Archive for February, 2008

Cold boot

Thursday, February 21st, 2008

So, straight off the hotplug post, now there is a paper discussing the recovery of encryption keys from RAM after a machine has been powered off. [hat tip to a friend and Metzger's list]

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at room temperature and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

In my previous post, I said “However, if you pulled the plug, then the plaintext key would be lost.” without qualifiers – I generally thought a 10 second rule was appropriate, that is, remove power and 10 seconds later the key would be too difficult for most attackers to recover. Well, it looks like a 60 second rule is a better baseline and perhaps a 515 minute rule is the fairly conservative way to go.

Our first tests measured the decay rate of each memory module under normal operating temperature, which ranged from 25C to 44C depending on the machine (see Figures 1, 2, and 3). We found that the dimensions of the decay curves varied considerably between machines, with the fastest exhibiting complete data loss in approximately 2.5 seconds and the slowest taking an average of 35 seconds. However, the decay curves all display a similar shape, with an initial period of slow decay, followed by an intermediate period of rapid decay, and then a final period of slow decay.

And,

Imaging residual memory contents requires no special equipment. When the system boots, the memory controller begins refreshing the DRAM, reading and rewriting each bit value. At this point, the values are fixed, decay halts, and programs running on the system can read whatever data is present using normal memory-access instructions.

In other words, if someone quickly powers the system back up after the plug is pulled, the decay is stopped. So, turn the system back on within a few seconds, and it is likely quite easy for anybody to quickly reboot the machine from, say, a USB token that has just enough software to dump the memory and then pull the key from that dump. Throw in some error correcting algorithms based on, say, the key schedules used in AES, and key recovery in the presence of some memory degradation improves drastically.

Our experiments (see Section 3) show that it is possible to recover memory contents with few bit errors even after cutting power to the system for a brief time, but the presence of even a small amount of error complicates the process of extracting correct cryptographic keys. In this section we present algorithms for correcting errors in symmetric and private keys. These algorithms can correct most errors quickly and uniquely even in the presence of relatively high bit error probabilities in the range of 5% to 50%, depending on the type of key.

And, yes, they demonstrated all of this on TrueCrypt,

We tested TrueCrypt versions 4.3a and 5.0a running on a Linux system. We mounted a volume encrypted with a 256-bit AES key, then briefly cut power to the system and used our memory imaging tools to record an image of the retained memory data. In both cases, our keyfind program was able to identify the 256-bit AES encryption key, which did not contain any bit errors. For TrueCrypt 5.0a, keyfind was also able to recover the 256-bit AES XTS tweak key without errors.

As well as, on dm-crypt (for those, say, using FDE setup during the installation of Ubuntu Gutsy).

We tested a dm-crypt volume created and mounted using the LUKS (Linux Unified Key Setup) branch of the cryptsetup utility and kernel version 2.6.20. The volume used the default AES-CBC format. We briefly powered down the system and captured a memory image with our PXE kernel. Our keyfind program identified the correct 128-bit AES key, which did not contain any bit errors. After recovering this key, an attacker could decrypt and mount the dm-crypt volume by modifying the cryptsetup program to allow the raw key to be input.

What to do?

Memory imaging attacks are difficult to defend against because cryptographic keys that are in active use need to be stored somewhere. Our suggested countermeasures focus on discarding or obscuring encryption keys before an adversary might gain physical access, preventing memory-dumping software from being executed on the machine, physically protecting DRAM chips, and possibly making the contents of memory decay more readily.

So, shutdown and remove power from that machine when not in use. And, make sure no one accesses that machine for 515 minutes (or more) after removing power. You may even want to create a bootable CD-ROM or USB token that specifically scrubs all system RAM, and boot from that after finishing up using encryption tools.

Good stuff.

Update: Here is the site covering the paper’s release, which includes a FAQ.

Update: Declan McCullagh has a slide show demonstrating the attack conducted against his laptop, as well as, an article on the topic.

