[dm-crypt] SSDs & flash... and secure keyslot erase

[dm-crypt] SSDs & flash... and secure keyslot erase

[Milan Broz]

SSDs & flash... and "secure" keyslot wiping

The storage devices are usually constructed with reliability vs cost in mind.

In LUKS we have problem of safe deletion of old key material (keyslot).
In short, on keyslot change we need delete old key material or at least
make them unusable. How this can be achieved depends on storage used...

1) Rotational devices, aka classical disks

Rotational drive today has processor which boots firmware which is "smart"
in sector/track management functions.

It surely reallocates sectors. The disk lies where it really stores data, in fact
even with rotational disk you have no idea what exactly happens.

If data is written to media, disk re-reads them and if any problem appears,
the area is marked bad and sector is written to some other area
(disk still have correct data in memory).

So even initial LUKS format can create some data copies.
Wiping data area several times is perhaps just snake oil medicine
but should not hurt here.

We can just hope that reallocated area is not the whole keyslot and LUKS
AF helps. Can we trust that this happens on all drives? I guess no.

We can use some "secure erase" functions... which can brick the whole drive.

And analyzing directly magnetic media (hidden tracks etc) is not easy, but possible.

Also there are often also management interfaces which allows access some internal drive
parameters without really opening the drive...
(Nice talk here https://events.ccc.de/congress/2010/Fahrplan/events/4231.en.html )

2) Cheap USB flash disk
Flash disk uses just different (slower) chips than SSDs but in principle it has
the same problems.

But USB disks are cheap, thus no powerful processors which run garbage collector
in the background (it cannot run some long-time processes - it is hotplug device).

Often you can open the device and see some standard controller chip there,
there are tools to reprogram parameters of these controllers.
(Anyone bought 32GB pendrive on eBay which had only 2GB chip and just
faked device size?)

Also TRIM/discard and secure discard is usually not supported here.

Rewriting LUKS keyslot many times definitely makes no sense here.
So for non-rotational device it will just try to wipe it once with random data.

(Non rotational device attribute is set by kernel driver per device.)

3) SSDs
Almost all SSDs contain powerful processor which run quite complex sw and manages
the whole disk, including many features (internal encryption etc).

You can hardly say what happens after IO is submitted.
It can return that discards is done but in reality it is just queued
and will be run later.
It can run garbage-collection process and re-arrange internal data layout
through idle time.

The SSDs firmware are buggy, a lot of drives have still stability problems and
performance problems after longer period of use. It is new technology though
and it is getting better.

For now LUKS keyslot deletion is the same as 2) but there is "secure discard"
in Linux supported already which should guarantee that data (and all its copies
inside the drive) is wiped (zeroed).

Next release of cryptsetup will try to run this erase on non-rotatinal disks
for keyslots. (But most of drives do not support it yet anyway.)

But even (non secure) discard of keyslot area (after data rewrite try)  can have some
value - at least it increases chance drive will really wipe it because it now knows
the area is not used anymore.

(Discard is write operation which instead of writing data says "this area is unused now".)

Also the situation is complicated if image is not disk, but file in filesystem or there
are more device layers (sw RAID, thin provisioning).
For disk image, we can try to use "punch hole" mechanism.

But there is no perfect solution.

m.

It is trivial to detect e.g. LUKS keyslot update according to data access pattern
("copy last write IO if following write is 4k write and data starts with LUKS in ascii")

And hacking hw firmware is not so sci-fi as it appears to be sometimes...
So to add more paranoia, targeted attack can be really fun here :)

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Thomas Bächler]

[-- Attachment #1: Type: text/plain, Size: 905 bytes --]

Am 24.08.2012 17:06, schrieb Milan Broz:
> For now LUKS keyslot deletion is the same as 2) but there is "secure discard"
> in Linux supported already which should guarantee that data (and all its copies
> inside the drive) is wiped (zeroed).
> 
> Next release of cryptsetup will try to run this erase on non-rotatinal disks
> for keyslots. (But most of drives do not support it yet anyway.)

How can I find out if my SSD supports this?

> Also the situation is complicated if image is not disk, but file in filesystem or there
> are more device layers (sw RAID, thin provisioning).
> For disk image, we can try to use "punch hole" mechanism.
> 
> But there is no perfect solution.

Interesting write-up. If you are really paranoid, it seems you must back
up all data, perform ATA security erase and put the data back on the
disk (and then perform ATA security erase on the backup).



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 900 bytes --]

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Arno Wagner]

Nice. I agree with most of what you say.

