Rantburg

Today's Front Page   View All of Tue 06/11/2024 View Mon 06/10/2024 View Sun 06/09/2024 View Sat 06/08/2024 View Fri 06/07/2024 View Thu 06/06/2024 View Wed 06/05/2024
2008-02-22 Science
Researchers: Disk Encryption Not Secure
The five minute video at the link is way more informative than this article.

Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer -- say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen.

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM.

The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, one of the researchers, in a press release. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

The researchers successfully performed the attack on several disk encryption systems -- Apple's FileVault, Microsoft's BitLocker, as well as TrueCrypt and dm-crypt -- but said they have no reason to believe it won't work on other disk encryption systems as well, since they all share similar architectures.

They released a paper about their work as well as a video demonstration of the attack (below).
Posted by gorb 2008-02-22 03:58|| || Front Page|| [27 views ]  Top

#1 Folks this has ALWAYS been the weak point of any system - if it has to be loaded to and kept in RAM, then its vulnerable.

However, there are differently designed systems out there which use a hardware key and circuit (think smart card) through which all the decryption is done, thus the key only exists in the card, and is only present when the hardware is attached. The method in this article cannot break a system that works that way.


If you have a DirecTV, then you have such a system. I know people on the cryptosystem implementation team back in 92-3 (don't ask), and Adi Shamir, the 'S' in RSA, did the cryptosystem, which uses hardware for private key. Irish hackers resorted to using a scanning electron microscope to do key recovery on the initial wave of smart cards.
Posted by OldSpook 2008-02-22 08:50||   2008-02-22 08:50|| Front Page Top

#2 Um... duh.

Any system can be cracked, therefore is not "secure". The only "secure" computer is one that is turned off, encased in concrete, buried 1000 feet in the earth and guarded by a heavy armored division and patriot missiles.

Even smart cards have risks, since they are used by people.

The whole idea of the concept is to make it so difficult to breach a system is that it makes 99% of the potential attackers not worth trying or the risks are much greater than the reward. That way you can keep the other 1%, which is usually foreign agents, under constant scrutiny.
Posted by DarthVader">DarthVader  2008-02-22 09:53||   2008-02-22 09:53|| Front Page Top

#3 Watched the video -- it would be a concern were I trying to protect state secrets from James Bond. I'd be just as happy if idiot Connecticut state workers would simply encrypt my tax form on their laptop when they decide to leave it at a local tavern. In Connecticut this has happened twice in one friggin' year, and nothing has happened -- no firings no recriminations... I know I am ranting, but this is the right burg, no?
Posted by regular joe 2008-02-22 18:08||   2008-02-22 18:08|| Front Page Top

#4 Wouldn't a temp file dump and over-wright before going into standby or hibernate cure the problem for the cost of adding a few lines of code to the machine?
Posted by bigjim-ky 2008-02-22 18:26||   2008-02-22 18:26|| Front Page Top

#5 Nope. They are talking about grabbing it out of warm RAM in a coldstart. That yields the keys. Meaning you pwn the disk after that.

Posted by OldSpook 2008-02-22 22:26||   2008-02-22 22:26|| Front Page Top

16:56 Jefe101
16:32 Mullah Richard
16:29 Mullah Richard
16:27 Mullah Richard
16:19 Mullah Richard
16:16 Procopius2k
16:15 swksvolFF
16:11 Besoeker
16:09 Tom
16:08 Procopius2k
16:05 Procopius2k
16:04 Skidmark
16:04 Lord Garth
16:01 Lord Garth
15:55 M. Murcek
15:52 Lord Garth
15:30 NoMoreBS
15:16 Mullah Richard
15:12 MikeKozlowski
15:09 NoMoreBS
14:57 NoMoreBS
14:56 Grom the Reflective
14:49 49 Pan
14:48 swksvolFF









Paypal:
Google
Search WWW Search rantburg.com