Full Disk Encryption Hard For Law Enforcement To Crack

If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled "The growing impact of full disk encryption on digital forensics" [abstract here to paywalled article] that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT, "[T]here are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off the computer (for transportation) without realizing it's encrypted, and thus can't get back at the data (unless the arrestee gives up his password, which he doesn't have to do); second, if the analysis team doesn't know that the disk is encrypted, it can waste hours trying to read something that's ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data. The paper does go on to suggest some ways to ameliorate these issues, but ultimately the researchers aren't hopeful: 'Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption.'"

I wish this was the case in the UK

I wish this was the case in the UK, any encryption keys have to be handed over when asked by the police or .Gov

Re:I wish this was the case in the UK

If they know it's a truecrypt drive, they probably would suspect that there's another partition so will try and charge you anyway for withholding.

So basically they make your life hell for a year till charges are dropped and would use any little excuse to question & detain you.

Re:I wish this was the case in the UK

[durrr]

I haven't bothered with hidden partitions, yet. Does it mean I'm subject to legal punishment for not using this feature and thus lacking a password to give to law enforcement so they can take part of my extensive collection of crustacean pornography?

And if that, then what happens when truecrypt suddenly accepts multiple hidden partitions or other more complex schemes? Everyone goes to jail because lawmakers somehow ascended beyond full retard?

Re:I wish this was the case in the UK

[fuzzyfuzzyfungus]

It may not help the poor bastard being asked for them; but, depending on the implementation, delivering the keys may simply not be possible.

It takes a pretty exceptional human to actually remember a useful crypto key, so most systems store the key for you and depend on a password, passphrase, and/or some sort of hardware device to grant access to the key. If the system that actually stores the crypto key is designed to resist tampering, there are a reasonable number of initial attempts at forensics that might trip tamper detection and cause the key to be wiped, irrevocably.

Your classier cryptographic coprocessor modules offer such tamper resistance, and the enthusiasm of DRM peddlers and corporate customers who have backups; but really, really, hate data-breach stories will likely continue to push it further down into cheaper and more common business desktops and laptops.

(Even the TPMs of today may be pretty tricky to subvert without pissing them off, though I don't think that they are required to adhere to the same anti-tamper standards as the more serious hardware security modules).

Re:I wish this was the case in the UK

[sunderland56]

We need an encryption package that has *two* passwords:

• One normal one that decrypts as usual;
• A second one that formats the disk and installs a standard version of Windows

You use password #1, but if arrested you give up password #2.

Re:I wish this was the case in the UK

[Dogbertius]

Sadly, the notion of "plausible deniability" works both ways. If they (ie: the authorities) are aware it is a TrueCrypt volume, they can just demand you hand over the passwords for the inner and outer volumes. If you provide just one key (ie: the password for the outer volume that contains junk you don't care about), and you are in a country that demonstrates little to no respect for civil rights, they could very well jail you, even if you aren't using a hidden volume.

Secondly, the authorities demanding you hand over the key (strangely enough) isn't covered under fifth amendment rights, so again, they can demand you hand over the keys, or you could be jailed almost indefinitely.

Finally, there are some interesting articles by Bruce Schneier on alternate means of incrimination. www.schneier.com/paper-truecrypt-dfs.pdf

In short, there are many ways to give a judge the idea that the use of a hidden volume is likely (ie: check path histories for previously opened files, check temp folders, etc). Not only would these indicate the possibility of a hidden volume, but some files that were meant to be encrypted may be 100% available (eg: Microsoft Word makes temporary backups of files in your %APPDATA% folders in case it crashes and you want to recover your work; as one example). Unless one is very diligent and knows what he/she is doing with respect to encrypting data, it would seem the only safe method is to encrypt the entire disk and boot off of it exclusively, all while keeping the machine itself disconnected from the internet to avoid hacking attempts, and locked in massive safe so the authorities don't install a keylogger (application or physical device) or start taking snapshots of your disk daily to aid in cracking the password.

You may be able to secure your data, but with multiple means of data accidentally being leaked due to the OS or various applications used in day-to-day life, along with unscrupulous policing agencies allowed to overrule fundamental civil rights, it is likely that one will ultimately lose their data and/or freedom either way.

Re:I wish this was the case in the UK

[NotSanguine]

It takes a pretty exceptional human to actually remember a useful crypto key

Not really. How hard is to remember a paragraph from your favorite novel or lyrics from a popular song. It's even better if you *mis-remember* the quote/lyrics so that you're the only one who would come up with the result even if someone tried to brute force the key by scanning all your books and listening to all your music.

Perhaps something like:
While the music played you worked by candle light, those San Francisco nights - you were the best in town, Just by chance you crossed the diamond with the pearl, you turned it on the world, that's when you turned the world around

Or maybe:
I was alone I took a ride, I didn't know what I would find there. Another road where maybe I could see another kind of mind there. ooh and I suddenly see you, ooh did I tell you I need you? Every single day of my life.

