Security of Hard Disk Encryption USMAN YOUSUF Degree project in Information and Communiation Systems Security Stockholm, Sweden 2013 TRITA-ICT-EX-2013:92 SECURITY OF HARD DISK ENCRYPTION Abstract| Abstract In order to provide confidentiality to digital information and safety to computer hard disk, encryption is considered to be best solutions. Now a day, several hard disks encryption software’s with a range of different features are commercially available. Majority of the software uses that encryption algorithm, whose cryptanalyses are already known. Now the vital question is that how much these encryption software’s provide security to the data. Any implementation and design flaw leave loop hole or backdoors in these softwares. Either by take the advantage of user unawareness or by using any external hardware, software’s security can be defeated by using smart and easy methods. This thesis will provide possible weaknesses and vulnerabilities of commercially available hard disk encryption software, who offering complete security to the hard disk data. This thesis will also access the real world performance of hard disk encryption softwares. i SECURITY OF HARD DISK ENCRYPTION Acknowledgement| Acknowledgement First of all, I wish to thank ALMIGHTLY GOD for providing me strength and courage to continuously hunt which is so called knowledge. I am most grateful to Prof. Sead Muftic supervising and guiding this thesis. Last, but not the least thanks to all my friends and families for their support, encouragement and love throughout my work. ii SECURITY OF HARD DISK ENCRYPTION Table of Contents| Security of Hard Disk Encryption Chapter 1 Introduction 1.1 Problem Statement 1.2 Objectives 1.3 Purpose 1.4 Methodology 1.5 Limitations Chapter 2 Overview of Information Security 2.1 Basic Cryptography 2.2 Security Goals 2.3 Types of Cryptographic Algorithms 2.3.1 Secret Key Cryptography (Symmetric Key) 2.3.2 Public Key Cryptography (Asymmetric Key) 2.3.3 Hash Functions 2.4 Hard Disk Encryption 2.5 Implementation types of Disk Encryption 2.5.1 Hardware based versus Software based encryption 2.5.2 Narrow block versus wide block encryption 2.5.3 Transparent versus authenticated encryption Chapter 3 Disk Encryption Cryptography 3.1 Cryptographic Ciphers iii SECURITY OF HARD DISK ENCRYPTION Table of Contents| 3.1.1 Block Ciphers 3.1.2 Stream ciphers 3.1.3 Tweakable Block ciphers 3.2 The Advanced Encryption Standard (AES) 3.2.1 AES algorithm description 3.3 Block Cipher Modes of encryption 3.4 Modes of operation for disk encryption 3.4.1 LRW: Liskov, Rivest, Wagner 3.4.2 XEX: XOR-Encryption-XOR 3.4.3 MCB: Masked CodeBook 3.4.4 CMC: CBC-Mask-CBC 3.4.5 EME: ECB-Mix-ECB 3.4.6 XCB: Extended CodeBook 3.5 AES-XTS 3.5.1 AES-XTS Encryption Procedure 3.5.2 AES-XTS decryption Procedure Chapter 4 Disk Encryption Security Analysis and results 4.1 Boot Process 4.2 Truecrypt Software Internal Anatomy 4.2.1 TrueCrypt Encryption Paradigm 4.3 Exploiting the lack of integrity in a TrueCrypt MBR 4.4 Exploiting the lack of integrity checking of MBR boot signature in TrueCrypt Rescue Disk 4.5 Exploiting the lack of integrity verification in a TrueCrypt Bootloader 4.6 Exploiting the Slow decay rate of RAM data-remanense 4.7 BIOS passwords could be extracted from memory iv SECURITY OF HARD DISK ENCRYPTION Table of Contents| Chapter 5 Performance Benchmark 5.1 Process 5.2 Test Requirements 5.2.1 Hardware 5.2.2 Software 5.3 Test 5.3.1 File benchmark Testing 5.4 Test Cases 5.4.1 With Disk Encryption 5.4.2 Without Disk encryption 5.5 Testing and Benchmarking Methodology 5.6 Benchmarking Results 5.6.1 Write Speed 5.6.2 Read Speed 5.7 Analysis 5.7.1 Causality 5.7.2 Possible Consequences 5.7.3 Probable sources of error 5.8 Futher Work Chapter 6 Countermeasures and their Limitations 6.1 Scrubbing Memory 6.2 Limiting booting from network or removable media 6.3 Suspending a system safely 6.4 Physical defenses 6.5 Counter measure against Sniffing attack 6.6 Defenses for Software-Based Full Disk Encryption v SECURITY OF HARD DISK ENCRYPTION Table of Contents| 6.7 Countermeasure against DRAM Attacks 6.7.1 Hardware based full disk encryption 6.7.2 Frozen Cache 6.8 Future Works 6.8.1 Architectural changes 6.8.2 Encrypting in the disk controller 6.8.3 OS independent Disk encryption using virtualization 6.9 Conclusion References Appendix A vi SECURITY OF HARD DISK ENCRYPTION Abbreviations| Abbreviations AES Advanced Encryption Standard AMD Advanced Micro Devices API Application Programming Interface ARM Application Response Measurement ASCII American Standard Code for Information Interchange ASIC Application Specific Integrated Circuit ATM Asynchronous Transfer Mode BIOS Basic Input/output System CBC Cipher-block chaining CCM Counter with CBC-MAC CFB Cipher Feedback CMAC Cipher-based MAC CMC CBC-Mask-CBC CMOS Complementary metal–oxide–semiconductor CMVP Cryptographic Module Validation Program CNSS Committee on National Security Systems CPU Central Processing Unit vii SECURITY OF HARD DISK ENCRYPTION Abbreviations| CRC