With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire hard drive partition or an entire external drive (for example, a USB drive or flash drive). This article will show you how to encrypt and hide an encrypted partition of your hard drive from prying eyes.
Spies, paranoids and ordinary users
Who will benefit from the ability to encrypt partitions? Let's discard spies and paranoids right away. There are not so many of the former, and their need for data encryption is purely professional. The second one just wants to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they encrypt it anyway. That is why we are interested in ordinary users, of whom, I hope, there will be more than paranoid spies.A typical partition encryption scenario is when a computer is shared. There are two options for using the CyberSafe program: either each of the users working at the computer creates a virtual disk, or each one allocates a partition on the hard drive for storing personal files and encrypts it. It has already been written about creating virtual disks, but in this article we will talk specifically about encrypting the entire partition.
Let's say there is a 500 GB hard drive and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to limit one user's access to another user's files, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the hard drive disk space can be divided as follows:
- Approximately 200 GB - shared partition. This partition will also be the system partition. It will install the operating system, the program and store common files of all three users.
- Three sections of ~100 GB each - I think 100 GB is enough to store each user’s personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the access password to the encrypted section. In this case, the administrator, no matter how much he or she wishes, will not be able to decrypt another user’s partition and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will only be able to gain access if he tricks the user into giving him his password. But I think this will not happen, so encrypting the partition is a much more effective measure than differentiating access rights using NTFS.
Partition encryption vs encrypted virtual disks
What is better - encrypting partitions or using encrypted virtual disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.What is a virtual disk? Look at it as an archive with a password and a compression ratio of 0. Only the files inside this archive are encrypted much more securely than in a regular archive. A virtual disk is stored on your hard drive as a file. In the CyberSafe program, you need to open and mount the virtual disk and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if the size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a flash drive or external hard drive. You won't be able to do this with an encrypted partition. You can also use a virtual disk file.
Of course, if necessary, you can create an image of the encrypted disk - in case you want to back it up or move it to another computer. But that's a different story. If you have a similar need, I recommend the Clonezilla program - it is already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complex undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
With partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which method should I choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when using the entire section is impossible or makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. There is no point in encrypting the entire partition if the size of the documents (files) you need to encrypt is small - a few gigabytes. I think we’ve sorted this out, so it’s time to talk about which partitions (disks) can be encrypted.
Supported drive types
You can encrypt the following types of media:- Hard drive partitions formatted in FAT, FAT32 and NTFS file systems.
- Flash drives, external USB drives, with the exception of drives representing mobile phones, digital cameras and audio players.
- CD/DVD-RW disks, floppy disks
- Dynamic disks
- System drive (from which Windows boots)
Features of working with an encrypted disk
Let's imagine that you have already encrypted a hard drive partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk that you specified when encrypting it. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.In other words, encryption only protects your files when the encrypted partition is unmounted. Once the partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive and the files will not be encrypted. So, when you are working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a short time! Once you have unmounted the encrypted drive, your files will be securely protected.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will remain operational and you will just have to wait a little longer than usual (especially when you copy large files to an encrypted partition).
Getting ready for encryption
The first thing you need to do is get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files, then encryption will take some time. If the power goes out during this time, you are guaranteed to lose data. Therefore, if you don’t have a UPS that can withstand several hours of battery life, I recommend doing the following:- Back up your data, for example on an external hard drive. Then you will have to get rid of this copy (it is advisable to wipe the free space with a utility like Piriform after deleting data from an unencrypted disk so that it is impossible to recover deleted files), since if it is present, there is no point in having an encrypted copy of the data.
- You will transfer data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don’t need to format it separately - CyberSafe will do it for you, but more on that later.
If you have a laptop and are ready to continue without creating a backup copy of your data (I would recommend doing one just in case), be sure to check the disk for errors, at least with a standard Windows utility. Only after this you need to start encrypting the partition/disk.
Partition encryption: practice
So, theory without practice is meaningless, so let's start encrypting the partition/disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).
Rice. 1. List of partitions/disks of your computer
Select the partition you want to encrypt. If the button Create will be inactive, then this partition cannot be encrypted. For example, this could be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next a window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when mounting it. When entering your password, check the case of characters (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.
Rice. 2. Crypto Disk
From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to save it, turn on the switch. Please note that in this case the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, on an external hard drive, then you will still have to copy them to the encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the Enable radio button Save file structure and data, otherwise you will lose all your data.
