1 / 31

Encryption and Data Recovery

Encryption and Data Recovery. Adapted and expanded from presentation given by Robert Wesley McGrew and Josh Coffey. Introduction. Like any good tool, cryptography flexibly serves the needs of those who use it Anyone – Provides privacy, confidentiality, authentication, non-repudiation

brilliant
Download Presentation

Encryption and Data Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption and Data Recovery Adapted and expanded from presentation given by Robert Wesley McGrew and Josh Coffey

  2. Introduction • Like any good tool, cryptography flexibly serves the needs of those who use it • Anyone – Provides privacy, confidentiality, authentication, non-repudiation • Investigators – Security against tampering, confidentiality • Criminals – Protecting/Hiding illegal activities

  3. Other (criminal) Uses of Cryptography • Child Pornographers • One of the primary reasons people cite for regulating/restricting the use of crypto • Communications via IRC, files traded via FTP, encrypted with BestCrypt • AES, etc, symmetric ciphers • no word on how keys were exchanged

  4. Other (criminal) Uses of Cryptography • Terrorism • Cases: • RSA and also custom crypto (was easily broken) • Note that there are cases where attempts at decryption failed, however other incriminating evidence was found • Plea bargain  keys, a useful trade • Lots of PGP usage

  5. The Rest of the Usual Suspects • Drug dealers • Hackers • White collar criminals • Nearly anyone that’s computer literate can implement this • If they don’t seem bright enough to have done it themselves, question the geek they hired to do it for them

  6. How common will encryption be? • Strong crypto tools are readily available • Interfaces to such tools are becoming more intuitive • More cases hinging on digital evidence encourages criminals to become more careful • In the push for security on personal computers, encryption is being integrated into the operating system

  7. Symmetric Cryptography • Involves a single key, for both encryption and decryption • When used by itself, it is mostly used for encrypting data to be stored locally. • For data that is to be communicated, there is the problem of how to share the key (which we will address) • Algorithms involved: • AES • DES, Triple-DES • Tools: • BestCrypt • DriveCrypt • Many, Many others

  8. Asymmetric Cryptography • A relatively recent (70’s) discovery • Two can communicate securely, over an unsecured channel, without having a shared secret to start with. • Two keys • Public key – Made known to all, used to encrypt • Private key – Individual’s secret, used to decrypt • A passphrase protects the private key on the user’s machine • Slower, so usually used to communicate a key which can be used for further encrypted communications via symmetric • Most common implementation is PGP, GnuPG

  9. Why you’re in trouble if they did it right • Well known and used algorithms are very secure, mathematically. • Factoring is used as a one-way trapdoor function. It’s easy to compose a number as a product of primes, but hard to decompose it back. • Peer review

  10. Why you’re in trouble if they did it right • The implementations of these algorithms in commonly used software are often also quite secure • The more popular the product, the more likely it is that it has been discovered that it leaks data in some way, and fixed. • Good passphrases • Long, memorable, but random enough to make them hard to crack • Wastes a lot of your time with brute force attacks

  11. Brute Force is Our Last Resort • If modern cryptographic software is used correctly, with secure, long passphrases, we might be out of luck. • 2^1024 : 1.8 x 10^308 possible keys • Long, memorable passphrases are rarely random, but small, easily remembered changes would make them hard to guess • Beat it out of them (Not for the usual CS crowd) • What are some more creative ways of getting a key from a suspect?

  12. What they hopefully and probably did wrong • Single word passphrases • Sloppy procedures with their encryption software • Home-brew implementations/algorithms • Trusted the key to someone they shouldn’t have • Left enough unencrypted data on the media to work with

  13. A few questions • What types of encryption do you think would be easier to break in an investigation? • What kind of arguments can a suspect use to avoid assisting you in decrypting evidence? • What factors affect how long it may take an investigator to decrypt evidence? • Why might it be difficult to get companies/individuals/groups who write cryptography software to provide help/information?