Update: Just a quick note, since this post has given me some grief in my circles – you know, if the value of the data you are protecting is such that an attacker would be willing to, say, employ electron microscopes and such in the process of analyzing your DRAM, then you really need to start looking into very specific hardware setups (e.g., hardware cryptographic modules, physical destruction mechanisms, etc.) to meet your needs, because that generic Dell machine running that generic flavor of Windows with whatever cryptographic software on top is very likely not going to cut it for your purposes.

Update: Look at that.

When the idea of memory retaining state for a short time was first brought to my attention a little over a year ago, I ran a few experiments similar to this one, just to prove it to myself. The desktop machines I tried would hold state for anywhere between 5 and 10 seconds without power, whereas my laptop, with no battery or wall power, would maintain state for an amazing 10 minutes.[...]

The Princeton researchers applied this method to the recovery of encryption keys, with great results. They also cooked up a way to image the contents of RAM with a very small footprint, only overwriting a small amount of memory in the process. Unfortunately, at the time of writing this, their tool, ram2usb, hasn’t been released. I decided that it wouldn’t be hard to go ahead and implement one myself, based off their paper and youtube video posted above, so that I (and others) can go ahead and start having fun.

So, as a small side project, I’ve written “msramdmp”, the McGrew Security RAM Dumper. Enjoy!

Update: Yes, yes, if the wire is available, why boot cold when you could just use fire.

Update: The software created by the original researchers has now been released http://citp.princeton.edu/memory/code/.

July 16, 2008 — This page contains source code for some of the software that we developed in the course of this research. These prototype applications are intended to illustrate the techniques described in the paper http://citp.princeton.edu/memory/; we are unable to provide technical support.

Posted in Crypto, Security | 1 Comment »

FIPS yet again, hotplug, impact

Tuesday, February 19th, 2008

I feel like I am beating a dead horse with the start of this post. I tried to go a little off course from there.

-

Another discussion of FIPS 140 has been kicked off on SAAG. Besides the kick off message (on including FIPS-approved algorithms in a possible IETF recommended set of crypto algorithms), this post (on product customer demand for FIPS 140) and this post (on the general pain of the process) are probably of most interest, but the entire thread may be worth a read if FIPS 140 matters to you. (Oh, and this made me laugh.)

This post of mine from a year ago seems relevant to some of what is being said.

  1. A vendor has been put at a competitive disadvantage because they do not have FIPS 140 validation. Perhaps their competitors have it. Perhaps a bid requires it. Whatever the case may be, they don’t have it, so now they want to tear it down.

    Also found here are people that just dislike FIPS 140 or, perhaps, standards in general.

  2. A vendor has gone through the process, and it was quite painful. So, now they vent about all the changes they had to make, how silly particular requirements were, how incompetent the lab staff was, etc.
  3. An expert tells stories of how the requirements are ambiguous and the labs all vary in how they interpret the requirements.

    Also found here (and often quite different from the previously described expert) are people that have run into FIPS a number of times over the years, which has caused them exposure to differing requirements without having seen the evolution of those changes.

In that lengthy post, I discuss some points often causing pain.

  1. Vendor misunderstanding of the FIPS 140 requirements and terminology.
    [...]
  2. Vendor misinterpretation of lab (or NIST/CSE) questions and issues.
    [...]
  3. Labs can, and do, make requests and recommendations.
    [...]
  4. New labs, new lab staff, new technologies, and new revisions of FIPS 140 (and related) standards can make for created requirements. (This is where you can find the most variation among labs.)
    [...]

Anyway, I think a couple of additional points might be relevant to some of what I read in the latest SAAG thread.

First, I don’t think the concept of failure in a FIPS validation effort is quite so rigid as is being implied in parts of the SAAG discussion. During a FIPS validation effort, the lab (during testing) or NIST/CSE (during review) may bring up issues that a vendor has to address. These issues are often areas in which the module may be failing to meet particular FIPS requirements. This does not mean the module “fails,” it just means that the issues raised must be addressed before the module “passes.” In general, issues often boil down to some of the following:

  1. Clarification – the issue raised is just seeking some short clarification about the product’s workings and/or how a requirement is met. A quick written or verbal response (e.g., answering a question) can often be enough.
  2. Documentation – the issue raised is about incorrect, confusing, or incomplete documentation. Modifying the documentation is normally the fix here. (Even though what follows in 3 is often what vendors dread most, 2 can also lead to much pain if the lab starts questioning technical aspects of the product and heads down all sorts of testing paths that would otherwise have been avoided (i.e., prepare documentation that gives the lab what it needs in an easy to use form).)
  3. Technical – the issue raised is actually a technical problem with the product in regards to meeting the requirements. Here is where the product itself may have to be modified, and this is what most vendors want to avoid once they are knee deep in the validation (i.e., get the product meeting the requirements before the lab testing gets underway).

