Foreword to "Risks of using cryptographic software and possible ways of data leaks"
How well, do you think, your data is protected from an unauthorized access?
It is likely, that many will answer on that question with the confidence about the safety of their data. The general assumption is, that the use of cryptographic software makes your data safe. People who have only a superficial knowledge about the information security, presume however, that if your information would be sought after by a resourceful adversary, like a government agency, then any encryption would be broken. People versed a little bit more in the information security, often ridicule that presumption, however. But let us deliberate and think this through, who is indeed right?
In this article I will try to explain about the risks of using cryptographic software, and about the ways of gaining access to the encrypted data. The article is based on a common knowledge, and you will find no secrets there. However, if you would give some thought to the information conveyed here, you may grasp how fragile your security might be, and how something perceived by many to be indestructible, can easily be broken. Well then, let us briefly examine the main types of attacks on the encrypted information.
Breaking into cryptoalgorithms, or the brute force attack
It is accepted knowledge, that there are no absolutely strong algorithms, except for a disposable notepad. All known cryptoalgorithms are not based on knowledge, but rather on the lack of it. The strength of any cipher has yet to be mathematically proven, but on the other hand, weaknesses of most of the invented ciphers are already established. Therefore, a strong cipher is considered to be one for which there exists no practical method of breaking it. However, if there is no method at the moment, it does not mean that it will never be devised, though, when speaking in regards to the well studied ciphers (AES, Twofish, Serpent), there is very little chance that they will be broken in the next 10 years. There exists a view that NSA/CSS employs cryptanalytic methods which are not known to the public. That, however, is no more than a rumor as there are no facts proving it to be otherwise. Still, one must remember not to assume that the data encrypted with a cipher considered to be strong by the current standards, will remain safe forever. In my opinion, the maximum term for which the data can be considered to be safe, when encrypted by a recent strong cipher, is 10 to 20 years. That should always be kept in mind.
Currently, the only plausible attack on strong cryptoalgorithms, is going through all the possible key combinations. At the current stage of technical progress, it is possible to pick the 64-bit key, and theoretically the 70-bit key. The 80-bit key is the minimum, which is considered to be safe. In the future, when a quantum computer will become a reality, the length of the key for the symmetric ciphers would have to be doubled to achieve the same level of safety. This means that, theoretically, 128-bit keys can be broken on a quantum computer. The 256-bit keys, however, will never be broken by the brute force attack as working through the entire number of possible keys will come against the limits set by the law of physics. Taking all that into consideration it should not be forgotten, that your password ought to have the same strength as the key space of the encryption algorithm you are using, otherwise your encrypted data will be accessed by picking up the password.
By summarizing the aforementioned, we conclude that the successful brute force attacks are a highly unlikely occurrence, nevertheless, they should not be disregarded completely. Also, cryptoalgorithms with less than a 256-bit key should not be used though longer keys make no real sense either.
Faulty implementation of cryptographic software
Even the strongest of the encryption algorithms can be defenseless, if it is implemented with errors, or used inappropriately, and that is the illness of the proprietary software. Microsoft is especially infamous for that, as virtually each of its cryptographic solutions had serious vulnerabilities, often breakable in a trivial manner. One need not venture far for the examples, — Kerberos, encryption of Microsoft Office documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS encryption in Windows 2000, RNG implementations in Windows 2000/XP/Vista. As history shows, that company is unable to learn on its own mistakes, therefore it is better to use anything, but the Microsoft's cryptography, since, even if you would want to, you will find no worse reputation, than the one enjoyed by the Microsoft.
Besides containing errors, proprietary software and cryptographic hardware devices, can also have intentional backdoors, existence of which can be lied about by the producer. As an example, we can look at the Drecom hard drives with hardware data encryption, manufacturer of which has announced encryption to be done using AES, but actually it turned out to be simple and easy to break XOR cipher. If you would like to find more about that, please read this article. Thence we can conclude, that the promises of the producers can never be trusted, and one should always demand the proof of the claims made by the manufacturer. Any such proof should always be thoroughly examined, and if there is not enough qualification for the verification process, then seeking a professional opinion is strongly recommended.
When using impeccable quality cryptographic software, there is no danger of falling a victim to the above mentioned issues, still however, that does not rule out the other possible threats. One of the most serious risks, is for the trojan horse program to get a foothold in your system, which then may intercept entered passwords, encryption keys, or even transmit the data that your are protecting, itself.
Protection from malware is one separate and large theme, and it will not be discussed in this article. There is one thing you should remember, though, — no malicious software must ever infiltrate your computer system. Otherwise, there is no point in data encryption. In case, when handling truly important data, for which it is absolutely unacceptable for anyone to get an unauthorized access to, then it is advisable for such a system not to be connected to the internet, and it also should have only the bare minimum of required software installed.
