Encryption Cracked On NIST-Certified Flash Drives

An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."

It's not just the algorithm

One weakness in the entire crypto-system can bring the whole thing down.

Re:It's not just the algorithm

[plover]

This has nothing whatsoever to do with Microsoft, you troll. RTFA.

The "password" software just sent the "it's OK, decrypt this" to the dongle.

Re:It's not just the algorithm

[hey!]

Only? It's *mainly* defects in the rest of the system that tend to bring things down.

Algorithms, once they get to the point where the experts trust them, are very seldom broken in the everything-laid-completely-bare way that faulty system design gets you. It's usually more like "could be broken with a week of supercomputing time ten years from now" or "can calculate a hash collision for certain specially constructed messages" variety of crack.

Of course once you get to that point, you have to assume that some really bright people will find a way to generalize the fault in the algorithm. If they'd broken AES, or even found an unexpected weakness in it, that'd be *huge* news. Instead, what they've found appears to be a classic case of plain old brain damaged design.

If the article is to be believed, the researchers found a really, really stupid flaw, the kind a non-expert like I could understand and probably exploit with not much effort. I would paraphrase this way: all these drives *effectively* have exactly the same key, but that fact is obscured by the software.

Re:It's not just the algorithm

I used to do FIPS, Common Criteria and Interac certifications.
For starts we were paid by the manufacturer of the device so every device passed. There was one case where a product was so obviously flawed we decided not to take the money and they device was certified by another certification shop.
Second, the cost for the certification is fairly competitive and the competition has driven the price down to the point where the money paid just barely covers doing the paper work. The actual investigation of the devices or software is only hours.
Third, NIST is extremely sloppy in checking up on the certification houses. They are even sloppy about verifying their own tools for doing known answer tests for well know algorithms.

Re:It's not just the algorithm

[witherstaff]

If only it was just a private bank, instead of being a government mandated monopoly. Corporatism is not libertarian friendly.

How does this differ from Truecrypt?

[NeutronCowboy]

Can anyone explain to me why the disk manufacturers chose to reinvent the wheel, instead of using Truecrypt? As far as I know, Truecrypt encryption hasn't been broken yet.

Re:How does this differ from Truecrypt?

[jimbobborg]

These aren't disks, they're USB thumb drives. The folks who "cracked" it just figured out a way to bypass the password and send a specific string that ALL of these devices use to access the data on these USB thumb drives. This seems to be endemic to these things. The info isn't encrypted, it's just locked with a password.

Re:How does this differ from Truecrypt?

[NeutronCowboy]

No, it's actually encrypted. The problem is that the command to unencrypt the data is always the same. In other words, a small little widget can sit between the password program and the encrypted disk, and just send the right command string, regardless of what password was entered. Instant decryption.

But still - why do something like try to reinvent crypto, when there's an open format? The license for Truecrypt even allows for commercial use.

Re:How does this differ from Truecrypt?

[bamf]

If you set up Truecrypt in portable-mode on a USB key so it acts like these off-the-shelf keys, then it needs administrator privileges to work. That's a big problem for a lot of people.

Re:How does this differ from Truecrypt?

[OscarGunther]

Assuming your last comment wasn't a rhetorical question, you already know the answer to this: Because the perceived value-add of selling an encrypted drive allows them to charge more than simply bundling TrueCrypt with a bog-standard USB drive. The public justification would be that their software is easier to use (and, if they're feeling particularly full of themselves, more secure).

Re:How does this differ from Truecrypt?

[jimicus]

No, it's actually encrypted. The problem is that the command to unencrypt the data is always the same. In other words, a small little widget can sit between the password program and the encrypted disk, and just send the right command string, regardless of what password was entered. Instant decryption.

But still - why do something like try to reinvent crypto, when there's an open format? The license for Truecrypt even allows for commercial use.