In all three cases, the “failure” can be corrected and the product can continue on with its validation. Depending on the issues raised, labs will often continue working on the validation effort in other areas while the vendor is working on addressing the issues; however, there is, of course, a point where the lab will need certain issues addressed before being able to move forward – this is where the third case can be especially problematic.

Second, this brings us to the “restarting” portion of the discussion in that thread. In general, if the issues raised can be addressed in a timely manner and based on the version of the product at that moment going through validation, then there should be no “restart” issue. However, if the issues raised take a long time for the vendor to fix and/or require a switch in the version of the product such that the new version includes a large number of other changes in the product (e.g., a switch to a new version of the product with a whole suite of new features), this could cause a “restart.” I generally think of these restarts coming in these two forms.

  1. The lab can no longer move forward with the effort while waiting on the vendor to address issues, so the project is put on hold. Depending on time frame here, lab resources will be moved elsewhere and lab knowledge of the product will deteriorate. When the vendor is ready to start back up, the lab has to restaff the effort, rebuild its knowledge of the product and the validation effort, and generally kick things off again.
  2. The changes were rolled into a new version of the product, and this new product is dramatically changed from the one that began the validation effort. The lab will have to figure out what has changed and determine how much of their work performed to this point can be reused, much like in a revalidation scoping but more awkward. If this is in combination with 1, this could get close to starting over.

Needless to say, you want to avoid going down this road.

-

Since I mentioned TrueCrypt in a previous post, look at this.

HotPlug allows you to seize and move a computer without losing power. (Video demos.) See also: MouseJiggler.

Yep, you guessed it.

How to circumvent Whole Disk Encryption
The key: Do not allow the encryption to activate. Low level encryption such as Vista’s Whole Disk Encryption (WDE) can halt an investigation. Use HotPlug and Mouse Jiggler to prevent encryption technologies from activating. If you can carry away the computer while it’s still logged in, you maintain full access to the hard drive.

In short, the plaintext key is often stored (cached), or authorization to access the plaintext key is stored (cached), in volatile memory (e.g., RAM) when using things like full disk encryption, so that data read from/written to disk can undergo transparent (to the user) processing. When the computer is powered down, goes to sleep, etc., assuming the hardware/software properly handles things, the (easy) access to the plaintext key is lost (e.g., the cached key or authorization to use the key is wiped). This gear is meant to prevent the circumstances that cause that wiping from happening.

Think of TrueCrypt – if you are using system disk encryption on your home desktop, then you know that, once you have entered your password at boot, the stored encrypted key is decrypted and the plaintext key is then stored in memory by TrueCrypt to transparently encrypt/decrypt data as it is written to/read from disk (i.e., you only enter your password once per boot). Anyone taking control of your desktop at that point has full access to your encrypted drive. However, if you pulled the plug, then the plaintext key would be lost. Well, this gear allows an attacker to grab your desktop and remove it from your home without it losing power (or hibernating).

-

Now this phenomenon sounds a little familiar.

Over 90% of people responded physically, for example with an exaggerated stare or a wave. Almost half responded verbally – more men than women. Here, says Professor Shuster, the sex difference was striking. 95% of adult women were praising, encouraging or showed concern. There were very few comic or snide remarks. In contrast, only 25% of adult men responded as did the women, for example, by praise or encouragement; instead 75% attempted comedy, often snide or combative as an intended put-down.

I mentioned this impact with regards to attire in this post.

(Side note, I have an old, bright red Futura t-shirt that says “For love or money”. With many, it generates mostly “for love!” comments and generally leads to conversation about values and the like. With others, it often inspires awkward mockery, as is the case with almost any loud attire.)