Some remarks. For magnetic media, reallocating so many sectors 
are to contain a full keyslot is rather unlikely, should show 
up in the SMART log and should only happen if the sectors are 
actually defect in some way. That would protect the old data
in there due to the anti-forensic stripings all-or-nothing
mechanism. 

Still, a malicious disk can keep you headers, no doubt.
It may even be able to attack your OS and send all your
data out over the internet. Malicious NIC firmware seems 
to be already able to do that so why not disk firmware.
(Side note: Targetted attacks that can compromise hardware
before it is installed can basically not be fought at
this time. You have to trust the hardware. But other
types of targetted attacks are still often pathetically 
easy, so hardware-based attacks may be mostly in the future.) 

SSD and USB flash are fundamentally different here as no
need to keep geometry for performance and very serious need
for wear-leveling. 

That is not to say LUKS key-slot changes are always insecure
on SSD/Flash, just that the design of the LUKS header makes
certain assumptions and they are good ones on HDD and not so 
good ones on SSD/Flash.

Using "secure discard" for non-rotational is certainly a good
idea. If possible, add a way to test for the presence of 
secure discard via cryptsetup. I also hope somebody finds the
time to de-solder some Flash chips from SSDs in the future
and check whether secure discard actually works. For the 
moment this seems to be the best reference available:

 http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf

Does only talk about secure erase (not discard) and conventional
overwriting though. Key quote: "none of the existing hard 
drive-oriented techniques for individual file sanitization are 
effective on SSDs". 

But still, while it is not optimal, we need to warn users
that at this time LUKS may be less secure on SSD/Flash than
on magnetic disk, but clearly specify how and what
attacks may become possible and which security properties
are unaffected. For most users LUKS on SSD/Flash should still
be fine.

I think this will need some time to get right, i.e. discussion
is good! ;-)

Arno

On Fri, Aug 24, 2012 at 05:06:48PM +0200, Milan Broz wrote:
> 
> SSDs & flash... and "secure" keyslot wiping
> 
> The storage devices are usually constructed with reliability vs cost in mind.
> 
> In LUKS we have problem of safe deletion of old key material (keyslot).
> In short, on keyslot change we need delete old key material or at least
> make them unusable. How this can be achieved depends on storage used...
> 
> 1) Rotational devices, aka classical disks
> 
> Rotational drive today has processor which boots firmware which is "smart"
> in sector/track management functions.
> 
> It surely reallocates sectors. The disk lies where it really stores data, in fact
> even with rotational disk you have no idea what exactly happens.
> 
> If data is written to media, disk re-reads them and if any problem appears,
> the area is marked bad and sector is written to some other area
> (disk still have correct data in memory).
> 
> So even initial LUKS format can create some data copies.
> Wiping data area several times is perhaps just snake oil medicine
> but should not hurt here.
> 
> We can just hope that reallocated area is not the whole keyslot and LUKS
> AF helps. Can we trust that this happens on all drives? I guess no.
> 
> We can use some "secure erase" functions... which can brick the whole drive.
> 
> And analyzing directly magnetic media (hidden tracks etc) is not easy, but possible.
> 
> Also there are often also management interfaces which allows access some internal drive
> parameters without really opening the drive...
> (Nice talk here https://events.ccc.de/congress/2010/Fahrplan/events/4231.en.html )
> 
> 2) Cheap USB flash disk
> Flash disk uses just different (slower) chips than SSDs but in principle it has
> the same problems.
> 
> But USB disks are cheap, thus no powerful processors which run garbage collector
> in the background (it cannot run some long-time processes - it is hotplug device).
> 
> Often you can open the device and see some standard controller chip there,
> there are tools to reprogram parameters of these controllers.
> (Anyone bought 32GB pendrive on eBay which had only 2GB chip and just
> faked device size?)
> 
> Also TRIM/discard and secure discard is usually not supported here.
> 
> Rewriting LUKS keyslot many times definitely makes no sense here.
> So for non-rotational device it will just try to wipe it once with random data.
> 
> (Non rotational device attribute is set by kernel driver per device.)
> 
> 3) SSDs
> Almost all SSDs contain powerful processor which run quite complex sw and manages
> the whole disk, including many features (internal encryption etc).
> 
> You can hardly say what happens after IO is submitted.
> It can return that discards is done but in reality it is just queued
> and will be run later.
> It can run garbage-collection process and re-arrange internal data layout
> through idle time.
> 
> The SSDs firmware are buggy, a lot of drives have still stability problems and
> performance problems after longer period of use. It is new technology though
> and it is getting better.
> 
> For now LUKS keyslot deletion is the same as 2) but there is "secure discard"
> in Linux supported already which should guarantee that data (and all its copies
> inside the drive) is wiped (zeroed).
> 
> Next release of cryptsetup will try to run this erase on non-rotatinal disks
> for keyslots. (But most of drives do not support it yet anyway.)
> 
> But even (non secure) discard of keyslot area (after data rewrite try)  can have some
> value - at least it increases chance drive will really wipe it because it now knows
> the area is not used anymore.
> 
> (Discard is write operation which instead of writing data says "this area is unused now".)
> 
> Also the situation is complicated if image is not disk, but file in filesystem or there
> are more device layers (sw RAID, thin provisioning).
> For disk image, we can try to use "punch hole" mechanism.
> 
> But there is no perfect solution.
> 
> m.
> 
> It is trivial to detect e.g. LUKS keyslot update according to data access pattern
> ("copy last write IO if following write is 4k write and data starts with LUKS in ascii")
> 
> And hacking hw firmware is not so sci-fi as it appears to be sometimes...
> So to add more paranoia, targeted attack can be really fun here :)
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Arno Wagner]