Other parameters in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and quick formatting will be performed into the NTFS file system. To start encryption, click the button Accept. The progress of the encryption process will be displayed in the main program window.
Rice. 3. Progress of the encryption process
Once the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it won't show up in Explorer and other high-level file managers, but partition table programs will see it. There is no need to hope that since the disk is hidden, no one will find it. All disks hidden by the program will be displayed in the snap-in Disk management(see Fig. 5) and other programs for disk partitioning. Please note that in this snap-in, the encrypted partition is displayed as a partition with a RAW file system, that is, without a file system at all. This is normal - after encrypting a partition, Windows cannot determine its type. However, hiding a partition is necessary for completely different reasons, and then you will understand exactly why.
Rice. 4. Disk status: encrypted, hidden. Partition E: not visible in Explorer
Rice. 5. Disk Management snap-in
Now let's mount the partition. Select it and click the button Resurrection to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize its file system type, it will offer to format it (Fig. 6). This should not be done under any circumstances, since you will lose all data. This is why the program hides encrypted drives - after all, if you are not the only one working on the computer, another user can format a supposedly unreadable partition of the disk.
Rice. 6. Suggestion to format the encrypted partition
Of course, we refuse formatting and press the button Montirov. in the main CyberSafe program window. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).
Rice. 7. Selecting a drive letter
After this, the program will ask you to enter the password necessary to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).
Rice. 8. Password for decrypting the partition
Rice. 9. Connected decrypted devices
After this, you can work with the decrypted disk as with a regular one. In Explorer, only drive Z: will be displayed - this is the letter I assigned to the decrypted drive. The encrypted E: drive will not be displayed.
Rice. 10. Explorer - viewing computer disks
Now you can open the mounted disk and copy all the secret files to it (just don’t forget to delete them from the original source and wipe out the free space on it).
When you need to finish working with our section, then or click the button Dismantler., and then the button Hide or simply close the CyberSafe window. As for me, it’s easier to close the program window. It is clear that you do not need to close the program window during the operation of copying/moving files. Nothing terrible or irreparable will happen, just some of the files will not be copied to your encrypted disk.
About performance
It is clear that the performance of an encrypted disk will be lower than that of a regular one. But how much? In Fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in Fig. 11 - approximately at the level of 1.3 MB/s. This means that 1 GB of small files will be copied in approximately 787 seconds, that is, 13 minutes. If you copy the same folder to an unencrypted partition, the speed will be approximately 1.9 MB/s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB/s, but very few files were copied at this speed, so we believe that the speed was 1.9 MB/s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds or almost 9 minutes.
Rice. 11. Speed of copying small files from an unencrypted partition to an encrypted one
Rice. 12. Speed of copying small files between two unencrypted partitions
As for large files, you won't feel any difference. In Fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in Fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one and it was 11.1 MB/s. The difference is small and is within the error limit (the speed still changes slightly as the copy operation progresses). Just for fun, I’ll tell you the speed of copying the same file from a flash drive (not USB 3.0) to a hard drive - about 8 MB/s (there is no screenshot, but trust me).
Rice. 13. Large file copying speed
Rice. 14. Speed of copying a large file to an encrypted partition
This test isn't entirely accurate, but it can still give you some idea of performance.
That's all. I also recommend that you read the article
Hello, friends! Almost each of us has several files on our computer that require special protection.
We need to create a kind of secret corner where you can store information, knowing that only you will have access to it. The TrueCrypt program will help us achieve this task.
There are two main types of programs for storing such content: the first one makes files invisible to outsiders, the second one encrypts their contents. Specifically, in this article, I will tell you how to create a special partition on your hard drive that will be encrypted, hidden, and can only be accessed by entering a password.
For example, I use this feature to store a database of passwords. In your case, this could be any other important information or files that require reliable protection from prying eyes.
TrueCrypt is considered one of the best data encryption programs. Despite the fact that its developers completely closed the project in 2014 (in my opinion, under pressure from special services, and the recommendation to switch to BitLocker is only confirmation of this), the functionality of the latest versions remains at a fairly high level.
Using TrueCrypt tools, you will encrypt any files located on your PC, OS partitions, disks or removable media. You can also create a “secret container”, located, like a nesting doll, inside the first, poorly protected volume. The main role of such a container is that even if you have to give out a password to open the first container, you have an excellent chance of hiding the existence of the second one, which will contain your secret files.
Installing TrueCrypt
You can download this free utility in the Downloads section for your operating system from the website truecrypt.ch.
