Shulou(Shulou.com)06/02 Report--

Two researchers from the University of Radbaud in the Netherlands have published a paper describing a key vulnerability in Bitlocker, a popular encryption software for solid state drives. A solid state disk requires a password to encrypt and decrypt the content stored on it, but the password can be bypassed. Two researchers from the University of Radbaud in the Netherlands have published a paper describing a key vulnerability in Bitlocker, a popular encryption software for solid state drives. A solid state disk requires a password to encrypt and decrypt the content stored on it, but the password can be bypassed. Vulnerabilities in the encryption system used by solid state drives (SSD) can be easily used by hackers to decrypt data as long as they have access to the device.

The solid state disk uses its stored key to encrypt and decrypt the content stored on it, but the problem is that the key used to encrypt and decrypt data is not derived from the user's password, that is, as long as the hard drive is available, reprogramming it through the debug port, you can reset any password. Yes, the encryption design of solid state drives is so speechless. Two researchers tested three Crucial and four Samsung solid state drives and found that they were more or less immune to these attacks. All of these solid state drives tried to implement the TCG Opal encryption standard, but apparently failed. The researchers analyzed and found that the encryption of several solid state drives can be completely bypassed and the data can be fully recovered without any key or password. In particular, SSDs fail to associate the user's password with the actual data encryption key (DEK), both of which are stored on the hard disk. The built-in processor and firmware of the solid state drive are free to use the DEK, but choose to do so only when you receive the correct password. If the firmware is reprogrammed or tampered with through the debug port, you can skip password verification and use DEK directly. DEK should actually come from the user's password to some extent. Without a password, there is no complete key. But in fact, SSDs do not follow this principle. Not only that, many hard drives use only one DEK encryption for the entire disk-although these drives provide the ability to encrypt different partitions with different passwords. Two researchers said that by connecting the debug interface on the hard disk circuit board and modifying the password check process in the firmware so that the hard disk can accept any password before obtaining DEK to encrypt or decrypt the device, they successfully decrypted the data on a number of solid state drives. In other cases, researchers can modify the hard disk firmware or use a code injection vulnerability that modifies the password verification process to obtain the key, both of which require the attacker to have physical access to the hard disk. In the paper, the researchers say that there is a way to protect these hard drives, which is to ensure that the secret information needed to decrypt the hard drives is stored outside the hard drive itself. Using full-disk encryption software running on the host and encrypting and decrypting data with a key derived from a password provided by the user before and after leaving the hard disk can help achieve this goal. The results presented in this paper tell us that we can not only rely on the hardware encryption provided by solid-state drives to ensure confidentiality. Users who rely on solid state drives for hardware encryption should add a full encryption software solution, preferably open source and audited. Unfortunately, some popular data encryption systems, including the Bitlocker tool used in Windows 10, do not have soft armor encryption protection for solid state drives, relying instead on the fragile hardware encryption of the hard drive itself. Cryptography guru Matt Green doesn't reserve his opinion: to be honest, Microsoft's trust in these devices to implement Bitlocker is the stupidest thing in the company's history. It's like jumping out of a plane with an umbrella instead of carrying a parachute. In some cases, researchers suggest that users and administrators try something like VeraCrypt instead of Bitlocker. They say VeraCrypt can be encrypted in-place while the operating system is running and can coexist with hardware encryption. Moreover, even if hardware encryption can be supported by adjusting group policy settings, Bitlocker users can modify their preferences to enforce software encryption. In an email to the media, one of the two researchers wrote: because we only understand the ARM architecture, we have only tested the above-mentioned solid state drives using this architecture. Having said that, the TCG Opal standard is too difficult to implement correctly. The requirements of the specification are very many and quite complex. A simpler standard can make it easier for vendors to implement, and can also ensure that their implementation is more secure. From a security perspective, an implementation of a reference nature should be disclosed so that the security community can review its design and implementation. This makes it easy for vendors to implement these encryption strategies. Our general advice for SSDs hardware encryption users is not to rely entirely on current hardware encryption technologies, but to take additional security measures, such as installing VeraCrypt software encryption. Address of the paper on this vulnerability: https://t.co/UGTsvnFv9Y TCG Opal encryption standard address: https://trustedcomputinggroup.org/resource/storage-work-group-storage-security-subsystem-class-opal/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.