Researcher Tells How to Hack Image Backups
Bitmaps stored inside encrypted backup files could be vulnerable to a sophisticated 'comparison' attack, a German security researcher has discovered.
In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data 'leaks'.
The problem is that bitmaps often display low levels of entropy, such as would be the case in pictures taken at night with large areas of high contrast. Roellgen's attack is based on comparing two volumes encrypted into scrambled ciphertext using the same symmetric or 'static' key, where the original subsequently has new files added. This yields a pattern of structured similarities and differences that can be used to reveal some of the original information in plaintext form.
The attack doesn't work for other types of data, for instance text files, because the entropy levels are too high. But it is believed to effect almost any encryption program currently on sale as long as the two volumes being compared use the same encryption key whilst being slightly different from one another.
The vulnerability will interest anyone storing image data in backup files, because it raises a small but theoretically significant level of doubt about their security under everyday circumstances. The technique could also have interesting implications for police investigations where officials suspect 'invisible' data to be encrypted inside already encrypted volumes.
At the moment, police expend considerable effort trying to crack encrypted volumes. The problem is that a sophisticated criminal can hide an independently encrypted volume inside this master volume, and simply deny its existence, knowing that it cannot be detected.
But if the police have access to two backup volumes created with a single key, one of which has changed over time, Roellgen's technique can be used to compute that such a volume must exist within the primary volume. Although police cannot decipher the data, they can at least know that it is being hidden.
"Generally all disk encryption programs that are available on the market seem to contain this security hole," comments Roellgen in his paper. "The attack has been proven for a number of popular and commercially available OTFE (on-the-fly encryption) software packages," he says.
The defense against the attack is simply to make sure that each encrypted backup file uses an independent key, something Roellgen had made mandatory in his own company's encryption utility, TurboCrypt.
The attack's success can be seen in a website demonstration where it is used to reveal the outline of a single image file hacked open using the technique.
Last month, PMC Ciphers demonstrated TurboCrypt's defense against another great weakness of encryption software, Trojan keyloggers, which can be used to record the encryption key as it is being entered.