windows 7: Current Events in the World of Windows Forensics

DIGIPASS CertiID. Getting Started 3.1.0

Full version is >>> HERE <<<

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

Technical Note Creating a Windows PE Recovery CD

Encrypting with BitLocker for disk volumes under Windows 7

Additional information >>> HERE <<<

Online Backup Plus Frequently Asked Questions

SQL SERVER Anti-Forensics. Cesar Cerrudo

Virtual Machine Encryption Basics

BackupAssist v6 quickstart guide

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS Security Policy

Mobile Device Security and Encryption Standard and Guidelines

1. System Requirements

Full Disk Encryption Agent Reference

WARNING!!: Before installing Truecrypt encryption software on your

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

Hiva-network.com. Microsoft_70-680_v _Kat. Exam A

1. Scope of Service. 1.1 About Boxcryptor Classic

BorderGuard Client. Version 4.4. November 2013

Computer Forensic Tools. Stefan Hager

Determining VHD s in Windows 7 Dustin Hurlbut

Application research and analysis based on Bitlocker-Data protection & Secure Start-up of Windows 7

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Secure Agent Quick Start for Windows

Microsoft Vista: Serious Challenges for Digital Investigations

BackupAssist v6 quickstart guide

Encrypting your external USB drive on Windows

Acronis Backup & Recovery 11.5

EMC DATA DOMAIN ENCRYPTION A Detailed Review

The Value of Physical Memory for Incident Response

Transcription:

C Y B E R S E C T O R Practical Methods for Dealing with Full Disk Encryption Jesse Kornblum

Outline Introduction Types of Targets Finding Keys Tool Marks Example - BitLocker BitLocker Weakness Conclusion

No Encryption Application Operating System Hard Drive

Full Disk Encryption Application Operating System FDE Hard Drive

Data on the Hard Drive Four score and seven years ago our fathers brought forth on this continent, a new nation, conceived in Liberty and dedicated... fr80382nfbjhf*&jhg3@ %12.4e7837z3h esu gh#97f7@#jnbu9 0e23KHJIOeh(I@hE3b2 286EGb3iy7F*^3,ee867 V *727df39862g8y#x1f

Without the Key

Searching for Keys in RAM

Targets Documented Open Source TrueCrypt Undocumented Open Source PGP Whole Disk Encryption http://www.pgp.com/downloads/sourcecode/ Documented Closed Source BitLocker Drive Encryption* Undocumented Closed Source PointSec Previously unseen tools

Current Methods Brute Force Try every block of bytes as possible key See "Linear Scan" paper by Hargreaves and Chivers Doesn't work for split keys

Key Schedule Search Better brute force Really identifying data that is not a key schedule See "Cold Boot" paper by Halderman et al. Current Methods

Current Methods Source code analysis Requires elbow grease Can't be automated Works great May have to update for each version See "Volatools" paper by Walters and Petroni, BlackHat Federal 2007

Tool Marks Marks specific to individual tools Associated with physical forensics Image courtesy Flickr user grendelkhan, http://flickr.com/photos/grendelkhan/118876699/

Tool Marks Were the screwdrivers found in the suspect's house used on the screws found on the bank vault? Image courtesy Flickr user Uwe Hermann, http://flickr.com/photos/uwehermann/92145964/sizes/m/

Computer Forensics Tool Marks Anything detectable that software stores in RAM or on disk that identifies the tool in question Most Recently Used lists Header and footer carving Registry keys left after program removed Preferences files in user directories Wiping programs leave traces behind

Hard to detect the keys Small Should be random Can detect the cryptographic tool itself Programs Drivers Mounted volumes Can detect the structure surrounding the keys Cryptographic Tool Marks

BitLocker Drive Encryption Full Volume Encryption bundled with Windows Vista Ultimate Uses 128 bit AES-CBC + Elephant diffuser Can configure for 256 bit and/or without diffuser Crypto developed by Niels Ferguson also wrote Twofish, Helix, Fortuna RNG, CCM mode Uses AES-CCM for key management Actual encryption work is done with 512 bit Full Volume Encryption Key (FVEK) Key is 512 bits regardless of mode being used

BitLocker Drive Encryption I am not aware of any backdoors in BitLocker Drive Encryption You cannot access a protected volume without the FVEK Image courtesy of the Microsoft Corporation. BitLocker Drive Encryption is a registered trademark of the Microsoft Corporation.