If it was properly encrypted, the decryption would be carried out on the device using a key supplied by the host PC and the device wouldn't be physically capable of decrypting it without the key. As it stands, the most charitable reading of this is that it IS using AES encryption, but it always uses the exact same key regardless of what the enduser does in the software.

Re:How does this differ from Truecrypt?

[ragethehotey]

Assuming your last comment wasn't a rhetorical question, you already know the answer to this: Because the perceived value-add of selling an encrypted drive allows them to charge more than simply bundling TrueCrypt with a bog-standard USB drive. The public justification would be that their software is easier to use (and, if they're feeling particularly full of themselves, more secure).

But with a minimal amount of work they could simply take the source, rename it and give it a pretty interface, and never have problems like this?

Re:How does this differ from Truecrypt?

[silent_artichoke]

This makes it very easy for them to charge $large_chunk_of_money for "data recovery services" in the event you forget your password.

Re:How does this differ from Truecrypt?

[gad_zuki!]

Portable Truecrypt has problems. The user will import their private key or at least have it somewhere they can get to it or use conventional cryptography. So there's a lot of security vulnerabilities right there. Oh, forgot to delete your private key? Now Im cracking the conventional encryption that protects it. TrueCrypt portable requierd admin privs:

Also note that, as regards personal privacy, in most cases, it is not safe to work with sensitive data under systems where you do not have administrator privileges, because the administrator can easily capture and copy the sensitive data, including the passwords and keys.

However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall TrueCrypt, cannot change passwords/keyfiles for TrueCrypt partitions/devices, cannot backup/restore headers of TrueCrypt partitions/devices, and they cannot run TrueCrypt in portable mode.

The idea with these drives is that the app can be run from the drive itself, so no extra software or training is needed. No key management. So that really just leaves us conventional cryptography, not public/private key. The problem of having security on your USB drive that gets plugged into various computers that you might not have control over and may be running trojans is tough to solve. Application level encryption is probably the best way to go but it requires standard installs and trust of the host computer.

Youre better off just carrying a netbook or other trusted security device with an encrypted drive and sharing the files via conventional methods with the host without giving the host all your data - email, ftp, web, plaintext transfers, etc.

Re:How does this differ from Truecrypt?

[Archangel+Michael]

If what you are saying is true, that it uses the same encryption key for all devices, that would have to be by "Design", or worse, negligence. I seriously doubt that the engineers for this thing thought one key to rule them all would be acceptable, which leaves us with "Design".

However, I'm reminded of the old addage, "Any sufficient level of incompetence is indistinguishable from malice".

My view is that sufficient levels of incompetence should be treated exactly like malice. And in this case the company(companies?) should be held responsible on a criminal level. Criminally incompetent, or Fraud.

Why don't we have a corporate death penalty?

Re:How does this differ from Truecrypt?

[sjames]

More to the point, what's the point of a super lock if you're going to tape the key to the door?

Re:How does this differ from Truecrypt?

[Andy+Dodd]

No, Traveler Mode (running on a machine without TrueCrypt installed) requires admin privileges.

If TrueCrypt was installed by someone with admin privs, non-admins can then mount TrueCrypt volumes.

Re:How does this differ from Truecrypt?

[ogdenk]

I don't allow my users to have admin privs on their desktops but they all have thumb drives. That's suicide. It becomes a maintenance nightmare and I can't stand it when I go to a user's desktop and find 500 IE toolbars and 20 icons in the System Tray. Get a clue. I hope you're not a network admin.

All my users have unprivileged accounts. Windows users are further restricted via Group Policy.

Always sends the same character string

"12345"

Re:Always sends the same character string

[pushf+popf]

"12345"

That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

Oops.

[Brian+Recchia]

Looks like they forgot the ROT13

Re:Truecrypt

[sakdoctor]

Didn't you even read TFS?

The moral of the story is to buy a normal flash drive and encrypt it using Truecrypt, then you are not at the whims of Kingston/SanDisk/Verbatim, keeping their closed source, windows only software patched.