Try and brute force those keys. Using punctuation makes it even harder. And these are the first verses to well known songs. Use the third verse of an obscure song (one you don't like would be even better). The music makes it much easier to remember and just about anyone can remember songs/lyrics.

Some people just have zero imagination. Sigh!

Re:I wish this was the case in the UK

[mSparks43]

From the actual paper (worth reading if you have academic access):

Challenges can also arise when a defendant appears to be cooperative. For instance, the defendant may provide incorrect decryption details but the defense may claim that the encrypted container was damaged in some manner, which was why it would not open.

They also list several court cases where truecrypt FDE rendered the machines inaccessible many years after the fact.

Re:I wish this was the case in the UK

[theedgeofoblivious]

Or what?

They'll prosecute you for not giving them your password?

If they had enough evidence that they were able to get a search warrant to get the data on your computer, you were probably already about to be prosecuted for something pretty substantial.

If you had a choice between being prosecuted for not giving them your password or being prosecuted for whatever else you were about to be prosecuted for, I expect that in most cases you'd want to be prosecuted for not giving them your password.

The government can threaten you with an alternative prosecution, but they can never actually compel you to give up your password.

Re:I wish this was the case in the UK

[MagicM]

You sound like someone who hasn't seen this yet, but would enjoy it.

Re:I wish this was the case in the UK

[DamnStupidElf]

It's obviously foolish to use public text verbatim as a key. Common Crawl has a 40 TB dataset that costs approximately $150 to MapReduce on EC2. Any key that happens to be a (reasonably short, say under 1KB) substring of that data costs $150 to break. Any key within a short hamming distance of a substring in that database costs roughly 2^hamming_distance more to break; two changed bytes is only worth $600. I imagine that large organizations who care have much larger databases including the text of most published books. It's such an obvious idea and until you realize that attackers have access to all the public source data that you do it sounds like a good idea to just pick a random string from a book to use as a passphrase. Don't kid yourself; no matter how obscure or unpopular a song is there will be lyrics for it somewhere on the Internet, not to mention in published books.

You can take a published string and make it a reasonably secure passphrase by adding enough entropy to it, but you still have to remember the entropy that you've added. Why not just start with a diceware passphrase and memorize the entropy directly?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Giving up passwords

[earthloop]

(unless the arrestee gives up his password, which he doesn't have to do);

In the UK he does. And people have been punished for not handing it over.

Re:Giving up passwords

[fuzzyfuzzyfungus]

(unless the arrestee gives up his password, which he doesn't have to do);

In the UK he does. And people have been punished for not handing it over.

Unfortunately for everybody, really, the potential 5-year RIPA sentence for refusing to disclose a key is crazy draconian as a threat to induce Joe Public to open every Turing-complete device in his entire life to the cops(after what is, no doubt, a impeccable judicial review); but it is substantially less scary than the sentence you might get for various serious crimes that the key might be hiding, along with any incentive provided by your criminal colleagues in favor of loyalty to the organization...

Re:Giving up passwords

isn't the UK part of the same EU ?

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0174:FIN:EN:HTML

2.4. Privilege against self-incrimination
The presumption of innocence includes the privilege against self-incrimination which is made up of the right of silence and not to be compelled to produce inculpating evidence. The maxim nemo tenetur prodere seipsum , (“no person is to be compelled to accuse himself”) applies. The accused may refuse to answer questions and to produce evidence. The ECtHR[24] held that, although not specifically mentioned in the ECHR, the privilege against self-incrimination is a generally recognised international standard which lies “at the heart of the notion of a fair procedure”. It protects the accused against improper compulsion by the authorities, thus reducing the risk of miscarriages of justice and embodying the equality of arms principle. The prosecution must prove its case without resort to evidence obtained through coercion or oppression. Security and public order cannot justify the suppression of these rights[25].They are linked rights, any compulsion to produce incriminating evidence being an infringement of the right of silence. The State infringed an accused’s right of silence when it sought to compel him to produce bank statements to customs investigators[26]. Coercion to co-operate with the authorities in the pre-trial process may infringe the privilege against self-incrimination and jeopardise the fairness of any subsequent hearing.

Re:I have my disk (at least partially) encrypted

[s0litaire]

RAM can hold a copy of the last data held for a good 5 seconds if warm and up to +20mins of frozen,
so it could be chilled/frozen using compressed air, removed and placed into a reader that dumps the ram memory to disk.

Re:xkcd "comics" are never obligatory.

Wow. Did a stick figure run over your dog or something?

REFRIGERATED crustacean pix?

You are in violation of the laws forbidding the manufacture, sale and possession of chilled prawnography.

Re:REFRIGERATED crustacean pix?

[chromas]

Judging by his name, I'd say he's been out there a while.

Deniable encryption only works in theory

[betterunixthanunix]

In practice, the headaches that would ensue from widespread use of deniable encryption would cause one of two outcomes:

1. Police would stop asking for secret keys, or only ask for a short period of time, because they would have no way of knowing whether or not they have the true secret.
2. The system would be outlawed.