BitLocker Drive Encryption Good documentation, but not complete Key management systems not described No implementation of elephant provided Reverse engineered by Kumar and Kumar Published paper, linux driver to mount protected volumes http://www.nvlabs.in/node/9

Brute Force works FVEK is in RAM Key schedule search works Finds several schedules Two of the keys make up the FVEK Some assembly required Source code analysis Not an option for most of us BitLocker Drive Encryption

BitLocker Tool Marks BitLocker AES key schedules Several schedules in memory at any given time Some bits of FVEK used to generate sector keys Other bits of FVEK used to encrypt/decrypt data In default mode, some bits unused

AES key schedules Encryption and Decryption schedules BitLocker Tool Marks

BitLocker Tool Marks Searching for BitLocker AES key schedules in RAM Overlapped slightly

BitLocker Tool Marks 0x0 FVEc pool tag 0x14 Algorithm ID, must be 0x8000-0x8003 0x1C Start of first BitLocker AES schedule AES key must be at start and end of schedule bytes 0x1C-0x2C and 0x15C-0x16C Zeros at end of schedule if 128-bit mode 0x1EC Start of second BitLocker AES schedule Same rules as above Normal 256-bit AES key schedules require 0x1E0 bytes But overlapping saves 0x10 bytes

Algorithm Pool Tag Start of AES key schedule Zeros

BitLocker Tool Marks Not perfect, but good enough Original Recovered

Perl Script It s not pretty, but it works Volatility Suite Supposed to be for Windows XP SP2 only But can treat any file as a flat file Use the Sliding Window Scanner If/When support is added for Vista, Use Pool Tag Scanner Finding Tool Marks

Finding Tool Marks How did we do this? RTFM FIPS certifications are great! Ask developers for help WinHex IDA Pro Checked builds Debugging symbols Always trying to answer: Image courtesy of User:Icey on Wikipedia and is public domain How does it know where to look?

Performance Brute Force O(nm) Key Schedule Search O(nm) Source Code X* + O(n), where X* may be infinite Toolmarks X + O(n)

Forensics Tool Marks Requires as much elbow grease as source code analysis Often more Doesn't require the source code May require updating for each version TrueCrypt May be your only option for previously unseen tools

BitLocker Drive Encryption I am not aware of any backdoors in BitLocker Drive Encryption You cannot access a protected volume without the FVEK Image courtesy of the Microsoft Corporation. BitLocker Drive Encryption is a registered trademark of the Microsoft Corporation.

Full Volume Encryption Key (FVEK) Does actual encryption/decryption Never changes Volume Master Key (VMK) Used to encrypt FVEK Never changes Various Other Keys TPM key External Keys (USB sticks) Recovery Password Each used to decrypt their copy of the VMK A Series of Keys

A Series of Keys

Contains E(FVEK, VMK) FVEK encrypted with VMK Metadata entries for each key E(VMK, TPM key) BitLocker Metatadata E(VMK, External key) E(VMK, Recovery key)

Each entry also contains key encrypted with VMK A Series of Keys Metadata entries for each key E(VMK, TPM key) E(TPM key, VMK) E(VMK, External key) E(External key, VMK) E(VMK, Recovery key) E(Recovery key, VMK)

Scenario Legitimate user has External Key USB token System administrator has recovery password Legitimate user uses external key to decrypt VMK Uses VMK to decrypt the other keys Gets recovery password Legitimate access revoked Can still access system using recovery password!

Yes, it s unlikely But crypto people live for the unlikely Has been reported to Microsoft No response Exploit Scenario Full details in Implementing BitLocker Drive Encryption for Forensic Analysis to be published in Digital Investigation http://jessekornblum.com/publications/di09.html

Outline Introduction Types of Targets Finding Keys Tool Marks Example - BitLocker BitLocker Weakness Conclusion

Questions? Jesse Kornblum jesse.kornblum@mantech.com http://jessekornblum.com/ http://mantech.com/ Image courtesy of Flickr user demosh, http://flickr.com/photos/44222307@n00/1477086299/

Thank you ManTech International Corporation for letting me geek out Microsoft Corporation for keeping me employed Kumar and Kumar for their reverse engineering work You for hearing this talk Image courtesy of the Microsoft Corporation. Slides are posted on http://jessekornblum.com/

References BitLocker Drive Encryption N. Kumar and V. Kumar, "Bitlocker and Windows Vista", http://www.nvlabs.in/node/9 FIPS Security Policy: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp947.pdf Brute Force Searches C. Hargeaves and H. Chivers, "Recovery of Encryption Keys from Memory Using a Linear Scan", http://ieeexplore.ieee.org/xplore/login.jsp?url=/iel5/4529302/45293 03/04529504.pdf

References Key Schedule Searching Cold Boot paper, http://citp.princeton.edu/memory/ Source Code Analysis AAron Walters and Nick Petroni, Volatools, Volatools: Integrating Volatile Memory Forensics into the Digital Investigation Process, http://4tphi.net/fatkit/