Scribd Logo
Upload

Welcome to Scribd!

  • 98 views

    Defeating Bit Locker Encryption With Keys From RAM

    Uploaded by

    Jefferson Paredes A.
    The document discusses full disk encryption and methods for bypassing it to access encrypted data. It covers different types of encryption targets, finding encryption keys in memory, identifying encryption tools from marks they leave, and analyzes the Microsoft BitLocker encryption tool and weaknesses that could allow access without keys.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Defeating Bit Locker Encryption With Keys From RAM

    Uploaded by

    Jefferson Paredes A.
    98 views44 pages
    The document discusses full disk encryption and methods for bypassing it to access encrypted data. It covers different types of encryption targets, finding encryption keys in memory, identifying encryption tools from marks they leave, and analyzes the Microsoft BitLocker encryption tool and weaknesses that could allow access without keys.

    Original Title

    DefeatingBitLockerEncryptionWithKeysFromRAM

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses full disk encryption and methods for bypassing it to access encrypted data. It covers different types of encryption targets, finding encryption keys in memory, identifying encryption tools from marks they leave, and analyzes the Microsoft BitLocker encryption tool and weaknesses that could allow access without keys.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    98 views44 pages

    Defeating Bit Locker Encryption With Keys From RAM

    Uploaded by

    Jefferson Paredes A.
    The document discusses full disk encryption and methods for bypassing it to access encrypted data. It covers different types of encryption targets, finding encryption keys in memory, identifying encryption tools from marks they leave, and analyzes the Microsoft BitLocker encryption tool and weaknesses that could allow access without keys.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 44

    C Y B E R S E C T O R

    Practical Methods for Dealing with


    Full Disk Encryption
    Jesse Kornblum
    Outline
    • Introduction
    • Types of Targets
    • Finding Keys
    • Tool Marks
    • Example - BitLocker
    • BitLocker Weakness

    • Conclusion
    No Encryption

    Application Operating

    System Hard Drive


    Full Disk Encryption

    Application Operating

    System FDE Hard Drive


    Data on the Hard Drive
    Four score and seven fr80382nfbjhF*&jhg3@
    years ago our fathers %12.4e7837z3h eSu
    brought forth on this gh#97f7@#JNBu9
    continent, a new 0e23KHJIOeh(I@hE3b2
    nation, conceived in 286EGb3iy7F*^3,ee867
    Liberty and dedicated... V *727df39862g8y#x1f
    Without the Key
    Searching for Keys in RAM
    Targets
    • Documented Open Source
    – TrueCrypt
    • Undocumented Open Source
    – PGP Whole Disk Encryption
    – http://www.pgp.com/downloads/sourcecode/
    • Documented Closed Source
    – BitLocker Drive Encryption*
    • Undocumented Closed Source
    – PointSec
    – Previously unseen tools
    Current Methods
    • Brute Force
    – Try every block of bytes as possible key
    – See "Linear Scan" paper by Hargreaves and Chivers
    – Doesn't work for split keys
    Current Methods
    • Key Schedule Search
    – Better brute force
    – Really identifying data that is not a key schedule
    – See "Cold Boot" paper by Halderman et al.
    Current Methods
    • Source code analysis
    – Requires elbow grease
    – Can't be automated
    – Works great
    – May have to update for each version
    – See "Volatools" paper by Walters and Petroni, BlackHat Federal
    2007
    Tool Marks
    • Marks specific to
    individual tools
    • Associated with
    physical forensics

    Image courtesy Flickr user grendelkhan, http://flickr.com/photos/grendelkhan/118876699/


    Tool Marks
    • Were the screwdrivers
    found in the suspect's
    house used on the screws
    found on the bank vault?

    Image courtesy Flickr user Uwe Hermann, http://flickr.com/photos/uwehermann/92145964/sizes/m/


    Computer Forensics Tool Marks
    • Anything detectable that software stores in RAM or on disk that
    identifies the tool in question
    – Most Recently Used lists
    – Header and footer carving
    – Registry keys left after program removed
    – Preferences files in user directories
    – Wiping programs leave traces behind
    Cryptographic Tool Marks
    • Hard to detect the keys
    – Small
    – Should be random
    • Can detect the cryptographic tool itself
    – Programs
    – Drivers
    – Mounted volumes
    • Can detect the structure surrounding the keys
    BitLocker Drive Encryption
    • Full Volume Encryption bundled with Windows Vista Ultimate
    • Uses 128 bit AES-CBC + Elephant diffuser
    – Can configure for 256 bit and/or without diffuser
    • Crypto developed by Niels Ferguson
    – also wrote Twofish, Helix, Fortuna RNG, CCM mode
    – Uses AES-CCM for key management
    • Actual encryption work is done with 512 bit Full Volume Encryption
    Key (FVEK)
    – Key is 512 bits regardless of mode being used
    BitLocker Drive Encryption
    • I am not aware of any backdoors in BitLocker Drive Encryption
    • You cannot access a protected volume without the FVEK

    Image courtesy of the Microsoft Corporation.