There are no difficulties in installing the program; just use the default settings. Next, opening the already installed program, we will see a small window with a standard interface, where there is a menu, a work area with a list of volumes, and buttons for performing basic tasks.
The program interface is in English. If this confuses you, just return to the utility download page and in the “Language Packs for TrueCrypt” section download the required language pack (in this case, Russian). Perform Russification of the program.
Russification of TrueCrypt
Unzip the language pack and copy the “Language.ru” file to the folder with the installed program (by default it is C:\Program Files\TrueCrypt).
Before moving on to encryption, you need to understand the basic principles of the program.
How TrueCrypt works
The program is based on a fairly simple principle. We create a file on the computer and give it a certain size. The TrueCrypt program encrypts this file, plus we put a password on it. As a result, we get a kind of container, the information inside of which will be encrypted.
The program connects this container in the form of a virtual disk that will be displayed in Explorer and assign a letter to it. By mounting the disk and entering a password, you can use it like a regular disk and drop into it, for example, new information that also needs to be encrypted.
Create an encrypted disk
Following the prompts of the TrueCrypt Volume Creation Wizard, let's begin creating an encrypted disk. Click “Create Volume” and select “Create an encrypted file container”. Next, select “Regular Volume” and indicate where it will be located, click the “File” button.
Let’s say, in my case, it will be located on Drive C. In order not to arouse unnecessary suspicion, I recommend creating a file that looks like a multimedia one, that is, a file with the appropriate extension, for example, “cipher.avi”
In this case, our future secret container will look like a regular video file, and even if it is large, this will not surprise anyone. Click “Next”, select the encryption algorithm and the size of this file (future container).
We indicate the volume size, which will depend on what you will store. If this is a container with multimedia content (video, photo, audio), then the size should be appropriate.
The next step is to set a password for this volume and select a file system. If the expected container size is more than 4 GB, then the file system is NFTS.
Click “Mark” and see the message that the TrueCrypt volume was successfully created. The container has been successfully created and, as you understand, this is our originally created and disguised file - cipher.avi.
Now our task is to connect this container as a virtual disk to the system. In the main program window, select the letter for the future disk and click the “File” button. We indicate the path to our container - cipher.avi.
We enter the password and now the newly created encrypted disk should appear in our system.
The disk has been created successfully. You can work with it like a regular local disk: copy, transfer and edit the necessary files. Since encryption occurs on the fly, the speed may vary, but this is only relevant for weaker systems.
When we are finished working with the disk, we open TrueCrypt, select this disk and click “Unmount”.
The next time we need to access this secret content, we launch the program, click the “File” button in the application window and specify “cipher.avi”. Next, click “Mount” and enter the password. After entering the password, our encrypted disk will reappear in Explorer. We worked and dismantled it.
The program allows you to encrypt not only files on a hard drive or on a removable drive, but also the entire disk, partition or removable media. In addition, TrueCrypt can encrypt even an additional operating system and make invisible not only the existence of any files, but also the running additional OS. This function may be needed if you need not just to hide a couple of dozen files, but to classify a large amount of information, including the programs you use.
TrueCrypt has truly enormous capabilities, and in this article I introduced you only to its most popular disk encryption function. Remember that any actions with system files and partitions carry the potential threat of losing the functionality of the operating system. Before working with TrueCrypt, I recommend creating a backup copy of the OS. Also, when performing all actions, carefully read the explanations and additional instructions.
That's all for now. I hope you found it interesting. See you in a new article.
Recently, laptops have become very popular due to their affordable price and high performance. And users often use them outside secured premises or leave them unattended. This means that the issue of ensuring that personal information on systems running Windows is not accessible to outsiders becomes extremely pressing. Simply setting a login password will not help here. And encrypting individual files and folders (read about that) is too routine. Therefore, the most convenient and reliable means is hard drive encryption. In this case, you can encrypt only one of the partitions and keep private files and programs on it. Moreover, such a partition can be made hidden without assigning a drive letter to it. Such a section will outwardly appear unformatted, and thus will not attract the attention of attackers, which is especially effective, since the best way to protect secret information is to hide the very fact of its existence.
How hard drive encryption works
The general principle is this: the encryption program makes an image of the file system and places all this information in a container, the contents of which are encrypted. Such a container can be either a simple file or a partition on a disk device. Using an encrypted container file is convenient because such a file can be copied to any convenient location and continued working with it. This approach is convenient when storing a small amount of information. But if the size of the container is several tens of gigabytes, then its mobility becomes very doubtful, and besides, such a huge file size reveals the fact that it contains some useful information. Therefore, a more universal approach is to encrypt the entire partition on the hard drive.