On Fri, Aug 24, 2012 at 05:23:05PM +0200, Thomas B?chler wrote:
> Am 24.08.2012 17:06, schrieb Milan Broz:
[...]
> > But there is no perfect solution.
> 
> Interesting write-up. If you are really paranoid, it seems you must back
> up all data, perform ATA security erase and put the data back on the
> disk (and then perform ATA security erase on the backup).

That may not be enough, see Section 3.2 of 

  http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf

Unfortunately, no manufacturer names given.

My current take is that the only reliable thing is to have LUKS
key-slots individually larger than the spare area and then overwrite
all free space with random data after a key-slot change. That way
the SSD would be unable to hold an old key-slot. For a 240G
SSD that may mean key-slots > 16GB each. Also, you cannot be
sure how much Flash capacity an SSD actually has without 
opening it. 

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Thomas Bächler]

[-- Attachment #1: Type: text/plain, Size: 1104 bytes --]

Am 24.08.2012 17:54, schrieb Arno Wagner:
> On Fri, Aug 24, 2012 at 05:23:05PM +0200, Thomas B?chler wrote:
>> Am 24.08.2012 17:06, schrieb Milan Broz:
> [...]
>>> But there is no perfect solution.
>>
>> Interesting write-up. If you are really paranoid, it seems you must back
>> up all data, perform ATA security erase and put the data back on the
>> disk (and then perform ATA security erase on the backup).
> 
> That may not be enough, see Section 3.2 of 
> 
>   http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf
> 
> Unfortunately, no manufacturer names given.
> 
> My current take is that the only reliable thing is to have LUKS
> key-slots individually larger than the spare area and then overwrite
> all free space with random data after a key-slot change. That way
> the SSD would be unable to hold an old key-slot. For a 240G
> SSD that may mean key-slots > 16GB each. Also, you cannot be
> sure how much Flash capacity an SSD actually has without 
> opening it. 

Okay then. If you are paranoid, burn the entire SSD if your passphrase
is corrupted.



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 900 bytes --]

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Christoph Anton Mitterer]

[-- Attachment #1: Type: text/plain, Size: 109 bytes --]

Hi.

Perhaps yours and Milan’s posts should go (in condensed form) into the
FAQ?!


Cheers,
Chris.

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5450 bytes --]

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Milan Broz]

On 08/24/2012 07:24 PM, Christoph Anton Mitterer wrote:
> Perhaps yours and Milan’s posts should go (in condensed form) into the
> FAQ?!

I would avoid description of implementation of some things (like wiping)
except it is necessary to understand the problem (it can change in next versions).

But it would be very nice to have in FAQ list of paper references, slides and links
to documents etc  related to disk encryption...
(I will add some links for sure as well :-)

Milan

Re: [dm-crypt] SSDs & flash... and secure keyslot erase

[Arno Wagner]

On Fri, Aug 24, 2012 at 09:07:17PM +0200, Milan Broz wrote:
> On 08/24/2012 07:24 PM, Christoph Anton Mitterer wrote:
> > Perhaps yours and Milan?s posts should go (in condensed form) into the
> > FAQ?!
> 
> I would avoid description of implementation of some things (like wiping)
> except it is necessary to understand the problem (it can change in next versions).
> 
> But it would be very nice to have in FAQ list of paper references, slides and links
> to documents etc  related to disk encryption...
> (I will add some links for sure as well :-)
> 
> Milan

Good idea. I will add a section for references. May take until some
time next week though.

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell