Encryption and Data Recovery - PowerPoint PPT Presentation

1 / 41

About This Presentation

Title:

Encryption and Data Recovery

Description:

Much of this case is off-topic, but a couple of key points ... Caught in the Act. If the computer is on at the time of seizure, there are some possibilities ... – PowerPoint PPT presentation

Number of Views:167

Avg rating:3.0/5.0

Slides: 42

Provided by: wesley1

Category:

more less

Transcript and Presenter's Notes

Title: Encryption and Data Recovery

1
Encryption and Data Recovery

Originally adapted and expanded from Practical
Approaches to Recovering Encrypted Digital
Evidence IJDE 2002 13
By
Robert Wesley McGrew and Josh Coffey

2
Introduction

Like any good tool, cryptography flexibly serves
the needs of those who use it
Anyone Provides privacy, confidentiality,
authentication, non-repudiation
Investigators Security against tampering,
confidentiality
Criminals Protecting/Hiding illegal activities

3
U.S. v. Scarfo

http//www.epic.org/crypto/scarfo.html
Much of this case is off-topic, but a couple of
key points
A customized keystroke recorder was used to
capture key/passphrase information for PGP
More pre-emptive than most computer forensics we
discuss
Sets a tone for the sort of activities we may
discuss and resort to, in order to recover
evidence where encryption is used.

4
Other (criminal) Uses of Cryptography

Child Pornographers
One of the primary reasons people cite for
regulating/restricting the use of crypto
http//news.zdnet.co.uk/business/legal/0,39020651,
2084388,00.htm
Communications via IRC, files traded via FTP,
encrypted with BestCrypt
AES, etc, symmetric ciphers
no word on how keys were exchanged
http//www.password-crackers.com/crack3.html

5
Other (criminal) Uses of Cryptography

Terrorism
Cases http//www.cs.georgetown.edu/7Edenning/cry
pto/cases.html
RSA and also custom crypto (was easily broken)
Note that there are cases where attempts at
decryption failed, however other incriminating
evidence was found
Plea bargain ?? keys, a useful trade
Lots of PGP usage

6
The Rest of the Usual Suspects

Drug dealers
Hackers
White collar criminals
Nearly anyone thats computer literate can
implement this
If they dont seem bright enough to have done it
themselves, question the geek they hired to do it
for them

7
How common will encryption be?

Strong crypto tools are readily available
Interfaces to such tools are becoming more
intuitive
More cases hinging on digital evidence encourages
criminals to become more careful
In the push for security on personal computers,
encryption is being integrated into the operating
system
WinFS http//msdn.microsoft.com/Longhorn/underst
anding/pillars/WinFS/default.aspx
EFS http//www.microsoft.com/windows2000/techinf
o/planning/security/efssteps.asp

8
Symmetric Cryptography

Involves a single key, for both encryption and
decryption
When used by itself, it is mostly used for
encrypting data to be stored locally.
For data that is to be communicated, there is the
problem of how to share the key (which we will
address)
Algorithms involved
AES
DES, Triple-DES
Tools
BestCrypt
DriveCrypt
Many, Many others

9
Asymmetric Cryptography

A relatively recent (70s) discovery
Two can communicate securely, over an unsecured
channel, without having a shared secret to start
with.
Two keys
Public key Made known to all, used to encrypt
Private key Individuals secret, used to
decrypt
A passphrase protects the private key on the
users machine
Slower, so usually used to communicate a key
which can be used for further encrypted
communications via symmetric
Most common implementation is PGP, GnuPG

10
Why youre in trouble if they did it right

Well known and used algorithms are very secure,
mathematically.
Factoring is used as a one-way trapdoor function.
Its easy to compose a number as a product of
primes, but hard to decompose it back.
Peer review

11
Why youre in trouble if they did it right

The implementations of these algorithms in
commonly used software are often also quite
secure
The more popular the product, the more likely it
is that it has been discovered that it leaks data
in some way, and fixed.
Good passphrases
Long, memorable, but random enough to make them
hard to crack
Wastes a lot of your time with brute force attacks

12
Brute Force is Our Last Resort

If modern cryptographic software is used
correctly, with secure, long passphrases, we
might be out of luck.
21024 1.8 x 10308 possible keys
Long, memorable passphrases are rarely random,
but small, easily remembered changes would make
them hard to guess
Beat it out of them (Not for the usual CS crowd)
What are some more creative ways of getting a key
from a suspect?