There are many different programs for these purposes. But the most famous and reliable is considered TrueCrypt. Since this program is open source, this means that there are no vendor-specific backdoors that allow you to access encrypted data through an undocumented back door. Unfortunately, there are speculations that the creators of the TrueCrypt program were forced to abandon further development and pass the baton to their proprietary counterparts. However, the latest reliable version, 7.1a, remains fully functional on all versions of Windows, and most users use this version.
Attention!!! The latest current version is 7.1a ( Download link). Do not use the “cut down” version 7.2 (the project was closed, and on the official website of the program they suggest switching from TrueCrypt to Bitlocker and only version 7.2 is available).
Creating an encrypted disk
Let's consider the standard approach when encrypting partitions. To do this, we need an unused partition on your hard drive or flash drive. For this purpose, you can free one of the logical drives. As a matter of fact, if there is no free partition, then during the process of creating an encrypted disk, you can choose to encrypt the disk without formatting and save the existing data. But this takes longer and there is a small risk of losing data during the encryption process if the computer freezes.
If the required partition on the disk device is prepared, you can now launch the TrueCrypt program and select the “Create new volume” menu item.
Since we are interested in storing data not in a container file, but in a disk partition, we select the “Encrypt non-system partition/disk” option and the usual type of volume encryption.
At this stage, the mentioned choice appears - to encrypt the data in the partition or format it without saving the information.
After this, the program asks which algorithms to use for encryption. For domestic needs there is no big difference - you can choose any of the algorithms or a combination of them.
Only in this case it is worth considering that when using a combination of several algorithms, more computing resources are required when working with an encrypted disk - and accordingly, the read and write speed drops. If your computer is not powerful enough, then it makes sense to click on the test button to select the optimal algorithm for your computer.
The next step is the actual process of formatting the encrypted volume.
Now all you have to do is wait until the program finishes encrypting your hard drive.
It is worth noting that at the stage of setting a password, you can specify a key file as additional protection. In this case, access to encrypted information will be possible only if this key file is available. Accordingly, if this file is stored on another computer on the local network, then if a laptop with an encrypted disk or flash drive is lost, no one will be able to access the secret data, even if they guessed the password - after all, the key file is not on the laptop itself or on the flash drive.
Hiding an encrypted partition
As already mentioned, the advantage of an encrypted partition is that it is positioned in the operating system as unused and unformatted. And there is no indication that it contains encrypted information. The only way to find out is to use special cryptanalysis programs that can, based on the high degree of randomness of the bit sequences, conclude that the section contains encrypted data. But if you are not a potential target for the intelligence services, then you are unlikely to face such a threat of compromise.
But for additional protection from ordinary people, it makes sense to hide the encrypted partition from the list of available drive letters. Moreover, anyway, accessing the disk directly by its letter will not give anything and is only required if the encryption is removed by formatting. To unpin a volume from a used letter, go to the “Control Panel” section “Computer Management / Disk Management” and, by calling up the context menu for the desired section, select “Change drive letter or drive path...”, where you can remove the binding.
After these manipulations, the encrypted partition will not be visible in Windows Explorer and other file managers. And the presence of one nameless and “unformatted” partition among several different system partitions is unlikely to arouse interest among outsiders.
Using an encrypted drive
To use an encrypted device as a regular drive, you need to connect it. To do this, in the main program window, right-click on one of the available drive letters and select the menu item “Select device and mount...”
After this, you need to mark the previously encrypted device and specify the password.
As a result, a new drive with the selected letter should appear in the Windows browser (in our case, drive X).
And now you can work with this disk like with any ordinary logical disk. The main thing after finishing work is not to forget to either turn off the computer, or close the TrueCrypt program, or disable the encrypted partition - after all, as long as the disk is connected, any user can access the data located on it. You can unmount the partition by clicking the “Unmount” button.
Results
Using the TrueCrypt program will allow you to encrypt your hard drive and thereby hide your private files from strangers if someone suddenly gains access to your flash drive or hard drive. And the location of encrypted information on an unused and hidden partition creates an additional level of protection, since the uninitiated circle of people may not realize that secret information is stored on one of the partitions. This method of protecting private data is suitable in the vast majority of cases. And only if you are being targeted with the threat of violence to obtain your password, then you may need more sophisticated security methods, such as steganography and hidden TrueCrypt volumes (with two passwords).