Article title misleading...

[JazzyJ]

The encryption hasn't been cracked, it's the program that unlocks it that's been compromised.

Re:Article title misleading...

[maxume]

At least they used an industry standard for the key.

Not completely hardware based encryption then?

[tibman]

Seems that they did in software what should have been done in the hardware. The USB hardware should consider itself safe and the host machine suspect.. atleast in my mind. ATMEL has some good chips like: http://atmel.com/products/securerf/cryptocompanion.asp?family=646

Re:Not completely hardware based encryption then?

[John+Hasler]

> Seems that they did in software what should have been done in the hardware.

Thereby shaving $.93 off their manufacturing costs.

some data

[HBI]

First, here's the NIST list of approved 140-1 and 140-2 modules.

Note that they approve the module and not the access software. The flaw is in the access software. Therefore, 140-2 compliance or approval isn't proof that your data is safe. It just means that some approved form of encryption is implemented by the crypto module. It appears that the modules in question were given some form of TEMPEST examination as well, but once again, that means nothing in terms of the access software.

Re:some data

[mick232]

The flaw clearly is in the device! The access software is irrelevant because anyone can copy or modify such software. The device must protect the data regardless whether the access software has been compromised. If the FIPS approval does not consider this, then it's nothing more than a marketing gag.

Re:some data

[Alsee]

Note that they approve the module and not the access software. The flaw is in the access software.

As a programmer and hardware geek with a passing familiarity with crypto. It is quite clear what this device is doing (and what it is not doing). In fact the design issue here is so fundamental and blatant that I hesitate to even call it a "flaw". The hardware does not actually offer any crypto security at all, none.

The hardware is doing one of two things, although I don't have enough information to be sure which of the two.

The less likely possibility is that all of these modules are encrypted with the exact same key. To use the standard car analogy, it's like a manufacture advertising that their cars use super-secure AES locks on their cars (and yes AES locks are insanely uncrackable locks) but they manufacture all the cars to use the same key. The software us written not to sick that key in the car unless you enter your password, but that is not a software flaw - the is hardware designed to open for anyone who sicks in that public key. It is flagrant deception to advertise these cars as being "protected by super locks". Yeah, the superlock is technically present but it is effectively unused. Anyone can stick in the blank key and drive off with your car and your data.

The second and much more likely possibility is that each car lock really does use different random keys, but the hardware actually keeps a copy of that key mounted inside the lock, and the car merely has a button on the outside of the door to rotate that key in the lock. Again the software may be written not to press that hardware button unless you enter your password, but again it is not a software flaw. The hardware flaw is that it stores the key duct-taped to your data, and to make matters worse the hardware has a public button to automatically use that key to unlock your data for anyone. Again, the "superlock" is technically present, but again it is effectively unused.

Either way, the hardware is designed to open for (1) anyone with a blank key or (2) anyone without any key at all.

Tossing unused solar panels in the trunk of a car does not make it a solar powered car. That's not a "flaw", and it is completely false to advertise it as a solar powered car.

This hardware is advertised as superduper AES data encryption, but the hardware does not actually bother to use your password to encrypt the data.

-

Re:some data

[Facegarden]

First, here's the NIST list of approved 140-1 and 140-2 modules.

Note that they approve the module and not the access software. The flaw is in the access software. Therefore, 140-2 compliance or approval isn't proof that your data is safe. It just means that some approved form of encryption is implemented by the crypto module. It appears that the modules in question were given some form of TEMPEST examination as well, but once again, that means nothing in terms of the access software.

Actually, the flaw is indeed in the modules. They ALL use they same unlock key. I'd say that makes them flawed. The software is not helpful - it just obscures the fact that they all use the same unlock key by asking for a unique password that it converts to the common unlock key - but as unhelpful as the software is, it isn't the issue.