  14. Attacking Simple Ciphers • One of the simplest ways of encrypting data is to take the XOR of the bits of plaintext against the bits of the key • 01010111 XOR 10111011 = 11101100 • With a repeating key, however, analysis can retrieve the key and plaintext • Index of coincidence • Frequency analysis

  15. …and after that, it just gets nasty • Beyond very trivial algorithms like XOR, cryptanalysis and brute force attacks do us less and less good • Exhaustive searches of the keyspace take 2^(bits in key) • 40 bit keys can be brute forced in reasonable time • However each additional bit doubles the time required to brute force the key

  16. A Question • With Windows moving towards a secure-by-default configuration in future versions, particularly regarding encrypted file systems, what techniques will investigators have to use to do the same job they do today? • Alternate techniques • Alternate sources of data

  17. Theory vs. Practice • Cryptographic algorithms and procedures are very secure in theory • Any software engineer will tell you, however, that translating requirements, specification, and design into a product is non-trivial • In reality, implementation/usage faults reduce the security of cryptographic solutions

  18. Key vulnerabilities • Dictionary attacks • Keystroke recording • Observation (shoulder-surfing) • Predictability • What ethical/legal issues would be involved in allowing a suspect to use his computer after it had been seized (with a copy of the evidence drive) in order to log keystrokes/passphrases?

  19. Dictionary attacks • Examples: • John the Ripper • Access Data’s Distributed Network Attack • Zip password crackers • http://www.netgate.com.uy/~fpapa/ • Dictionary attacks are parallelizable • Traditional clusters • Distributed cracking

  20. Leaking Data • PGP, and other tools may “leak” plaintext or keys in a recoverable way • Buffers hold plaintext or keys in memory and may be compromised while executing • Depending on what’s contained in the write buffer for the file-system, portions of plaintext or key previously in the buffers may be written out to disk as RAM slack at some point. • Paging to virtual memory may make some of the above even easier to exploit, or even leave buffers on the disk persistently in case of a crash.

  21. Unencrypted Copies • Filesystems where some directories are encrypted and some aren’t • Multiple filesystems of mixed encrypted/plain status • In all cases, it is possible that at some point, the suspect slipped up, or the normal operation of the OS created a copy of an encrypted file in an unencrypted location • Ex: EFS & printer spool directories

  22. Leaks in Application Software • Most applications leave temporary files, backup copies, etc. • Microsoft Office : backup, recovery • vi and emacs : ~ files • While crypto software may be carefully designed not to let data be written all over the place, most software used to manipulate and view data isn’t. • Management of these temporary/backup copies • Application : Rarely if ever wiped properly • User : Very likely that they’re sloppier in dealing with these than the actual data • File Signatures will help locate this data

  23. Caught in the Act • If the computer is on at the time of seizure, there are some possibilities • Encrypted disks may be unlocked • Passphrases may be cached/saved • Encrypted files may be open in programs • Unencrypted data or keys may be in volatile memory • Are the risks of changing the system or triggering traps worth attempting to capture the above, vs. the standard “pull the plug” we usually discuss?

  24. Obtaining passphrases • Interrogation • Observation • Exploiting the reuse of passphrases • One program may use a passphrase as a key to unlock a private key, and do so securely • However if the suspect uses the same passphrase to unlock their Palm PDA, it may simplify matters down to cracking XOR. • Research published vulnerabilities in OS security (chntpw)

  25. Mining evidence for passphrases • Use tools such as Access Data’s PRTK (Password Recovery ToolKit) to build wordlists from unencrypted data for possible passphrases • Legal problems with overly broad searches? • Complexity involved with multi-word passphrases

  26. Why don’t you just ask nicely? • In some situations you may can cut them a deal • If they say they “forgot” a recently changed key, try to verify when it was changed • Intimidation works • Implication of guilt • Why is the knowledge of an encryption key not an implication of guilt? • 5th amendment rights

  27. Pitfalls of Trying to Obtain Passphrases • Be aware of wiretap laws when involving keystroke recorders or other monitoring software/hardware • Log all “guesses” • Passphrases may periodically change • Possibly a blessing in disguise, if passphrases for older data seized is easier to break.

  28. Key Verification • Duress passwords • One cryptotext expanding into two plaintexts • Actual Passphrase  Incriminating Evidence • Duress Passphrase  “Boring” Data • Duress passphrases may also trigger evidence destruction • How can we verify what the suspect has told us about the passphrase?

  29. Dead Man’s Switch • When seizing a computer, care must be taken when removing the hard drive • Removing the case may trigger encryption or destruction of drives • Long periods of time without suspect interacting with computer may trigger encryption/destruction • Requires a special breed of paranoia/expertise from the suspect, but it is a possibility • How else could you “rig” your computer in case of seizure?

  30. Encrypted Communications • Emails in transit • Network traffic • Wireless • Cell phones • Landlines • Etc etc etc

  31. Think like a hacker • Attempt to recover the data while it is plaintext, on either end of a communication • Man in the Middle Attacks

More Related