Researchers at Princeton University have discovered a way to bypass hard drive encryption by exploiting the ability of RAM modules to retain information for a short period of time even after a power failure.
Preface
Since you need to have a key to access an encrypted hard drive, and it is, of course, stored in RAM, all that is needed is to gain physical access to the PC for a few minutes. After rebooting from an external hard drive or USB Flash, a complete memory dump is made and the access key is extracted from it within a matter of minutes.
In this way, it is possible to obtain encryption keys (and full access to the hard drive) used by BitLocker, FileVault and dm-crypt programs in Windows Vista, Mac OS X and Linux operating systems, as well as the popular free hard drive encryption system TrueCrypt.
The importance of this work lies in the fact that there is not a single simple method of protection against this method of hacking, other than turning off the power for a sufficient time to completely erase the data.
A visual demonstration of the process is presented in video.
annotation
Contrary to popular belief, the DRAM memory used in most modern computers retains data even after the power is turned off for several seconds or minutes, and this happens at room temperature and even if the chip is removed from the motherboard. This time is quite enough to take a complete RAM dump. We will show that this phenomenon allows an attacker with physical access to the system to bypass the OS functions to protect cryptographic key data. We will show how rebooting can be used to successfully attack known hard drive encryption systems without using any specialized hardware or materials. We will experimentally determine the degree and probability of retention of residual magnetization and show that the time for which data can be taken can be significantly increased using simple techniques. New methods will also be proposed for searching for cryptographic keys in memory dumps and correcting errors associated with loss of bits. Several ways to reduce these risks will also be discussed, but we do not know of a simple solution.
Introduction
Most experts assume that data from a computer's RAM is erased almost instantly after the power is turned off, or they believe that residual data is extremely difficult to retrieve without the use of special equipment. We will show that these assumptions are incorrect. Conventional DRAM memory loses data gradually over several seconds, even at normal temperatures, and even if the memory chip is removed from the motherboard, data will remain in it for minutes or even hours, provided that the chip is stored at low temperatures. Residual data can be recovered using simple methods that require short-term physical access to the computer.
We will show a series of attacks that, using the remanence effects of DRAM, will allow us to recover encryption keys stored in memory. This poses a real threat to laptop users who rely on hard drive encryption systems. After all, if an attacker steals a laptop while the encrypted disk is connected, he will be able to carry out one of our attacks to access the content, even if the laptop itself is locked or in sleep mode. We will demonstrate this by successfully attacking several popular encryption systems, such as BitLocker, TrueCrypt and FileVault. These attacks should also be successful against other encryption systems.
Although we have focused our efforts on hard drive encryption systems, if an attacker has physical access to the computer, any important information stored in RAM can become a target for attack. It is likely that many other security systems are vulnerable as well. For example, we discovered that Mac OS X leaves account passwords in memory, from where we were able to extract them, and we also carried out attacks to obtain the private RSA keys of the Apache web server.
While some in the information security and semiconductor physics communities were already aware of the remanence effect in DRAM, there was very little information about it. As a result, many who design, develop or use security systems are simply unfamiliar with this phenomenon and how easily it can be exploited by an attacker. To the best of our knowledge, this is the first detailed work examining the information security implications of these phenomena.
Attacks on encrypted drives
Encrypting hard drives is a well-known method of protecting against data theft. Many believe that hard drive encryption systems will protect their data, even if an attacker has gained physical access to the computer (in fact, that’s what they are for, editor’s note). A California state law passed in 2002 requires reporting of possible disclosures of personal data only if the data was not encrypted, because. It is believed that data encryption is a sufficient protective measure. Although the law does not describe any specific technical solutions, many experts recommend the use of encryption systems for hard drives or partitions, which will be considered sufficient protection measures. The results of our research showed that faith in disk encryption is unfounded. A less-than-skilled attacker can bypass many commonly used encryption systems if a laptop with data is stolen while it is turned on or in sleep mode. And data on a laptop can be read even if it is on an encrypted drive, so using hard drive encryption systems is not a sufficient measure.
We used several types of attacks on well-known hard drive encryption systems. What took the most time was installing encrypted disks and checking the correctness of the detected encryption keys. Obtaining a RAM image and searching for keys took only a few minutes and was fully automated. There is reason to believe that most hard drive encryption systems are susceptible to similar attacks.
