Thursday, February 21, 2008

Felten Destroys Whole Disk Encryption

Ed Felten and company publicized some research findings today on a form of side-channel attack against whole disk encryption keys stored in DRAM.

We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux....

Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system....
Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of “canned air” dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 °C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power. Just put the chips back into a machine and you can read out their contents.
This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which “everybody knew” would cause the keys to be erased.
Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents. We show very effective methods for finding and extracting keys from memory, even if the contents of memory have faded somewhat (i.e., even if some bits of memory were flipped during the power-off interval). If the attacker is worried that memory will fade too quickly, he can chill the DRAM chips before cutting power.
This is a good example of academic security research. We need to see that the trust placed upon the hardware by the whole disk encryption software is a faulty decision.

There's even a video:


Sven Türpe said...

I wouldn't say this result destroys whole disk encryption. It rather emphasizes the need to carefully analyze what a security mechanism does or doesn't do, what its side effects and side conditions are with respect to the security objectives at hand. It also reemphasizes a known limitation of (software) disk encryption.

Felten et al. show us a new, clever and interesting implementation of an attack that conceptually was known before. The security of disk encryption depends on a key and the key is stored in memory. As a rule of thumb, this implies that disk encryption does not protect against any attack that targets the running system. Trivial as it may sound, disk encryption protects data on the disk only if the encryption key cannot be found anywhere near the disk. (More precisely, this is a necessary condition, not a sufficient one.)

Besides the method of Felten et al., there are numerous other ways of accessing the contents of a running system's memory. The most widely known is probably direct memory access through Firewire interfaces; at least imaginable are attacks that access the memory while still under power in the system attacked.

Where Felten's result may push the limit a little further is situations where a system is attacked right after being shut down, e.g. by some anti-tampering function.

Disclaimer: I haven't read the paper yet.

Mike said...

Having read the paper...I wonder if simply logging out of my session in OS X, whereupon the Filevault is closed (the volume is unmounted), is sufficient to eliminate the decryption key in memory.

Since they're withholding all of the tools they created, I'm not going to be able to answer this question. I don't know what action to take to best secure myself, and powering down the system every time I leave the house/office is not an option. Ugh.

securology said...

Hi Sven,

Thanks for commenting. You seem to be on to something about direct memory access via firewire. ;)

I mostly agree with you. This may not "destroy" disk encryption, but rather it knocks it down a few notches where it belongs. Too often do I hear security professionals preaching the religion that is "crypto" for everything.

I especially agree with you here: "As a rule of thumb, this implies that disk encryption does not protect against any attack that targets the running system."

securology said...


That's an excellent question that I will try to find out.