Your SlideShare is downloading. ×
Forensic Recovery of Scrambled Telefons
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Forensic Recovery of Scrambled Telefons

2,299
views

Published on

Performing Cold Boot Attack against Android and iOS' Full Disk Encryption.

Performing Cold Boot Attack against Android and iOS' Full Disk Encryption.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,299
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Greeting
    Who has a smart phone?
    Who can image a life without smartphone?
    What is scrambled telephone: encrypted telephones
  • Why we disscuss the this topic?
    Technical Backgroud
    FROST: Concrete tool based on the backgroud
    Is iOS vulnerable to FROST?
    Summary
    ----- Meeting Notes (12/12/13 23:07) -----
    Now Let's have a look at the importance of smartphone
  • Graph shows:
    Number of smartphone users over time in Germany
    Almost exponential increasing
    09-10 Per year
    11: half year
    12-13: quarter year
    Market Share: Android Domination, iOS runners up, togerther over 50%
    ----- Meeting Notes (12/12/13 23:07) -----
    So, what is Andorid and what does the manufacture do for its security?
  • SELinux:
    - Developed by the National Security Agency
    Mandatory Access control
    Priciple of minimum permission
    Reasons for root:
    Forced out-of-box applications
    Privacy
    3rd Party rom
  • Suitable in case where device is exposed to physical lost.
    TPM: Trusted Platform Module, „cypto-cellphone“
    device-mapper:Device-mapper is a new infrastructure in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, etc...(dm是在2.6内核里的新架构它提供了在块设备上创建一般的虚拟层这样我们就可以在真实的块设备上做像条带化,镜像,快照等事情) The device-mapper is used by the LVM2 and EVMS 2.x ,dm-crypt disk encryption, and offers additional features such as file-system snapshots.(dm被lvm2,evms2.x,dm-crypt磁盘加密所采用,而且能提供额外的像文件系统快照的功能)
    Side-channel attact -> Hardware Keylogger, Electromagnetic analysis, Time analysis, etc.
  • Data is written in Clear text to the abstract device
    OS encrypts the data using e.g. Kernel module
    Encrypted data is written into the physical device
  • Similar Way: DMA Direct Memory Attack
    Joint Test Action Group (JTAG) is the common name for the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture.
    Graph: Bit error rate in connection with temperature and time withou power
    - The colder the RAM is, the more time you have to cold boot it /or remove it and plug it into another computer.
  • [5] Princeton Let We Remember: Cold Boot Attacks on Encryptions Keys
    1. Charge the phone to ensure it’s online
    2. Cool down to ensure the content of the memory
    3. Perform a cold reboot (remove battery, replace while holding the power button)
    4. Flash the prepared image (Hold Volume Button, boot into Fastboot mode, then cnnect to pc, then fastboot flash recovery)
    5. Dump Memory
  • iOS wipes out key from ram
    To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation, such as:
    After restarting your iPhone 5s
    When more than 48 hours have elapsed from the last time you unlocked your iPhone 5s
    To enter the Touch ID & Passcode setting
  • We have learnt:
    Full Disk Encryption is suitable for mobile devices and it is ….
    But it is vulnerable to CBA if not properly deployed
    Tools like FROST are just implemented for this purpose.
    But – Simply mechanism e.G. in iOS prevents this kind of attack.
  • Transcript