BitLocker
BitLocker is a system included in some versions of Windows Vista. It functions as a driver that runs between the file system and the hard drive driver, encrypting and decrypting selected sectors on demand. The keys used for encryption remain in RAM as long as the encrypted disk is encrypted.
To encrypt each sector of a hard drive, BitLocker uses the same pair of keys created by the AES algorithm: a sector encryption key and an encryption key operating in cipher block chaining (CBC) mode. These two keys are in turn encrypted with the master key. To encrypt a sector, a binary addition procedure is performed on the plaintext with the session key generated by encrypting the sector offset byte with the sector encryption key. The resulting data is then processed by two mixing functions that use the Microsoft-developed Elephant algorithm. These keyless functions are used to increase the number of changes to all cipher bits and, accordingly, increase the uncertainty of the encrypted sector data. At the last stage, the data is encrypted with the AES algorithm in CBC mode, using the appropriate encryption key. The initialization vector is determined by encrypting the sector offset byte with the encryption key used in CBC mode.
We have implemented a fully automated demo attack called BitUnlocker. This uses an external USB drive with Linux OS and a modified SYSLINUX-based bootloader and the FUSE driver, which allows you to connect BitLocker-encrypted drives to Linux OS. On a test computer running Windows Vista, the power was turned off, a USB hard drive was connected, and booted from it. After that, BitUnlocker automatically dumped the RAM onto an external drive, used the keyfind program to search for possible keys, tried all the suitable options (pairs of sector encryption key and CBC mode key), and if successful, connected the encrypted drive. As soon as the disk was connected, it became possible to work with it like any other disk. On a modern laptop with 2 gigabytes of RAM, the process took about 25 minutes.
It is noteworthy that this attack became possible to carry out without reverse engineering any software. In the Microsoft documentation, the BitLocker system is described sufficiently to understand the role of the sector encryption key and the CBC mode key and create your own program that implements the entire process.
The main difference between BitLocker and other programs in this class is the way keys are stored when the encrypted drive is disconnected. By default, in basic mode, BitLocker protects the master key only using the TPM module, which exists on many modern PCs. This method, which appears to be widely used, is particularly vulnerable to our attack because it allows encryption keys to be obtained even if the computer has been turned off for a long time, since when the PC boots up, the keys are automatically loaded into RAM (before login window) without entering any authentication information.
Apparently, Microsoft specialists are familiar with this problem and therefore recommend configuring BitLocker in an improved mode, where keys are protected not only using TPM, but also with a password or key on an external USB drive. But, even in this mode, the system is vulnerable if an attacker gains physical access to the PC at the moment when it is working (it can even be locked or in sleep mode (states - simply turned off or hibernate in this case are considered not susceptible to this attack).
FileVault
Apple's FileVault system has been partially investigated and reverse engineered. In Mac OS X 10.4, FileVault uses a 128-bit AES key in CBC mode. When the user password is entered, the header containing the AES key and the second K2 key is decrypted, used to calculate the initialization vectors. The initialization vector for the Ith disk block is calculated as HMAC-SHA1 K2(I).
We used our EFI RAM imaging program to retrieve data from an Intel-based Mac with a FileVault-encrypted drive attached. After this, the keyfind program automatically found FileVault AES keys without errors.
Without an initialization vector, but with the resulting AES key, it becomes possible to decrypt 4080 of the 4096 bytes of each disk block (all except the first AES block). We made sure that the initialization vector is also in the dump. Assuming that the data has not yet become corrupted, an attacker can determine the vector by trying all the 160-bit strings in the dump one by one and checking whether they can form a possible plaintext when binary added to the decrypted first part of the block. Together, using programs like vilefault, AES keys and an initialization vector allow you to completely decrypt an encrypted disk.
While investigating FileVault, we discovered that Mac OS X 10.4 and 10.5 leave multiple copies of the user's password in memory, where they are vulnerable to this attack. Account passwords are often used to protect keys, which in turn can be used to protect the passphrases of FileVault-encrypted drives.
TrueCrypt
TrueCrypt is a popular open-source encryption system that runs on Windows, MacOS and Linux. It supports many algorithms, including AES, Serpent and Twofish. In version 4, all algorithms worked in LRW mode; in the current 5th version, they use XTS mode. TrueCrypt stores the encryption key and tweaks the key in the partition header on each drive, which is encrypted with a different key derived from the user-entered password.
