One Disadvantage of Open Source Code with Full-Disk Encryption: A proven technical basis for highly efficient multiple-variant attacks on VeraCrypt
Encryption is tightly intertwined with privacy today. In addition to privacy invasions that can occur through an individual’s own postings on social media and business-model invasions for advertising purposes via web browsers and “free” service providers such as Gmail, there is also an enormous industry that profits handsomely by meeting increasing demand from the government and the private sector demand for more data on potential targets.
Encryption is one of the chief means of avoiding this massive, Internet-enabled, privacy-invading infrastructure.
There are many types of encryption: encryption of passwords, e-commerce traffic, email and more. On the personal privacy side, there is encryption of personal data on cell phones and personal computers (data at rest). This type of encryption can be as ubiquitous as the inclusion of Bitlocker in every Windows system, or as specialized as the full-disk encryption (FDE) capabilities of software packages like VeraCrypt. FDE makes it much more difficult to perform decryption attacks on personal computers, even for legitimate law enforcement purposes. There are specialized hardware packages that can run billions of attacks per hour on standard encrypted documents like compressed ZIP files, PDFs or Office documents. With FDE, however, the entire storage device is encrypted. In this case, decrypting attacks require attempting to mount the entire volume, which reduces attack speeds to fewer than 100 attempts per hour.
An Architecture to Attack FDE using VeraCrypt as an example
In addition to offering highly rigorous encryption capabilities, VeraCrypt is open source—which means interested parties can determine whether “back doors” or weakened encryption capabilities might have been employed. The combination of open source code (to minimize back doors and weak encryption usage) and FDE is considered the state of the art in maximum privacy enablement. However, Ventura has recently exploited this combination to gain a better understanding of the technology and innovate in new attacks against FDE.
Ventura was recently engaged by a large company in a digital forensics/ incident response role in support of a legal case against an insider, whose personal laptop was full-disk encrypted with VeraCrypt. As this disk contained evidence of the most recent activity on the part of the insider, accessing its contents was crucial for legal and civil prosecution purposes.
For this reason, Ventura developed—and has since demonstrated—an attack method that can perform millions of password attempts per hour (brute force or passwords list) based on existing code from the oclHashCat TrueCrypt mode, and oclHashCat was later patched to support VeraCrypt attacks directly.
The weakness of open source plus FDE is simply this: The storage medium only accesses a single boot sector to start up operations. This boot sector is 512 bytes, and the minimum amount of data accessed is likely much less. Because VeraCrypt is open source, the algorithms used to encrypt and decrypt are easily transferable to attack software such as oclHashCat, another open source program which is used to transport password attacks onto the CUDA architecture—NVIDIA graphics processing cores—which are much faster than the base CPUs for personal computers. Ventura recently updated oclHashCat libraries to support VeraCrypt. The combination of the updated oclHashCat, boot-sector-only target data and a single powerful GPU gaming system enables software-only-scale attacks on FDE encryption. This basic methodology would likely apply to any and all FDE systems unless a much larger boot footprint is used.
We presented on this specific methodology as employed both in test cases and the actual case mentioned above in March 2016 at eCrime Toronto. Additionally, we developed a further innovation by creating a contextual wordlist-building approach based on the current computer forensics case analysis to improve encryption key cracking for FDE volumes. This technique was explained in detail at the 8th EAI International Conference on Digital Forensics & Cyber Crime in New York in September, where source code from the Ventura lab was made available to the audience as a proof of concept.
The actual oclHashCat code used, details about the password harvesting capability and a working demo of a sample are available on request at firstname.lastname@example.org