13
What they hopefully and probably did wrong

Single word passphrases
Sloppy procedures with their encryption software
Home-brew implementations/algorithms
Trusted the key to someone they shouldnt have
Left enough unencrypted data on the media to work
with

14
A few questions

What types of encryption do you think would be
easier to break in an investigation?
What kind of arguments can a suspect use to avoid
assisting you in decrypting evidence?
What factors affect how long it may take an
investigator to decrypt evidence?
Why might it be difficult to get
companies/individuals/groups who write
cryptography software to provide help/information?

15
Attacking Simple Ciphers

One of the simplest ways of encrypting data is to
take the XOR of the bits of plaintext against the
bits of the key
01010111 XOR 10111011 11101100
With a repeating key, however, analysis can
retrieve the key and plaintext
Index of coincidence
Frequency analysis
Why is this attack not possible if the lengths of
plaintext and key are equal?

16
and after that, it just gets nasty

Beyond very trivial algorithms like XOR,
cryptanalysis and brute force attacks do us less
and less good
Exhaustive searches of the keyspace take 2(bits
in key)
40 bit keys can be brute forced in reasonable
time
However each additional bit doubles the time
required to brute force the key

17
Factors of Encryption Strength

http//www.informit.com/guides/content.asp?gsecur
ityseqNum67
Implementation quality
Password exposure in WEPs RC4
Location in time/space of cached keys
Key length/randomness

18
A Question

With Windows moving towards a secure-by-default
configuration in future versions, particularly
regarding encrypted file systems, what techniques
will investigators have to use to do the same job
they do today?
Alternate techniques
Alternate sources of data

19
Theory vs. Practice

Cryptographic algorithms and procedures are very
secure in theory
Any software engineer will tell you, however,
that translating requirements, specification, and
design into a product is non-trivial
In reality, implementation/usage faults reduce
the security of cryptographic solutions

20
(Mis)management of plaintext/keys

Example given in the paper
Unix crypt utility
If the user simply deletes the plaintext file, it
can be recovered with the usual techniques
If neither the application or the operating
system wipes buffers containing plaintext in main
memory, it may be recovered from volatile memory,
swap, or RAM slack
The above also applies to keys

21
Key vulnerabilities

Dictionary attacks
Keystroke recording (a la U.S. v. Scarfo)
Observation (shoulder-surfing)
Predictability
What ethical/legal issues would be involved in
allowing a suspect to use his computer after it
had been seized (with a copy of the evidence
drive) in order to log keystrokes/passphrases?

22
Dictionary attacks

Examples
John the Ripper
Access Datas Distributed Network Attack
Zip password crackers
http//www.netgate.com.uy/fpapa/
Dictionary attacks are parallelizable
Traditional clusters
Distributed cracking

23
Leaking Data

PGP, and other tools may leak plaintext or keys
in a recoverable way
Buffers hold plaintext or keys in memory and may
be compromised while executing
Depending on whats contained in the write buffer
for the file-system, portions of plaintext or key
previously in the buffers may be written out to
disk as RAM slack at some point.
Paging to virtual memory may make some of the
above even easier to exploit, or even leave
buffers on the disk persistently in case of a
crash.

24
Unencrypted Copies

Filesystems where some directories are encrypted
and some arent
Multiple filesystems of mixed encrypted/plain
status
In all cases, it is possible that at some point,
the suspect slipped up, or the normal operation
of the OS created a copy of an encrypted file in
an unencrypted location
Ex EFS printer spool directories

25
Leaks in Application Software

Most applications leave temporary files, backup
copies, etc.
Microsoft Office backup, recovery
vi and emacs files
While crypto software may be carefully designed
not to let data be written all over the place,
most software used to manipulate and view data
isnt.
Management of these temporary/backup copies
Application Rarely if ever wiped properly
User Very likely that theyre sloppier in
dealing with these than the actual data
File Signatures will help locate this data

26
U.S. v. Hersh Comparing Characteristics

Compare file attributes, sizes, etc. with known
files to determine the likelihood that they
contain the same data
What are some of the problems with this?