We tested TrueCrypt 4.3a and 5.0a running on Linux. We connected the drive, encrypted with a 256-bit AES key, then removed the power and used our own memory dump software to boot. In both cases, keyfind found a 256-bit intact encryption key. Also, in the case of TrueCrypt 5.0.a, keyfind was able to recover the tweak key of the XTS mode.
To decrypt disks created by TrueCrypt 4, you need to tweak the LRW mode key. We found that the system stores it in four words before the AES key schedule. In our dump, the LRW key was not corrupted. (If errors occurred, we would still be able to recover the key).
Dm-crypt
The Linux kernel, starting with version 2.6, includes built-in support for dm-crypt, a disk encryption subsystem. Dm-crypt uses a variety of algorithms and modes, but by default it uses a 128-bit AES cipher in CBC mode with IVs generated not based on key information.
We tested the partition created by dm-crypt using the LUKS (Linux Unified Key Setup) branch of the cryptsetup utility and the 2.6.20 kernel. The disk was encrypted using AES in CBC mode. We briefly turned off the power and, using a modified PXE bootloader, took a memory dump. The keyfind program detected a correct 128-bit AES key, which was recovered without any errors. After it is restored, the attacker can decrypt and mount the dm-crypt encrypted partition by modifying the cryptsetup utility so that it accepts the keys in the required format.
Methods of protection and their limitations
Implementing protection against attacks on RAM is non-trivial, since the cryptographic keys used must be stored somewhere. We suggest focusing efforts on destroying or hiding keys before an attacker can gain physical access to the PC, preventing RAM dump software from running, physically protecting RAM chips, and reducing the lifespan of RAM data when possible.
Overwriting memory
First of all, you should whenever possible avoid storing keys in RAM. You need to overwrite key information when it is no longer used and prevent data from being copied to page files. Memory must be cleared in advance using OS tools or additional libraries. Naturally, these measures will not protect keys currently in use, since they must be stored in memory, such as keys used for encrypted disks or on secure web servers.
Also, the RAM must be cleared during the boot process. Some PCs can be configured to clear RAM at boot using a clearing POST request (Power-on Self-Test) before loading the OS. If an attacker cannot prevent the execution of this request, then he will not be able to make a memory dump with important information on this PC. But, he still has the opportunity to remove the RAM chips and insert them into another PC with the BIOS settings he needs.
Restricting downloading from the network or from removable media
Many of our attacks were carried out using downloads over the network or from removable media. The PC must be configured to require an administrator password to boot from these sources. But it should be noted that even if the system is configured to boot only from the main hard drive, an attacker can change the hard drive itself, or in many cases, reset the computer's NVRAM to roll back to the original BIOS settings.
Safe Sleep Mode
The results of the study showed that simply locking the PC desktop (that is, the OS continues to work, but in order to start interacting with it you must enter a password) does not protect the contents of RAM. Hibernation mode is also not effective if the PC is locked when returning from sleep mode, since an attacker can activate the return from sleep mode, then reboot the laptop and take a memory dump. The hibernate mode (the contents of RAM are copied to the hard drive) will also not help, except in cases of using key information on alienated media to restore normal functioning.
In most hard drive encryption systems, users can protect themselves by turning off the PC. (The Bitlocker system in the basic mode of operation of the TPM module remains vulnerable, since the disk will be connected automatically when the PC is turned on). Memory contents may persist for a short period after being disconnected, so it is recommended to monitor your workstation for a couple more minutes. Despite its effectiveness, this measure is extremely inconvenient due to the long loading time of workstations.
The transition to sleep mode can be secured in the following ways: require a password or other secret to “wake up” the workstation and encrypt the memory contents with a key derived from this password. The password must be strong, since an attacker can make a memory dump and then try to guess the password by brute force. If encrypting the entire memory is not possible, you need to encrypt only those areas that contain key information. Some systems may be configured to enter this type of protected sleep mode, although this is not usually the default setting.
Avoiding Pre-Computations
Our research has shown that using precomputation to speed up cryptographic operations makes key information more vulnerable. Pre-calculations result in redundant information about key data appearing in memory, which allows an attacker to recover keys even if there are errors. For example, as described in Section 5, information about the iterative keys of the AES and DES algorithms is extremely redundant and useful to an attacker.
Not doing pre-computations will reduce performance because potentially complex calculations will have to be repeated. But, for example, you can cache precomputed values for a certain period of time and erase the received data if it is not used during this interval. This approach represents a trade-off between security and system performance.