Cyclic Redundancy Check CRTM Core Root of Trust for Measurement CS Computer Science CTS Cipher Text Stealing CTR Counter DES Data Encryption Standards DMA Direct memory access DPA Differential Power Analysis DSA Digital Signature Algorithm ECB Electronic Code Book EMA Electromagnetic Analysis EME Encrypt-Mask-Encrypt FAT File Allocation Table FBI Federal Bureau of Investigation FDE Full Disk Encryption FIPS Federal Information Processing Standards FPGA Field-Programmable Gate Array FVEK Full Volume Encryption Key GCM Galois/Counter Mode GUI Graphical User Interface viii SECURITY OF HARD DISK ENCRYPTION Abbreviations| HMAC Hash-based Message Authentication Code IBM International Business Machines ID Identity IEC International Electro Technical Commission IEEE Institute of Electrical and Electronics Engineers ISO International Organization for Standardization IV Initialization Vector MAC Message Authentication Code NESSIE New European Schemes for Signatures, Integrity and Encryption NIST National Institute of Standards and Technology NSA National Security Agency NTFS New Technology File System NV Non Volatile OS Operating System OFB Output Feedback OMAC One key MAC PBKDF Password-Based Key Derivation Function PC Personal Computer PCR Platform Configuration Register PIN Personal Identification Number ix SECURITY OF HARD DISK ENCRYPTION Abbreviations| PKCS Public-key Cryptography standards RAM Random Access Memory RIPE RACE Integrity Primitives Evaluation RSA Rivest, Shamir and Adleman RTM Root of Trust for Measurement SAFER Secure and Fast Encryption Routine SHA Secure Hash Algorithm SISWG Security in Storage Working Group SMP Symmetric Multiprocessing SMT Surface Mount Technology SPA Simple Power Analysis SPE Synergistic Processing Element SPN Substitution-permutation network TCB Trusted Computing Base TPM Trusted Platform Module US United States USB Universal Serial Bus VMK Volume Master Key VM Volatile Memory WLAN Wireless Local Area Network x SECURITY OF HARD DISK ENCRYPTION Abbreviations| WMI Windows Management Instrumentation XCB Extended CodeBook XEX Xor-Encrypt-Xor XML Extensible Markup Language XTS XEX Tweakable Block Cipher with Ciphertext Stealing xi SECURITY OF HARD DISK ENCRYPTION Introduction|Chapter 1| Chapter 1 Introduction Now a days, the most important and sensitive assets of business, people and organization are their computer data or digital information. Number of portable devices like PDAs and laptop has increased as the dependency on computer increased. With these, chances of intrusion activities, data theft and system compromises have increased significantly. In majority of the cases the actual information /data is more important and valuable than the hardware it is stored on and the unauthorized access of that data can be very harmful. The portable devices like laptop netbooks are in highest threat of data stealing and intrusion activities as these are regularly travelled in unsecured public states which are more vulnerable to attack. One solution to mitigate the risk of unauthorized and unwanted access to data is the use of disk encryption. Disk encryption has been changed from being a tool used only by government agencies and top executive for their sensitive and top secret information, to become easily accessible and available for everyone to use, during the last decade. Disk encryption systems are widely used by common users because of its transparent and easy in usage. In this paper, we address the shortcomings of the software based disk encryption systems that are believed to be perfectly secured. We discuss the security vulnerabilities of the software based disk encryption and also do a real world performance benchmarking of the encryption software’s in this thesis. 1 SECURITY OF HARD DISK ENCRYPTION Introduction|Chapter 1| The second chapter introduces basic cryptography, their types and disk encryption implementation types. In third chapter cryptographic cipher along with advanced encryption algorithm and different modes of operation for disk encryption will be discussed. Chapter 4 provides the security vulnerabilities of the encryption software’s and results based on experiments. Chapter 5 specifies the procedure, test cases and testing methodology used in the performance benchmark and the result obtained. In last chapter we will discuss the countermeasures of disk encryption and conclusion. 1.1 Problem Statement An attacker can modify or corrupt the file system or the disk, or both. We state four different situations for protecting encrypted data from the attacker: When a computer is stolen or lost: The aim is to preserve the confidentiality of the storage medium so that the attacker is unable to read the confidential data stored in the disk or unable to trace the existence of secrete data in the storage medium. Passive monitoring: When an attacker can observe the data that are read from or written to the disk. The purpose is to preserve the integrity of the encrypted data so that the attacker cannot modify the monitored data.