Such an attack was implemented by researchers Alex Tereshkin and Joanna Rutkowska Ale 2. In case full disk encryption is being used, such bootkits are capable of manipulating the original bootloader and replacing it with an infected copy. Bootkits are variants of rootkits that infect the Master Boot Record (MBR) or a boot sector Wik 1. Rootkits are a form of advanced malware that facilitate stealthy deployment and operation of programs on a system. The best mitigation against this attack is to simply disable the FireWire drivers in the Operating System and render the port non-functional. 'Inception' is a free tool that allows one to perform a FireWire attack. If the protected TrueCrypt volume is mounted while the memory dump is taken via a FireWire port, the resulting image would contain the cryptographic keys needed to decrypt and mount the TrueCrypt volume (as explained later in this paper). The attacker can then take a full memory dump even if a computer is locked or logged off. Īs with dictionary attacks, PBKDF2 used in TrueCrypt would considerably slow down the brute force attacks.ĭMA (Direct Memory Access) is used to acquire control of the RAM via the FireWire port. The tool sequentially tried all possible combinations until it got to the correct passphrase, which was then displayed to us. We set the parameters accordingly which gave us a total of (26*26*26*26) =456976 possible passphrases. Note that we set the password to the encrypted volume as 'haha'-a simple combination of 4 characters-to save time during experimentation.įor example, in this case we knew the password to be 4 characters long and having all lower case characters. These parameters will determine the total number of possible combinations. Next, we set the parameters to be used while implementing the attack. First, we point it to the encrypted volume. To simulate a brute force attack on a TrueCrypt volume, we used the tool ''. Note: Such dictionary attacks on TrueCrypt are incredibly slow, since it uses the Password-Based Key Derivation Function 2 (PBKDF2) that is meant to slow down the password cracking process using key stretching.īrute force attacks deploy a similar concept to dictionary attacks, except here every possible combination of characters is tried from a pre-determined set. We created a dummy dictionary with 7 phrases, the last of which was the correct passphrase. Here, we use a tool called 'truecrack' to implement a dictionary attack on a protected TrueCrypt volume. Also, this attack can get very time-consuming, depending on the size of the dictionary selected. Most users who are using TrueCrypt to protect their sensitive information are smart enough to use complicated passphrases that would not be found in dictionaries. However, there are obvious downsides to this approach. We sequentially try all entries in a dictionary file as potential passphrases until we succeed. The concept of a dictionary attack is simple. In this paper, we will progress via attacks that are easily understood, and move toward attacks that require advanced understanding of TrueCrypt functionality and encryption systems. This paper seeks to address TrueCrypt users who wish to understand known attacks against TrueCrypt, and forensics analysts who are interested in defeating TrueCrypt during the course of criminal investigations. Please note that these attacks may not target a flaw in TrueCrypt itself, but rely on 'bypassing' TrueCrypt security or taking advantage of user negligence. Vulnerabilities always exist, and in this paper we look at some of the ways in which TrueCrypt security can be "beaten". However, there is no such thing as absolute security. Many of us have come to trust TrueCrypt to defend extremely sensitive personal and business secrets. TrueCrypt offers 'on-the-fly' encryption, which means we do not have to wait for large files to decrypt after entering the correct passphrase files are immediately accessible. This is facilitated by easy-to-use GUI tools like TrueCrypt that offer advanced encryption without hassles. The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a daily basis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |