Claiming to be PRISM-proof is a pretty tall order, especially when you consider nation-state or NSA “sponsored” backdoors in hardware as well as stealthy memory attacks, but security firm PrivateCore says it can deliver.
“While data may be protected in transit over networks and at rest on storage devices, there has been no solution to protect data in use. Encryption keys, certificates and sensitive data are left exposed in memory to unauthorized physical access,” explained PrivateCore. “By encrypting memory,” PrivateCore claims its new software “protects data from unauthorized physical access and malicious hardware devices, making it safe to run any application in outsourced, hosted, or cloud environments.”
AVT RAM scraping attacks and hardware backdoors
The 2009 Verizon Data Breach Investigation report [pdf] called RAM scraper malware “one of the top 15 threat action types;” then in 2011, SANS Institute researchers [pdf] warned that “pervasive memory scraping” attacks were among the most dangerous attack techniques. But there’s nothing too new about RAM scraping attacks except for taking a page from APT, or advanced persistent threats, and changing the RAM attack name to advanced volatile threat (AVT). Yet AVT attacks can be used to steal data or inject malware, and because nothing is stored in long-term memory, these attacks often are undetected by defenses that rely on attack signatures or malware behavior analysis.
Attackers have had tools to scrape RAM for years, such as the stealthy Metasploit Meterpreter. Pen testers use it to “test” memory scraping. “Meterpreter resides entirely in memory and writes nothing to disk,” creates no new processes by injecting "itself into the compromised process and can migrate to other running processes easily. By default, Meterpreter uses encrypted communications" and leaves "limited forensic evidence and impact on the victim machine."
When it comes to backdoors that are built into hardware, it’s “the problem from hell,” according to former CIA and NSA chief Michael Hayden. That was in 2011, but thanks to Edward Snowden leaking NSA documents, we learned that “the NSA itself has used that tactic, working with U.S. companies to insert secret backdoors into chips and other hardware to aid its surveillance efforts.”
So how do you protect against the most covert kind of backdoors and hard-to-detect RAM attacks? PrivateCore has written extensively about these relatively simple attack vectors and physical memory attacks before proposing a solution to encrypt memory that won the CloudBeat 2013 Innovation Showdown. VentureBeat wrote, “You could imagine someone from a government security agency going into a data center and putting a snooping device on a server (or specifically, on a nonvolatile flash memory DIMM module) and intercepting all of the communications happening within a server. PrivateCore creates a software layer known as a Hypervisor that fits inside the memory (known as on-die cache) of a central processing unit and encrypts the data in the memory.”
First PRISM-Proof Tor server in the public cloud
This PrivateCore Tor deployment provides undeniable evidence that organizations can achieve private computation in the public cloud. Without vCage full memory encryption, Tor servers operating in hosted provider environments expose secret key material in memory, where it can be accessed through NSA PRISM-type programs. Using PrivateCore vCage, no trace of Tor server code or data is maintained in memory or on disk, eliminating the possible exposure of secret key material through memory forensics.
As demonstrated by the NSA PRISM program, information owned by an organization can be handed to authorities without their knowledge by cloud service providers who control the cloud servers. While organizations need to respond to lawful requests for information such as the NSA PRISM program, PrivateCore vCage enables them to remain in control of servers in the cloud and prevent access without their prior authorization.
So is PrivateCore vCage all that? The claims were met with healthy skepticism on tor-talk. “‘PRISM-Proof’ my tail,” wrote Michael Wolf after pointing out that “it still runs in a VM on stock x86 hardware... what stops the NSA/provider from viewing the virtual CPU's state, retrieving the encryption keys, and decrypting the memory? Justin Bull then warned, “It would appear ‘PRISM-proof’ is the new ‘military grade’. Brace yourselves, snake oil is coming.”
Regarding PrivateCore running on a virtual machine, EFF Senior Staff Technologist Seth Schoen explained that “preventing the provider from viewing the virtual CPU's state is the main goal of their PrivateCore software. They encrypt the RAM that contains the VM and they try to ensure that the key used to encrypt it never leaves the CPU and that the providers don't get to see that key.”
However, Schoen gave some thought about potential weak links in PrivateCore’s “PRISM-proof” solution. He wrote:
Evidently right now they use a TPM [Trusted Platform Module] for bootstrapping, so the weak link is probably the TPM: the provider could try to reboot the host while attacking the TPM in some way. If they had a completely fake or cracked TPM that other people accepted as genuine, they could try to make it boot the PrivateCore instance itself in a (provider-controlled) VM pretending to be native hardware.
(The other potential weak link is exploiting the OS running inside the VM. Then even if you don't know the crypto keys that encrypt the memory, you can tell the OS to let you monitor its processes or disk.)
Claims of being PRISM-proof aside, PrivateCore states that “vCage is the first hypervisor to transparently protect any virtual machine while in use on commodity x86 servers. By encrypting data during program execution, vCage’s software-only full-memory encryption protects data from unauthorized physical access and malicious hardware devices. vCage bridges the gap between data at rest and data in transit protection, making it safe to run any virtual machine, anywhere and on demand.”
Perhaps only time will tell if PrivateCore really has conquered the problem with a PRISM-proof solution?