Physical attacks are always involved with the possibility of direct physical access to the system, or with the opportunity to observe it, which may be associated with the remote monitoring or using the bugging technology. There are the TEMPEST techniques, allowing for the image from a monitor to be read from a distance of a hundred meters, by capturing and analyzing electromagnetic (EM) radiation emitted from a display. The text entered on the keyboard, can be acquired by capturing, with a bug or a laser microphone, and examining the sounds that the keys make when being pressed. An adversary, who can come into direct contact with your system, may implant it with the software contaminant or with the hardware keylogger. The encryption keys and the confidential data, can be obtained from the computer memory by freezing and transferring the memory chips, or by connecting a scanner/reader device to the computer buses. The contents of the memory can also be accessed through some external ports, for example via FireWire, without the help from any special technology, and using only a notebook computer.
Software-induced data leaks
With reference to the disk encryption, in certain cases it is possible to reveal the encrypted data even without the use of trojan software or having a physical access to the live system. The fault of that, are the leaks of confidential data into a number of non-encrypted system files. The most critical, in this regard, files on the Windows systems are the following: registry, swap, crash dump and hibernation file (hiberfil.sys). For the most part, the user mode application memory space, which contains the confidential data that applications process, is being paged to hard disk drive. DiskCryptor, however, prevents the keys and passwords from getting into the swap space, as it stores them in the non-swap memory. In addition, the passwords and keys are not being stored for longer than it is necessary to process them, and afterwards the memory that has been occupied by this sensitive data, is nulled.
This kind of security measure exists in all adequate open source cryptographic software, but that is not always sufficient to reduce the data leaks risk to zero. The most dangerous are the data leaks into hiberfil.sys and crash dumps, as the whole contents of memory, including its non-swap regions, is being stored on the disk in this case. This situation is essentially complicated with the fact, that the mechanism how the dumps and hiberfil.sys are being written, is not documented at all, and therefore, the most present-day disk encryption software cannot encrypt these files, and they are being written in non-encrypted way to disk sectors! Old DriveCrypt Plus Pack versions and even TrueCrypt 5.1, had such kind of vulnerabilities. The consequences of that are catastrophic, as saving of the memory dump in open manner, definitely opens up the possibility to reveal all encrypted information in a matter of few minutes.
The guys from Microsoft did such a dirty job, that there is even no need to devise any backdoors in the cryptographic software. Most probably, that security-related government agencies can make use of this Windows's feature, and this is what has led some people to believe, that the government can break any encryption. The simplest solution for this issue, is to disable memory dump file generation and hibernation mode, which is recommended in the TrueCrypt's documentation as well (when system encryption is not used). The problem is, though, that most users do not read documentation, and have little awareness about the important factors that play role in the system's safety, and thus users get an illusion of security, instead of the real protection. DiskCryptor, starting from version 0.2.5, has extra measures in place to prevent leaks of the sensitive data:
- When the system partition is encrypted, then memory dump and hibernation files are already protected (by default Windows is configured to write these files to the system partition).
- If the system partition is not encrypted, and when there are mounted encrypted disks present in the system, then the use of hibernation mode and saving of memory dump (on system crash) are blocked, and in case if there are no mounted encrypted disks present, then before commencing hibernation or writing memory dump, the password cache is being automatically cleared from memory.
That way, the program does not let the sensitive data to be written to disk in a non-encrypted way.
Nonetheless, please bear in mind, that there is always a chance for the data leaks to occur because of a third-party application. For example, if there is a software on your system, that intercepts keyboard input (it can be a language translation tool, an automatic keyboard layout changer, or a keylogger), or if you use the clipboard to copy passwords, then in such cases, passwords may be stored in a memory region that DiskCryptor has no control of, and where the data leaks can be taking place. In order to safeguard yourself from these kind of data leaks to be used against your system's security, — it is sufficient to encrypt all the disk partitions, where this important data can be written onto. If your system is connected to a network or the internet, please make sure, that no unauthorized transmissions of the sensitive data are taking place, as keyloggers, besides saving their log on a local disk, can also transmit what they capture over your network/internet connection. But then again, you must not let any malicious software to get into your system, in the first place.
As you can see, there are many ways which can lead for the encrypted confidential data to become exposed, and this is by no means a comprehensive overview of all the possible ways to achieve that. In particular, there has been no mention of either rubber-hose cryptanalysis, nor possible risks involving the human factor, or social engineering manipulation. The more we know about the information security, the more aware we become of our defenselessness.
So that is why you should always remember, — confidential data protection must not be limited to encryption only, and it is all-important to take very seriously the arrangement of physical security structure, as well. In no way however, what has just been put forward, diminishes the necessity to use encryption, and it still remains a formidable obstacle for an adversary to overcome.
|Language:||English • Deutsch • русский|