The “others” here are generally straight men showing negative interest, while the “many” are usually straight women or gay men showing positive interest. Perhaps this makes sense, as I am likely viewed as a potential rival to the former and a potential suitor to the latter.

Whatever the case may be, I always enjoy hacking peoples’ thoughts and behavior with something so simple as a t-shirt. As such, my custom t-shirts often play to this effect quite nicely.

-

Speaking of impact,

ABC2 has obtained new video of Baltimore police officer Salvatore Rivieri in action at the Inner Harbor. This time he confronts Billy Friebele, an artist from Washington D.C., who was videotaping at the Harbor last summer.

Friebele told ABC2 he was taping the reactions of passersby to a box he was moving with a remote controlled car. Officer Rivieri is seen on tape kicking the box off of the car and then kicking the car. The officer then orders Friebele to leave the area.

Small world. I knew Billy back in college.

Posted in Crypto, Off-topic, Security | No Comments »

gutsy ossl padlock, conversations, truecrypt 5.0

Thursday, February 7th, 2008

So, enabling Via padlock support on my Ubuntu Gutsy system with the default kernel was kind of, well, trivial. I just configured the relevant kernel modules to be loaded at boot, which involved editing “/etc/modules.conf” and inserting “padlock_aes”, “padlock_sha”, and “via_rng” entries.

With that done, I wanted to use the Via hardware RNG as an entropy source to “/dev/random”, so I installed “rng-tools”.

After that, I wanted to get the widest range of apps using OpenSSL to take advantage of the hardware crypto by default as easily as possible, for which I came back to this page a bunch of times. This patched started me off in one direction, and I ended up heading down the path of the “devcrypto” sort of hack already in the OpenSSL code base.

So, I ended up modifying “crypto/engine/eng_all.c” (and “crypto/engine/engine.h” for the prototype) to add a separate setup function (similar to what was there for “devcrypto”) to load padlock and set it as the default engine (BTW, the “set it as default” step should not be necessary – all it does is get padlock cached as the default engine for the supported algorithms now rather than later), and then I changed the “ssl/ssl_algs.c” “SSL_library_init” function and “crypto/evp/c_all.c” “OPENSSL_add_all_algorithms_noconf” function to call this padlock setup function, which should in theory cover the number of applications out there that call “OPENSSL_add_all_algorithms” and “OPENSSL_add_ssl_algorithms.” Also, I inserted a “ENGINE_cleanup” call into the “crypto/evp/names.c” “EVP_cleanup” function, although I am not sure this is necessary (or wise).

About the only thing annoying in the process was warnings of version information not being found in my OpenSSL shared libraries. I found this useful in fixing the issue.

(Oh, and apologies to my Tor server users, as my server was up and down quite a bit while I played with these things.)

-

A few quickly summarized conversations of possible interest to readers.

I was in a bar talking with a couple of people that were in the USA armed forces and about to go back to deployment in the Middle East. One thing they noted was that the only attack that really scared them when they first deployed over there was IEDs. They said that the fright factor came from the fact that IEDs were something for which they were not trained at the time, IEDs were an unknown. With an outright fire fight, with people firing at them, they knew what to expect; with IEDS, everything could be going as best it can for them over there and then, out of nowhere, boom, they were seriously maimed or dead. Both figuratively and literally, IEDs hit them totally out of the blue. However, with time and experience, IEDs have become a known and expected fact of life over there, something that can be dealt with both strategically and emotionally.

The conversation reminded me of topics like this article (the links I quickly turned up for that article require logins, free or otherwise – an excerpt is here).

Another important dimension of appraisal concerns potential actions: “What can be done about the situation?” Here, controllability and its prerequisite, the stimuli’s predictability, are critical: predictable and controllable adverse stimuli generate less fear, anxiety, and pain than unpredictable and uncontrollable stimuli.

Also, Ekman’s Emotions Revealed came to mind, where there is discussion of fear being influenced by three components – intensity, timing, and coping. Coping seems to be the key being discussed here – e.g., by knowing about the threat, strategies can be developed to reduce the risk posed by the threat, and thus reduce the strength of your fear.

