Recent headlines in Ireland made more people aware of disk encryption. A laptop containing personal information of 170,000 Irish blood donors was stolen in New York. The laptop was being used to transport data as part of an application upgrade process. Normally, security experts would have been screaming … we remember the information loss in the UK with a third of the population’s personal information going missing on insecure CD’s or DVD’s. But in this case, the Blood Transfusion Service knew what they were doing. They’d encrypted the disk so that data was effectively secure. Or so we all thought!
A team in Princeton University has reportedly cracked disk encryption. I’m not talking just about SafeBoot or Windows BitLocker … I’m talking about disk encryption in general!
For disk encryption to work, the operating system on the computer must have access to the disk. For this it stores decryption keys in RAM to be able to decrypt the disk as it uses it. RAM does not instantly lose it’s contents when you turn off your PC as we are taught in basic computer science. It actually takes a little while for the contents to dissipate. This process takes longer if you can chill the RAM boards using something like a can of compressed air. Once the attacker obtains physical access to the machine (by breaking into an insecure branch office "computer room" or stealing a laptop in an airport or cafe) then they can start this process. Now they boot up the machine with a special tiny operating system that minimises it’s impact on RAM. They scan the contents of RAM and can identify patterns associated with AES, DES and RSA. This now gives them the information required to read the disks of the target computer. The attacker has almost instant access to information that was otherwise considered virtually impregnable.
What does this mean? We have to return to thinking that physical security is still a primary answer to data security. Information on PDA’s, laptops and even servers in insecure branch offices is back to being vulnerable to dedicated attackers. Ordinary criminal loss is not a concern because this vulnerability requires an immediate attack on the RAM chips in the computer. It remains a concern where we have a real risk of being attacked by attackers with a target in mind when they start the attack.
Let’s consider two scenarios. A company gives laptops to directors with a 3rd party disk encryption solution. It uses AES 256bit encryption. The director sits in a cafe drinking coffee and reading mail. An attacker paid by a rival company or an intelligence agency (we know certain European countries do this on behalf of native firms, mais oui!) walks in and grabs the laptop before running out. A van is waiting outside with a couple of engineers who can proceed with the attack. The data on the laptop is lost. The director’s inbox is vulnerable; replicated files, etc all are there. And as we know, directors have access to the most sensitive of data.
Here’s a worse scenario. We’ve been told not to place Active Directory domain controllers in branch offices where we cannot physically secure those machines. The reason is that a domain controller contains a replica of all users usernames and passwords. If the server is stolen then the entire forest is vulnerable and must be flattened/rebuilt. The solution from Microsoft was a Windows 2008 Read Only Domain Controller (RODC) with BitLocker disk encryption. This does two things. Disk encryption virtually secures the contents of the disk (or so we thought). The RODC only replicates data of users in the branch office. This means that once the RODC is lost, an administrator can reset those accounts. It didn’t have to be done immediately because we know the disk encryption would slow down even the NSA for a long enough period. Here’s the new scenario. An attacker breaks into the branch office on a Friday night. He powers down the RODC and proceeds with the attack with the server in situ. He takes a copy of the required user data from the RODC and puts it on his laptop. He leaves before the weekend is over and nothing is suspected. Using the usernames and passwords that he now has, the attacker can attack the rest of the target network with ease.
The solution remains as clear as it always has been. Physical security remains the key to ultimate security. I’m not saying we should abandon encryption. It still plays a part in normal theft/loss and let’s face it, the documented attack requires a dedicated attacker who can do the process almost instantly after powering off the machine. It’s funny how something as simple as a can of compressed air can be used to defeat something as complex as disk encryption. I bet MacGuyver would be proud!
Credit: Anthony Garmont.