To put it another way, there is no way of fixing the software to change the fact that all of these drives can be accessed with one known key, which means its not the software that is broken, its the keys.

Of course, it doesn't help that the software gave up that key, so that is certainly a flaw but if the modules all had different keys it wouldn't be as helpful and it certainly isn't as big as a problem as the modules all being the same!
-Taylor

So instead of challenge response...

[calmofthestorm]

It involves a predictable post with the same predictable replies all the time...sort of like Fox news, or slashdot;)

Alternatively, instead of challenge-response it's greeting-response.

Re:IronKey?

[RemyBR]

The Ironkey should not be affected. It uses a different approach: first of all, the data on the drive is really encrypted, the drive is not only "locked" with a password. Secondly and most important, there's no validation of the password happening outside the drive (i.e. on a windows/linux/mac application). The application only lets you input your password, which is then validated by the drive itself via a ROM routine.

Shouldn't trust the host computer AT ALL

[georgewilliamherbert]

I don't believe why any portable secure drive needs to or should trust its host computer. This is a particularly stupid implementation, with an obvious and blatant exploit. But the host computer could by definition be compromised, and could intercept or store / cache or misbehave generically with the password you enter to get in.

Put a thumb-key sized numeric or hex keypad on the device, and make the owner punch in the code on insertion into a host device. One could still physically break into and tap the keys somehow, if the device is stolen and then returned without the owner knowing, but the user interface moves to right next to the data...

Re:Shouldn't trust the host computer AT ALL

[tgd]

If you don't trust the host computer, why would you unlock the device at all?

Once its unlocked and mounted, anything on the computer can access it anyway.

Re:Shouldn't trust the host computer AT ALL

[plover]

While I agree that trust belongs on the device (via a device-based keyboard), you still have to trust the host computer to not abuse the trust by copying the now-unlocked data or otherwise tampering with it. You are still at risk if you unlock the device and plug it in to a coffee shop PC.

Re:Shouldn't trust the host computer AT ALL

[IronKey+Dave]

You are incorrect. FIPS validated products cannot use the password for key generation. Instead, they must use a random number generator to create the AES key (eg 256-bit key). They password is used to gain access to the key. So a short password can be used, yet you still get 256 bit encryption. As long as brute force password protection counter is also implemented in hardware and cannot be rolled back, you do not need very long passwords (eg. set a 3 try limit). Also, you should encrypt the random AES key with a SHA-256 hash of the password, so that the key isn't stored in the clear anywhere.

Re:Truecrypt

What I got from the article was the following scenario:
1. Drive asks for a password
2. User enters a password
3a. The password is incorrect -> "DO NOT OPEN" message is sent to the drive
3b. The password is correct -> "OPEN" message is sent to the drive
4. User gains access to the drive

The "crackers" simply bypassed steps 1 and 2 and went straight to 3b. You'd of course have to be a complete idiot to design an authenticating mechanism in this manner. TrueCrypt does not share this design.

Re:IronKey?

[Andy+Dodd]

Actually, the way I read it, these drives all do use hardware crypto... But they use the SAME DAMN KEY. Authentication is handled in software.

Key management FAIL.

Re:Truecrypt

[plover]

This problem is only that of "closed source" and not one of "Windows only". It would be equally insecure on any OS.

Re:Truecrypt

[von_rick]

If you were to check the flash drives partitioning, you'll see that it has two separate partitions. The section with encryption program is on the primary partition of the flash drive. When the program executes, you get access to the other partition.

Now I've mounted those drives under Linux by bypassing the login process. Instead of mounting sdc1 (assuming sdc is your encrypted flash drive), you mount sdc2. What I've learnt is that the drive isn't encrypted at all - nor password protected. If you can find a way to format the first partition, you pretty much kill the password protection that comes with the flash drive. The "protected" partition just becomes the default partition when the primary one is unavailable.