Key expansion
Another way to prevent key recovery is to change the key information stored in memory in such a way as to make it more difficult to recover the key due to various errors. This method has been discussed in theory, where a discovery-resistant function has been shown whose inputs remain hidden even if virtually all of the outputs have been discovered, much like the operation of one-way functions.
In practice, imagine that we have a 256-bit AES key K that is not currently in use but will be needed later. We can't overwrite it, but we want to make it resistant to recovery attempts. One way to achieve this is to allocate a large B-bit data area, fill it with random data R, and then store in memory the result of the following transformation K+H(R) (binary summation, editor's note), where H is a hash function, such as SHA-256.
Now imagine that the power was turned off, this would cause the d bits in this area to be changed. If the hash function is strong, when attempting to recover key K, the attacker can only count on being able to guess which bits of area B were changed out of the approximately half that could have changed. If d bits have been changed, the attacker will have to search an area of size (B/2+d)/d to find the correct values of R and then recover key K. If area B is large, such a search can be very long, even if d is relatively small
In theory, we could store all the keys this way, calculating each key only when we need it, and deleting it when we don't need it. Thus, using the above method, we can store the keys in memory.
Physical protection
Some of our attacks relied on having physical access to memory chips. Such attacks can be prevented by physical memory protection. For example, memory modules are located in a closed PC case, or are sealed with epoxy glue to prevent attempts to remove or access them. You can also implement memory erasure as a response to low temperatures or attempts to open the case. This method will require the installation of sensors with an independent power supply system. Many of these methods involve tamper-resistant hardware (such as the IBM 4758 coprocessor) and can greatly increase the cost of the workstation. On the other hand, using memory soldered to the motherboard will be much cheaper.
Architecture change
You can change the PC architecture. This is impossible for already used PCs, but will allow you to secure new ones.
The first approach is to design DRAM modules so that they erase all data faster. This can be tricky because the goal of erasing data as quickly as possible conflicts with the other goal of keeping data from going missing between memory refresh periods.
Another approach is to add key information storage hardware that is guaranteed to erase all information from its storage upon startup, restart, and shutdown. This way, we will have a secure place to store multiple keys, although the vulnerability associated with their pre-calculation will remain.
Other experts have proposed an architecture in which the contents of memory would be permanently encrypted. If, in addition to this, we implement erasing of keys during a reboot and power outage, then this method will provide sufficient protection against the attacks we have described.
Trusted Computing
Hardware corresponding to the concept of “trusted computing”, for example, in the form of TPM modules, is already used in some PCs. Although useful in protecting against some attacks, in its current form such equipment does not help prevent the attacks we describe.
The TPM modules used do not implement full encryption. Instead, they observe the boot process to decide whether it is safe to load the key into RAM or not. If the software needs to use a key, then the following technology can be implemented: the key, in a usable form, will not be stored in RAM until the boot process goes as expected. But as soon as the key is in RAM, it immediately becomes a target for our attacks. TPMs can prevent a key from being loaded into memory, but they do not prevent it from being read from memory.
conclusions
Contrary to popular belief, DRAM modules store data for a relatively long time when disabled. Our experiments have shown that this phenomenon allows for a whole class of attacks that can obtain sensitive data, such as encryption keys, from RAM, despite the OS's attempts to protect its contents. The attacks we have described can be implemented in practice, and our examples of attacks on popular encryption systems prove this.
But other types of software are also vulnerable. Digital rights management (DRM) systems often use symmetric keys stored in memory, and these can also be obtained using the methods described. As we have shown, SSL-enabled web servers are also vulnerable because they store in memory the private keys needed to create SSL sessions. Our key information search techniques are likely to be effective for finding passwords, account numbers, and any other sensitive information stored in RAM.
It looks like there is no easy way to fix the vulnerabilities found. The software change will most likely not be effective; hardware changes will help, but the time and resource costs will be high; Trusted computing technology in its current form is also ineffective because it cannot protect keys located in memory.
In our opinion, laptops that are often located in public places and operate in modes that are vulnerable to these attacks are most susceptible to this risk. The presence of such risks shows that disk encryption protects important data to a lesser extent than is commonly believed.
As a result, you may have to treat DRAM memory as an untrusted component of a modern PC, and avoid processing sensitive sensitive information in it. But for now, this is not practical until the architecture of modern PCs changes to allow software to store keys in a secure location.