27
Recovery from RAM

Using pmdump to recover plaintext from PGPtray
Demonstration

28
Caught in the Act

If the computer is on at the time of seizure,
there are some possibilities
Encrypted disks may be unlocked
Passphrases may be cached/saved
Encrypted files may be open in programs
Unencrypted data or keys may be in volatile
memory
Are the risks of changing the system or
triggering traps worth attempting to capture the
above, vs. the standard pull the plug we
usually discuss?

29
Obtaining passphrases

Interrogation
Observation
Exploiting the reuse of passphrases
One program may use a passphrase as a key to
unlock a private key, and do so securely
However if the suspect uses the same passphrase
to unlock their Palm PDA, it may simplify matters
down to cracking XOR.
Research published vulnerabilities in OS security
(chntpw)

30
Mining evidence for passphrases

Use tools such as Access Datas PRTK (Password
Recovery ToolKit) to build wordlists from
unencrypted data for possible passphrases
Legal problems with overly broad searches?
Complexity involved with multi-word passphrases

31
Why dont you just ask nicely?

In some situations you may can cut them a deal
If they say they forgot a recently changed key,
try to verify when it was changed
Intimidation works
Implication of guilt
Why is the knowledge of an encryption key not an
implication of guilt?
5th amendment rights

32
Pitfalls of Trying to Obtain Passphrases

Be aware of wiretap laws when involving keystroke
recorders or other monitoring software/hardware
Log all guesses
Passphrases may periodically change
Possibly a blessing in disguise, if passphrases
for older data seized is easier to break.

33
Key Verification

Duress passwords
One cryptotext expanding into two plaintexts
Actual Passphrase ?? Encriminating Evidence
Duress Passphrase ?? Boring Data
Duress passphrases may also trigger evidence
destruction
How can we verify what the suspect has told us
about the passphrase?

34
Dead Mans Switch

When seizing a computer, care must be taken when
removing the hard drive
Removing the case may trigger encryption or
destruction of drives
Long periods of time without suspect interacting
with computer may trigger encryption/destruction
Requires a special breed of paranoia/expertise
from the suspect, but it is a possibility
How else could you rig your computer in case of
seizure?

35
Encrypted Communications

Emails in transit
Network traffic
Wireless
Cell phones
Landlines
Etc etc etc

36
Think like a hacker

Attempt to recover the data while it is
plaintext, on either end of a communication
Man in the Middle Attacks
Arp spoofing

37
The future of recovering encrypted data

Solutions to the problem of finding encrypted
data (as opposed to simply random data)
The use of scanning-tunnelling microscopes and
tools that can read from RAM after power-down
Intelligent generation of passphrases
In what way is this an arms race?

38
Network Forensics and Encryption

http//www.networknewz.com/networknewz-10-20021204
Network-Forensics.html
Encryption may be more prevalent on network
communications than filesystems
Certain information may be divulged even with
encryption on networks
Who is communicating with whom?
For how long?
Patterns of communication correlated to real
life events
What would you have to do to hide the above
information?

39
Conclusions

The papers
Encryption is a problem, yet not insurmountable
There is the possibility of recovering plaintext
and keys
The difficulty is in the individual investigator
keeping up with the technology
Mine
The difficulty is that the quality of
cryptographic tools will rise
It will become more difficult to perform
investigations on computer hard drives
More evidence may be gathered from removable
media, phones, PDAs, etc.
New seizure techniques that more reliably capture
the state of the system need to be developed.

40
Questions

Why wouldnt government key escrow work to
maintain investigators ability to read
evidence?
How does encryption make things harder for
smaller (not well funded) forensic
investigators?
Do you believe that laws will be passed to compel
suspects into giving up keys?
How many of you actually use encryption
software?
For what purpose?
Who here is at least careful about encrypting
network traffic?