Countries that respect and protect a right to free speech would not outlaw such a system, but unfortunately such countries are few and far between. Deniable encryption encryption works in theory, but in practice the existence of non-deniable encryption makes it hard for people to claim that they are innocent users of a deniable encryption system. While there are innocent uses of such a system (perhaps your business secrets are so valuable that being tortured for them is not beyond the realm of possibility) they are few and far between; deniable encryption is tool for protecting your data from a government, and for all their talk about China and Iran, most western governments are not interested in having citizens who can secure their communications and data from police investigations.

Re:Deniable encryption only works in theory

[izomiac]

I figured that plausible deniability applies both ways. You deny that you have any more hidden volumes, they deny that you've given them all relevant passwords. In the UK that means running afoul of that law. In less kind parts of the world (or society) that means you will be tortured until you give up the "real" password, repeated ad infinitum as there's no way to determine the number of hidden volumes. Sucks to be you if what they're looking for doesn't exist, there's no way for you to prove that and break the cycle.

IMHO, plausibly deniability is for reasonable and less motivated opponents (e.g. some family members). If you're worried about a less savory type, you need to visibly destroy the data. E.g., put it on RAM disks that will shut down if someone opens your closet door and doesn't type the correct code in 30 seconds. You'll be charged with destruction of evidence in a courtroom, and presumed guilty elsewhere, but it's a calculated risk. Wiping the header that is used to convert your password into the actual crypto key is another possibility that potentially allows for later recovery, but your opponent may assume that as well.

Here's a clue LEO guys...

[bmo]

While I currently do not run full disk encryption on my laptop and I have never done anything to warrant arrest, I have thought about full disk encryption. Especially in these days of a growing police state, it is not my job to make your job easier. If the news stories keep going the way they are, I suspect that within the year, I will simply migrate over with strong encryption and that will be that.

Because I do not like the increasingly adversarial and militarized role the police have been taking. I'm sure I'm not alone. While I do not wear tinfoil, the news events of late give me pause.

--
BMO - shiny side out.

Re:obligatory

[xaxa]

Trick, cajole, threaten, inconvenience, stress, discomfit, and a whole host of other verbs that come just shy of it, but not quite outright torture yet.

From the videos of what the US police have done this week I wouldn't be so sure.

http://boingboing.net/2011/11/18/police-pepper-spraying-arrest.html for instance.

(I would call pepper spraying someone so much they're coughing up blood 45 minutes later torture, but maybe Americans call it 'discomfort'.)

Re:"more research?"

[TheGratefulNet]

want to see a lawyer's head explode?

(we all do. read on...)

tell them you support jury nullification.

its almost like telling an electrical repairman that there ARE user-repairable parts inside and that that label is pure hogwash.

lawyers and judges are so smug sure that 'judging guilt' is a hard job, to be left only to those 'qualified'.

the thing is, the so-called pros have done such a bad job over the last few decades, I can't believe that even a random roll of dice would be worse for carrying out justice. perhaps that would even be an upgrade. getting 50/50 would probably BE an upgrade over what we have now.

the fact that regular people are taken out of the loop is actually a safeguard that they are bypassing.

but dare talk to a friendly lawyer about this and they'll likely bite your head off. and if you are in voire dire and dare tell anyone that you are even aware of what JN means, you are immediately dismissed as a juror. worse: if you don't let on during VD and then vote your concience, you can be jailed for contempt!

all for following a legally allowed american principle; but one that has an unspoken 'do not admit to its existence' rule about nullification.

see fija.org for more info. people should all know about this. its one of the best parts of our system, in fact!

Re:Minor issues

[DavidTC]

Except modern drive recovery can restore the blanked out sector.

Uh, no.

It has never, despite it being 'common wisdom', been possible to recover overwritten sectors on a hard drive.

No one has ever demonstrated it in the entire history of hard drives.

It was a theoretical attack a long time ago, on pre-IDE 'MFM' hard drives.But we moved off that sort of drive in 1986.

And even then, it didn't work. It was a theory that said with a very poorly build hard drive, it might be possible to recover some data. Like I said, no one's ever actually shown this.

And with IDE, we moved to RLL encoding which means, statistically, you couldn't get anything. With an MFM encoded drives, if you got 50% of the data with 50% accuracy, you had 25% of the data and might possibly come up with something, although, like I said, no one ever has managed this.

But with RLL encoded drives, if you got 50% of the data with 50% accuracy, you have nothing. It is not really possible to get a partial byte.

No that anyone has ever demonstrated reading anything from a ' The idea that you need to do anything more than overwrite a sector to make it unreadable is one of those zombie lies that simply cannot die.

The only way to recover a lost sector is if it was going bad at some point, so the hard drive made a copy of it and remapped that sector to the copy. Which means the original might still be there. (OTOH, the original was going bad, so who knows if it's still readable.) The odds of this happening are astronomical.