TrueCrypt or any other data encryption method is the right way to actually secure your data

Sigh, no

Correct stuff was already explained above by someone else:

http://it.slashdot.org/comments.pl?sid=1498504&cid=30658760

The flaw is in the hardware, at least according to TFA. It works like this:

1) SW: OK, let's decrypt the drive, HW, you gives me dat0rz
2) HW: not so fast SW, you have to confirm if I should give the dat0rz
3) SW: Oh, right silly me, you give me challenge hash then
4) HW: Here u go
5) SW: kthx
6) SW: User, I need pass to verify challenge hash
7) US: here's pass, now give me dat0rz!
8) SW: Working ... OK pass hashes to correct value
9) SW: Hey, HW! Guess what? I got correct pass, so it's cool for you to give me dat0rz!
10) HW: cool, here u go!

What these guys did was just make some rogueware

1) RW: OK, let's decrypt the drive, HW, you gives me dat0rz
2) HW: not so fast SW, you have to confirm if I should give the dat0rz
3) RW: Hey, HW! Guess what? I got correct pass, so it's cool for you to give me dat0rz!
4) HW: cool, here u go!

So yes, the problem is that the hardware is not conducting the challenge itself, but depending on software to do it. Also mentioned above, some clueless people were saying that the data on the drive isn't hardware encrypted. No, I assure (again, according to TFA) you, the data is hardware encrypted. But if it's using this scheme, then it isn't encrypted with the hashed key of your password. Your password is only hashed and stored on the drive, but the data must use the same key(set) on all drives. Even without the crappy auth design, this would still be a problem because it dramatically reduces the keyspace if you have physical access. This is most definitely a hardware flaw.

Next class, we're going to go over substitution ciphers! Remember, you have a pop quiz tomorrow on SQL parameterization and validation!

Re:Who cares?

[Improv]

Some things really are like locking a house - windows passwords, normal unix passwords, etc. With those things, the user expects that someone has or can get access to things anyhow. However, there are many devices that are not so analogous - if there's sophisticated encryption in the hardware and they're selling it as a reasonably secure device, it's more like your neighbourhood bank, where you probably don't expect jane random to read a secret word on the internet to say to the guards that will have them open the vault.

Insider

[dbrez8]

As someone who works in the secure flash drive space, maybe I can shed a little light on some questions/comments I see above..

First and foremost the vulnerability described in this article is related to only the secure flash drives stated in TFA. There are several others available that do not have this vulnerability because instead of password matching in software, they match in Hardware of Firmware, run on the drive itself. Are there others within the industry that may be susceptible? Probably, but all secure flash drives certainly are not. Look to only use drives with password matching done on-chip (HW/FW).

How could a FIPS 140-2 certified flash drive have this vulnerability? Well FIPS is great to prove you use certified encryption algorithms, authentication methods, and so on, but FIPS does not certify the whole system. This is one of those very important security areas that fall outside of the FIPS umbrella. In the future look for additional certifications that will encompass the entire system rather than just the encryption like FIPS..

Why not just use TrueCrypt?? TrueCrypt is a great product, there is no doubt. But at its core, TrueCrypt is a software encryption container for your data. There are some inherent shortcomings with software encryption on USB flash drives.
1. Performance is sacrificed since your PC CPU needs to perform all security operations in software, rather than on the hardware of the flash drive.
2. Though it may work well for consumers that *want* to have their data secure, TrueCrypt would be a nightmare in an enterprise setting. Users could format the drive, or store files outside of the encrypted partition just to make things easier. This is not possible on secure flash drives with forced data encryption via hardware. with these drives an Admin knows that if he sees a drive by company X, that the data on it must be secure. Just to name a couple..

I hope this is helpful to some.

Re:Insider

[vlm]

1. Performance is sacrificed since your PC CPU needs to perform all security operations in software, rather than on the hardware of the flash drive.