    • 1. Chair for Network Architectures and Services Faculty of Computer Science Technical University Munich Forensic Recovery of Scrambled Telephones Dai Yang Proseminar: Network Hacking and Defence WS2013 Advisor: Tsvetko Tsvetkov December 13th, 2013
    • 2. Contents  Introduction: Meaning of Smartphones  Background  Android  Full Disk Encryption  Cold Boot Attack  Forensic Recovery of Scrambled Telephones  Vulnerability of iOS and Countermeasure  Conclusion  References FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 2
    • 3. Introduction    Almost every second person in Germany has a smartphone Smartphones are widely used, both for private and business use Lack of awareness concerning personal data Sources: 2013 ComScore MobiLens. Data evaluated with Statista. Numbers are in Millions. FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 3
    • 4. backgROUnd FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 4
    • 5. Android  Google initialized mobile OS as open standard  Launched in 2008 with T-Mobile G1  Linux kernel based architecture       Linux Kernel (Drivers, Power Manager, etc.) Libraries (SQLite, WebKit, SSL, OpenGL, etc.) Application Framework (Activity Manager, Window Manager, etc.) Native applications (Home, Contacts, etc.) Android Runtime (Core Libraries and DVM, since “KitKat”: ART) Modern Security Features      since 4.0: FDE via dm-crypt since 4.3: Security Enhanced Linux (SEL) Pattern-Lock or PIN separate user data partition less secure on “rooted” devices Source: http://www.gsmarena.com/t_mobile_g1-pictures-2533.php, last visited on 2013/11/17 at 16:18 FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 5
    • 6. Full Disk Encryption  Techniques: dm-crypt (Linux), FileVault (Apple), BitLocker (MS)  AES-Algorithm  Hardware based: eg. crypto cellphone Pros: Cons:  Transparency  Vulnerability to CBA  Safe swap space and  Side Channel attack temporary files  Cryptanalysis  User independent  Single key  Immediate data destruction  Unsafe boot region FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 6
    • 7. Software based Full Disk Encryption FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 7
    • 8. Cold Boot Attack  aka. platform reset attack, cold ghosting attack, iceman attack  Side Channel Attack  Physical access  Target: encryption keys 80%  How to: 60%  Boot with special sector  Dump the memory  Alternative:  JTAG Port  Insert to other Computer 25-30˚C 40% 5-10˚C 20% 0% <0.5s 0.5-1s 1-2s 3-4s 5-6s  Press reset (Cold boot) 100% time / bit errors / temperature Sources: Based on [6]. FROST, FAU-Erlangen Nueremberg, Oct 2012 FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 8
    • 9. FroST FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 9
    • 10. Forensic Recovery of Scrambled Telephones FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 10
    • 11. Functionality of FROST  In general  Check the encryption state  Key recovery  RAM dump via USB  Crack 4-digit PIN  If boot loader is unlocked / developer mode enabled, in additional  Decrypt and mount /data Sources: FROST user interface. http://www1.informatik.uni-erlangen.de/frost , last visit: 2013/11/17 at 21:38 FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 11
    • 12. Results from FROST  Full data in the RAM, including  New and old personal photos (Dropbox)  Recently visited websites  E-mails  Entire WhatsApp chat history  Personal text files  Contacts  Calendar entries  WiFi credentials in plain text  Other personal plain text files very sensitive information  Other plain text credentials  GPS coordinates  List of recent phone calls  etc. FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 12
    • 13. Evaluation FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 13
    • 14. Vulnerability of iOS and Countermeasures  iOS  (almost) not vulnerable to cold boot attack  wipe out key from RAM  AES-Key = UUID + User Passcode  High iterations time  GUI-Protection, Wipe Out  Since iOS7 + iPhone 5S: Key/Fingerprint for better security  Countermeasures  Cache/Register-Based  Soldering the memory  Key Wipe  Memory Wipe  2-Way authentication  Full memory encryption FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 14
    • 15. Conclusion FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 15
    • 16. Questions FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 16
    • 17. References [1] “Global market share held by tablet operating systems in 2013”, survey by IDC, Source from Statista, March 2013 [2] “Android technical specs”, official description by Open Headset alliance. Source: http://source.android.com/devices/tech/, last visit: 2013/11/17 at 16:33 [3] “Linux kernel device-mapper crypto target”, DMCrypt. Source: https://code.google.com/p/cryptsetup/wiki/DMCrypt, last visit: 2013/11/17 at 17:47 [4] “An in-depth analysis of the cold boot attack”, R.Carbone, C. Bean, M. Salois, Ministry of National Defence, Jan. 2011 [5] “Let We Remember: Cold Boot Attacks on Encryptions Keys”, J.A. Halderman, S.D. Schoen, N. Heininger, W. Clarkcson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, E.W. Felten. In Proceedings of the 17th USENIX Security Symposium, Princetiong University, USENIX Assosiation, pp. 45-60 [6] “Forensic Recovery of Scrambled Telephones”, T. Mueller, M. Spreizenbarth, F.C. Freiling, FAU Erlangen Nuremburg, Oct. 2012 [7] “iOS Security”, Apple Inc., Whitepaper. Source: http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf, last visit: 2013/11/20 at 11:56 FROST Android -> FDE -> CBA | FROST | Countermeasures | Conclusion 17
    • 18. Chair for Network Architectures and Services Faculty of Computer Science Technical University Munich Forensic Recovery of Scrambled Telephones Dai Yang Proseminar: Network Hacking and Defence WS2013 Instructor: Tsvetko Tsvetkov December 13th, 2013