Ok, moving along…

I was speaking with a LEO from the NYPD while waiting for a train. We got onto the topic of PBA cards, where I learned that such PBA cards can be tied to particular officers, which was new to me. The officer informed me that the higher the rank of the officer to which the PBA card is tied, the better the chance you have of getting a reduced charge or just being completely left off the hook when stopped by an officer for some offense. However, someone with me pointed out that this whole situation was not fair, that just knowing someone should not let you off the hook. The officer replied that this was not unfair, you just have to know someone. To this, my acquaintance said that was why it was unfair, because she didn’t known anyone, as was evidenced by her lack of names to drop when getting her second speeding ticket in a roughly two month period recently. The officer’s advice, get to know someone high up in the police force or, better yet, just stop speeding. (Of course, my acquaintance left out that she broke down and cried while getting that latest speeding ticket, and the officer subsequently lowered the speed indicated on the ticket by a number of miles.)

The conversation reminded of another conversation I had a while back with a friend of mine that was an academic. He was complaining that publishing papers in his field was as much about getting the right people to sign up as coauthors (regardless of any actual contribution to the research conducted in the paper) as it was about the research being published. He said the politics degraded the science, which seems similar to my acquaintance above pointing out the politics degrading (the fair application of) the law.

Regardless, the reality is clear – who you know matters. And, as often is the case, these discussions reminded me of Cialdini’s influence, such as the power of reciprocation, social proof, and authority.

-

The latest release of TrueCrypt 5.0 is available, including the use of the XTS mode of operation and whole disk encryption for Windows.

Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)

XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).

Speed improvements on Windows, an OSX port, and SHA-512 support are also included in this release. Good stuff.

Most everywhere I tested out this release, it worked well, with one exception – an “Insufficient memory for encryption” error I ran into on one of my somewhat older systems. Looking around at a few forums (e.g., here) and at the TC code (e.g., “BootSector.asm”, “BootMain.cpp”, “BootDefs.h”), I don’t see a workaround for the system without modifying the TC code directly to correct/masked the issue. So, this will wait for a bugfix release.

On some systems, when performing the system encryption pretest, the TrueCrypt Boot Loader reports the following error: Insufficient memory for encryption. This issue will be addressed in the next version of TrueCrypt.

Update: To help with debugging the “Insufficient memory for encryption” bug, the TrueCrypt team is requesting your help.

[...]If you encountered this error, you can help us solve this issue by booting a special test ISO image, which displays the amount of free base memory on your system. To do so, please download this file, unpack it, and burn the extracted ISO image to a CD/DVD. Then restart your computer and boot from the CD/DVD. Write down the amount of free base memory displayed by the program and email it to us or include it in a bug report (in either case, make sure the subject is: ‘Base Memory Test Report‘). Thank you.

Update: TrueCrypt 5.0a was released today (2007-02-12). Among the changes

The memory requirements for the TrueCrypt Boot Loader have been reduced by 18 KB (eighteen kilobytes). As a result of this improvement, the following problem will no longer occur on most of the affected computers: The memory requirements of the TrueCrypt Boot Loader 5.0 prevented users of some computers from encrypting system partitions/drives (when performing the system encryption pretest, the TrueCrypt Boot Loader displayed the following error message: Insufficient memory for encryption).

I should note that one older system of mine mentioned above still fails to meet the memory requirements. Ah well.

Update: TrueCrypt 5.1 has been released.

What is new in TrueCrypt 5.1   (released March 10, 2008)

Included in the changes,

The minimum memory requirements for the TrueCrypt Boot Loader have been reduced from 42 KB to 27 KB (twenty-seven kilobytes). This allows users to encrypt system partitions/drives on computers where the BIOS reserves a large amount of memory. (Windows Vista/XP/2008/2003)

With that reduction, I can now use FDE on that problem machine noted above.

Also of note,

Increased speed of AES encryption/decryption (depending on the hardware platform, by 30-90%). (Windows)

Nice.

Posted in Code, Crypto, Debian & Ubuntu, Security | No Comments »