You're assuming your short production run / limited power / simple architecture / limited heat dissipation hardware is faster than running it in software on a commodity processor, which RAID card manufacturers have falsely been pushing for years (decades now?). Think about it, it implies a USB sized and USB powered gadget runs faster than the PC its plugged into.

Also assumes the limiter to overall system speed is processing the data. Feeding "a couple megs" to a multicore processor running "several gigs" is not going to saturate it... The processor is going to spend most of its time doing something else.

Not to say HW encryption isn't a good idea from a security standpoint.

Or if, in some crazy world, the drive is attached to something that is actually lower powered than the flash drive (maybe a data logger appliance or something) then it makes sense.

Or, if the add on device has a special ATX connector so it can suck down almost as much power as the CPU, like modern video cards, and is hyper parallelizable like a modern video card, then "doing it in dedicated HW" makes sense.

But in general, always a bad idea to replicate what the main processor already does, but badly or more slowly.

Re:Truecrypt

[kestasjk]

Isn't that fraud? How were they marketed?

Re:Truecrypt

[geekmux]

If you were to check the flash drives partitioning, you'll see that it has two separate partitions. The section with encryption program is on the primary partition of the flash drive. When the program executes, you get access to the other partition.

Now I've mounted those drives under Linux by bypassing the login process. Instead of mounting sdc1 (assuming sdc is your encrypted flash drive), you mount sdc2. What I've learnt is that the drive isn't encrypted at all - nor password protected. If you can find a way to format the first partition, you pretty much kill the password protection that comes with the flash drive. The "protected" partition just becomes the default partition when the primary one is unavailable.

TrueCrypt or any other data encryption method is the right way to actually secure your data

IF in fact what you've discovered is true across several vendors "FIPS certified" flash drives, then I'm not sure what is more disturbing; The idiot who designed this "encryption" scheme, or the idiot in charge of rubber stamping the FIPS certification on it.

I knew there was more than one reason I use TrueCrypt everywhere...

Re:Truecrypt

[plover]

Read some of the other posts then. One Linux user says that if he plugs one of these drives in and simply mounts /dev/fdd2 he has full access to the data. It doesn't matter much how you implement the software on any OS when that's the security model.

Re:Truecrypt

[space_hippy]

There should be nothing preventing you from putting a Truecrypt volume on the FIPS140-2 compliant drive. It would be similar to having a hidden truecrypt volume within another encrypted volume. So this would satisfy the 'pointy hair boss' with compliance to FIPS140-2 while keeping data secure from the 'crack' mentioned in the article.

Re:IronKey?

[IronKey+Dave]

IronKey D200 and S200 models are validated to the much more demanding FIPS 140-2 Level 3. The products that are the subject of this hack are validated to Level 2. They are all in fact manufactured by SanDisk. Previous authors are correct, their architecture has serious design flaws. They are relying on the host PC to do password verification, and essentially using a static code to tell the device to unlock. Basically it's a back door to all of those affected SanDisk, Kingston and Verbatim devices. I will be posting an FAQ later today on the https://www.ironkey.com/ website describing the flaws and how IronKey's architecture does not have these issues. IronKey validates all passwords in hardware. We have password replay prevention and encrypted USB command channels. We also use a hash of the password to decrypt the data AES key, so it's cryptographically impossible to unlock an IronKey without the password. Finally, IronKeys store encryption keys and brute force counters in a hardened CryptoChip. The SanDisk, Kingston and Verbatim products store them in Flash memory, which isn't even part of their FIPS 140-2 security policy. Dave

Do it 256 times

[cromar]

No, no, no be sure to do it 256 times. That's the most secure (assuming 8-bit char are used).

Re:IronKey?

[Jon+Abbott]

Thanks for posting this update. I've always had respect for IronKey and that level of respect just went up a few notches.

Re:Hmm

[Chili-71]

Having spent 8 years in the Naval Security Group working with NSA and another 10 years as a defense contractor working with NSA on secure communications, I can tell you for a fact that if you don't have physical security, you don't have security. Period.