Defeating Forensic Attacks on Full-Disk Encryption

by Mojo

With the rise in use of full-disk encryption tools such as TrueCrypt and BitLocker, the forensic community has developed a number of techniques to recover the keys required to decrypt protected data.

While at first these attacks may seem powerful and hard to defeat, there are actually many simple and practical steps that will provide full protection if followed.

Cold Boot Attacks

A cold boot attack requires the encryption key to be in memory, i.e., the encrypted drive is mounted.

The attacker performs a hard reset on the machine and loads an attack tool, say from a USB drive, that dumps the contents of the computer's RAM.  The attacker can then search through the memory dump for the encryption key required to unlock the drive.

A simple way to mitigate this attack is to prevent the BIOS from booting off USB drives or CD/DVDs, in fact, anything other than the internal HDD.

Remember to password protect the BIOS settings themselves.  Unfortunately, the attacker may be able to reset the BIOS using a hardware jumper, and by default most will boot from CD.  As such, a better option is to get a motherboard that wipes all RAM on reboot by default.  Apparently, motherboards that support Microsoft's "TCG Platform Reset Attack Mitigation Specification" do this, but I have yet to see one.  Many server motherboards will perform a full RAM write/verify test though, and the few Intel ones I have tried do not allow you to abort the test.

Remanence Attacks

Remanence refers to the way that DRAM retains its contents even when power is removed for a short time.

Because of this, it is possible to perform a variation of the cold boot attack where the RAM is physically removed from the computer and placed into another one, which is ready to boot up some forensic key recovery software.  The only defense against this attack is to either prevent the attacker getting at your RAM while the encryption key is stored in it or to make the RAM difficult to remove.

The former can be accomplished by never leaving the computer alone with encrypted volumes mounted, and having an emergency "dismount all volumes and wipe keys" function if a surprise raid is possible.

TrueCrypt has that feature, no doubt popular with unpopular Chinese activists.  You can use a keyboard shortcut to activate the emergency dismount, but on most computers simply pressing the power button will begin a controlled shutdown that dismounts all drives and may be the only option if you encrypt your system partition.

Physically protecting the RAM can be a bit tricky.

Firstly, the attacker will probably try to open the case with the computer still turned on, since as soon as power is cut the RAM will begin to lose data integrity.  They have only seconds to transfer it to a different computer.  Server motherboards often feature a "case open" switch that can detect opening of the case and start an emergency shutdown, so wire it up if available.  Server cases often have additional internal covers over the RAM area to channel air for cooling, and stripping the heads on the screws or even just using a mixture of random security bolts can really help slow an attacker down.

Finally, you can always glue the RAM into the sockets, ideally with superglue but hot-melt will buy some time.  In fact, I have seen eBay sellers use hot-melt glue to prevent RAM and various cables falling out during shipping.

If you are buying a new laptop and are worried about this, consider getting one with non-removable, non-upgradable RAM, such as an Ultrabook.  Typically, they are very hard to open up anyway and the RAM is soldered directly to the motherboard.

DMA Attacks

Direct Memory Access, or DMA, allows devices other than the CPU to directly access the contents of RAM.

FireWire, Thunderbolt, and PCI/PCI Express all support DMA.  Most laptops will have at least one of these (PC Card slots are actually just hot-plug PCI/PCI-E ports).  Digital forensics companies sell devices that connect to these ports and allow the contents of RAM from a live system to be dumped to another for analysis and recovery of encryption keys.

Forensics guys love these tools because even if the computer is locked, it will usually happily accept their FireWire/PC Card device and load a driver for it, and then they have access to things that an offline analysis would never get them and full control over a live system.  If you happened to be logged in to IRC at the time, they could start pretending to be you, for example.

Mitigation is as simple as disabling the device in your OS of choice.

Fortunately, even when disabled, the DisplayPort part of a Thunderbolt port usually still works.  Remember to disable the PCI/PCI-E host controller for your PC-Card port, rather than any devices you have plugged in to it (which obviously will no longer work).

Hibernation File Attacks

When your Windows PC hibernates, it saves the contents of RAM to the hibernation file.

If you encrypted the system partition where this file lives, then you have nothing to worry about; it is inaccessible.  If you didn't, then you either need to disable it (powercfg.exe /hibernate off in an administrator level cmd box) or use BitLocker's TPM+PIN option.

The latter makes sure that the encryption key is not stored in the hibernation file, instead living in the Trusted Platform Module (TPM) module where it is supposed to be secure and protected by a PIN number.  Of course, you have to trust the TPM chip manufacturer on that.

It is also a good idea to avoid sleep mode.  In sleep mode, the contents of RAM, including any encryption keys, are preserved.

Remanence attack mitigation will help, but why take the chance?

Good luck.