Abstract
The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present Stark , the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, Stark combines two ideas in a novel way: (1) Stark implements trust bootstrapping from a secure token (a USB flash drive) to the whole PC. (2) In Stark, users can securely verify the authenticity of the PC before entering their password by using one-time boot prompts, that are updated upon successful boot.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
TrouSerS: The open-source TCG Software Stack, http://trousers.sourceforge.net/
Ebfe’s Anti-Bootkit Project (2010), http://ebfes.wordpress.com/tag/bootloader/
Galauner, A.: EFI Rootkits: Pwning your OS before it’s even running. Tech. rep., dexlabs.org, SIGINT (2012)
Asonov, D., Agrawal, R.: Keyboard Acoustic Emanations. Tech. rep., IBM Almaden Research Center, San Jose, CA. IEEE Symposium on Security and Privacy. IEEE Computer Society (2004)
Böck, B.: Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker. Secure Business Austria Research Lab (August 2009)
Break & Enter: Adventures with Daisy in Thunderbolt-DMA-Land: Hacking Macs through the Thunderbolt interface (February 2012)
Carrier, B.D., Spafford, E.H.: Getting Physical with the Digital Investigation Process. IJDE 2, 2 (2003)
Carbone, Bean, Salois: An in-depth analysis of the cold boot attack. Tech. rep., DRDC Valcartier, Defence Research and Development, Canada, Technical Memorandum (January 2011)
Devine, C., Vissian, G.: Compromission physique par le bus PCI. In: Proceedings of SSTIC 2009, Thales Security Systems (June 2009)
Favreau, J.: Iron Man (movie), Paramount Pictures (2008)
FIPS. Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, NIST (November 2001)
Gutmann, P.: Data Remanence in Semiconductor Devices. In: Proceedings of the 10th USENIX Security Symposium, Washington, D.C. USENIX Association (August 2001)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryptions Keys. In: Proceedings of the 17th USENIX Security Symposium, San Jose, CA, pp. 45–60. USENIX Association, Princeton University (August 2008)
Intel Corporation. Solid-State Drive 520 Series (2012), http://www.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-520-series.html
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Communications of the ACM 47(4) (April 2004)
Rutkowska, J.: Evil Maid goes after TrueCrypt. The Invisible Things Lab (October 2009)
Rutkowska, J.: Anti Evil Maid, The Invisible Things Lab (September 2011)
Heasman, J.: Implementing and Detecting an ACPI BIOS Rootkit. Tech. rep., NGS Consulting, BlackHat Briefings, Europe (2006)
Johnson, C.: Protection of Sensitive Agency Information. U.S. Executive Office of the President, Washington, D.C. 20503 (June 2006)
Kaliski: PKCS #5: Password-Based Cryptography Specification. In: Request for Comments (RFC): 2898, Internet Engineering Task Force, vol. 2.0. RSA Laboratories (2000)
KeeLog. Video Ghost (2012), http://www.keelog.com/hardware_video_logger.html
KeyGhost Ltd. PCI/Mini-PCI Hardware Keylogger (2006), http://www.keyghost.com/PCI-MPCI-Keylogger.htm
Kuhn, M.G.: Optical Time-Domain Eavesdropping Risks of CRT Displays. Tech. rep., Proceedings 2002 IEEE Symposium on Security and Privacy (SSP 2002), University of Cambridge, Computer Laboratory, Berkeley, California (May 2002)
Kumar, N., Kumar, V.: VBootKit 2.0 - Attacking Windows 7 via Boot Sectors. In: Hack In The Box Conference (HITBSecConf), Dubai (April 2009)
Li, X., Wen, Y., Huang, M., Liu, Q.: An Overview of Bootkit Attacking Approaches. In: Seventh International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2011), pp. 428–431. IEEE Computer Society (2011)
Loukas, K.: De Mysteriis Dom Jobsivs – Mac EFI Rootkits. Tech. rep., assurance, Black Hat Conference Proceedings, USA (2012)
Mihailowitsch, F.: Detecting Hardware Keyloggers. In: HITB SecConf, Kuala Lumpur, Malaysia (October 2010); cirosec GmbH. Hack In The Box
Müller, T., Freiling, F., Dewald, A.: TRESOR Runs Encryption Securely Outside RAM. In: 20th USENIX Security Symposium, San Francisco, California. University of Erlangen-Nuremberg, USENIX Association (August 2011)
Müller, T., Latzo, T., Freiling, F.: Hardware-based Full Disk Encryption (In)Security Survey. Tech. rep., Friedrich-Alexander University of Erlangen-Nuremberg, Technical Report (September 2012)
Panholzer, P.: Physical Security Attacks on Windows Vista. Tech. rep., SEC Consult Vulnerability Lab, Vienna (May 2008)
Kleissner, P.: Stoned Bootkit. Black Hat, USA (2009)
Ponemon Institute, LLC. 2010 Annual Study: U.S. Cost of a Data Breach. Symantec (March 2011)
Graham, R.D.: Thunderbolt: Introducing a new way to hack Macs, Errata Security (February 2011)
Rutkowska, J., Tereshkin, A., Wojtczuk, R.: Thoughts about Trusted Computing. In: EUSecWest 2009 (May 2009); The Invisible Things Lab
Sacco, A.L., Ortega, A.A.: Persistent BIOS Infection: The early bird catches the worm. In: Proceedings of the Annual CanSecWest Applied Security Conference, Vancouver, British Columbia, Canada. Core Security Technologies (2009)
SECUDE. US Full Disk Encryption 2011 Survey. Research SECUDE AG (2012)
Software Freedom Law Center. Microsoft confirms UEFI fears, locks down ARM devices. Tech. rep. (January 2012)
Thornburgh, T.: Social engineering: the Dark Art. Tech. rep., New York, NY, USA, Proceedings of the 1st Annual Conference on Information Security Curriculum Development (InfoSecCD 2004) (2004)
TrueCrypt Foundation. TrueCrypt: Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux (2012), http://www.truecrypt.org/
Trusted Computing Group, Incorporated. TPM Main Specification. Tech. Rep. Specification Version 1.2, rev. 116, TCG Published (March 2011)
Turan, M., Barker, E., Burr, W., Chen, L.: Special Publication 800-132: Recommendation for Password-Based Key Derivation. Tech. rep., NIST, Computer Security Division, Information Technology Laboratory (December 2010)
Türpe, S., Poller, A., Steffan, J., Stotz, J.-P., Trukenmüller, J.: Attacking the BitLocker Boot Process. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 183–196. Springer, Heidelberg (2009)
Unified EFI, Inc. Unified Extensible Firmware Interface Specification, Ver. 2.3.1, Errata B ed. (April 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Müller, T., Spath, H., Mäckl, R., Freiling, F.C. (2013). Stark . In: Sadeghi, AR. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7859. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39884-1_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-39884-1_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39883-4
Online ISBN: 978-3-642-39884-1
eBook Packages: Computer ScienceComputer Science (R0)