    BitLocker Drive Encryption is a registered trademark of the Microsoft Corporation.
    BitLocker Drive Encryption
    • Good documentation, but not complete
    – Key management systems not described
    – No implementation of elephant provided
    • Reverse engineered by Kumar and Kumar
    – Published paper, linux driver to mount protected volumes
    – http://www.nvlabs.in/node/9
    BitLocker Drive Encryption
    • Brute Force works
    – FVEK is in RAM
    • Key schedule search works
    – Finds several schedules
    – Two of the keys make up the FVEK
    • Some assembly required
    • Source code analysis
    – Not an option for most of us
    BitLocker Tool Marks
    • BitLocker AES key schedules
    – Several schedules in memory at any given time
    – Some bits of FVEK used to generate sector keys
    – Other bits of FVEK used to encrypt/decrypt data
    – In default mode, some bits unused
    BitLocker Tool Marks
    • AES key schedules
    – Encryption and Decryption schedules
    BitLocker Tool Marks
    • Searching for BitLocker AES key schedules in RAM
    – Overlapped slightly
    BitLocker Tool Marks
    • 0x0 FVEc pool tag
    • 0x14 Algorithm ID, must be 0x8000-0x8003
    • 0x1C Start of first BitLocker AES schedule
    – AES key must be at start and end of schedule
    • bytes 0x1C-0x2C and 0x15C-0x16C
    – Zeros at end of schedule if 128-bit mode
    • 0x1EC Start of second BitLocker AES schedule
    – Same rules as above
    – Normal 256-bit AES key schedules require 0x1E0 bytes
    • But overlapping saves 0x10 bytes
    Pool Tag
    Algorithm

    Start of AES key schedule

    Zeros
    BitLocker Tool Marks
    • Not perfect, but good enough
    • Original

    • Recovered
    Finding Tool Marks
    • Perl Script
    • It’s not pretty, but it works
    • Volatility Suite
    • Supposed to be for Windows XP SP2 only
    • But can treat any file as a flat file
    • Use the Sliding Window Scanner
    • If/When support is added for Vista,
    • Use Pool Tag Scanner
    Finding Tool Marks
    • How did we do this?
    – RTFM
    • FIPS certifications are great!
    • Ask developers for help
    – WinHex
    – IDA Pro
    – Checked builds
    – Debugging symbols Image courtesy of User:Icey on Wikipedia
    and is public domain

    • Always trying to answer:


    – How does it know where to look?
    Performance
    • Brute Force
    – O(nm)
    • Key Schedule Search
    – O(nm)
    • Source Code
    – X* + O(n), where X* may be infinite
    • Toolmarks
    – X + O(n)
    Forensics Tool Marks
    • Requires as much elbow grease as source code analysis
    – Often more
    – Doesn't require the source code
    • May require updating for each version
    – TrueCrypt
    • May be your only option for previously unseen tools
    BitLocker Drive Encryption
    • I am not aware of any backdoors in BitLocker Drive Encryption
    • You cannot access a protected volume without the FVEK

    Image courtesy of the Microsoft Corporation.


    BitLocker Drive Encryption is a registered trademark of the Microsoft Corporation.
    A Series of Keys
    • Full Volume Encryption Key (FVEK)
    – Does actual encryption/decryption
    – Never changes
    • Volume Master Key (VMK)
    – Used to encrypt FVEK
    – Never changes
    • Various Other Keys
    – TPM key
    – External Keys (USB sticks)
    – Recovery Password
    • Each used to decrypt their copy of the VMK
    A Series of Keys
    BitLocker Metatadata
    • Contains E(FVEK, VMK)
    – FVEK encrypted with VMK
    • Metadata entries for each key
    – E(VMK, TPM key)

    – E(VMK, External key)

    – E(VMK, Recovery key)


    A Series of Keys
    • Each entry also contains key encrypted with VMK

    • Metadata entries for each key


    – E(VMK, TPM key)
    – E(TPM key, VMK)

    – E(VMK, External key)


    – E(External key, VMK)

    – E(VMK, Recovery key)


    – E(Recovery key, VMK)
    Scenario
    • Legitimate user has External Key
    – USB token
    • System administrator has recovery password

    • Legitimate user uses external key to decrypt VMK


    • Uses VMK to decrypt the other keys
    – Gets recovery password

    • Legitimate access revoked


    • Can still access system using recovery password!
    Exploit Scenario
    • Yes, it’s unlikely
    – But crypto people live for the unlikely
    • Has been reported to Microsoft
    – No response
    • Full details in “Implementing BitLocker Drive Encryption for Forensic
    Analysis” to be published in Digital Investigation
    – http://jessekornblum.com/publications/di09.html
    Outline
    • Introduction
    • Types of Targets
    • Finding Keys
    • Tool Marks
    • Example - BitLocker
    • BitLocker Weakness

    • Conclusion
    Questions?
    Jesse Kornblum

    jesse.kornblum@mantech.com

    http://jessekornblum.com/

    http://mantech.com/

    Image courtesy of Flickr user demosh, http://flickr.com/photos/44222307@N00/1477086299/


    Thank you
    • ManTech International Corporation for
    letting me geek out
    • Microsoft Corporation for keeping me
    employed
    • Kumar and Kumar for their reverse
    engineering work
    • You for hearing this talk
    • Slides are posted on
    Image courtesy of the Microsoft Corporation.
    http://jessekornblum.com/
    References
    • BitLocker Drive Encryption
    – N. Kumar and V. Kumar, "Bitlocker and Windows Vista",
    http://www.nvlabs.in/node/9
    – FIPS Security Policy:
    http://csrc.nist.gov/groups/STM/cmvp/documents/140-
    1/140sp/140sp947.pdf
    • Brute Force Searches
    – C. Hargeaves and H. Chivers, "Recovery of Encryption Keys from
    Memory Using a Linear Scan",
    http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4529302/45293
    03/04529504.pdf
    References
    • Key Schedule Searching
    – Cold Boot paper, http://citp.princeton.edu/memory/
    • Source Code Analysis
    – AAron Walters and Nick Petroni, Volatools, Volatools: Integrating
    Volatile Memory Forensics into the Digital Investigation Process,
    http://4tphi.net/fatkit/

    You might also like