[LBo] more fyi - Paper Describes Weakness of Disk Encryption Software

Sam Morgan s.morgan at linuxbasics.org
Fri Feb 22 22:37:08 CET 2008 

the following is an excerpt from:
SANS NewsBites            February 22, 2008              Vol. 10, Num. 15

<quote>
  --Paper Describes Weakness of Disk Encryption Software
(February 21, 2008)
Researchers from Princeton University, the Electronic Frontier
Foundation, and Wind River Systems have published a paper explaining how
attackers with physical access to computers can use disk encryption keys
in the machine's RAM to bypass disk encryption. Apparently encryption
keys remain in RAM for a period of time even when the computer is
powered off. powered off.  One of the researchers calls the problem "a
fundamental limitation in the way these systems were designed."
http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html
[Editor's Note (Northcutt): Definitely worth your time to read this
paper. They have a video explaining this that even non-technical
audiences will be able to understand. If you have bought a full disk
encryption product, start a dialog with your vendor. And above all, if
an officer or auditor from your organization asks you if DRAM memory
retains information even when the system is powered off, say yes!
(Skoudis): The concepts underlying the attacks have been rumored and
discussed for years.  But, the paper provides more details and
real-world explanations than I've seen anywhere else on this topic.
(Honan): The paper is a very interesting read and highlights a number
of takeaways that we regularly discuss in NewsBites. Firstly, once
someone has physical access to your computer it is extremely difficult
to secure the data on it. Secondly having data distributed across many
devices and locations makes it difficult to protect that data.  Thirdly,
new attacks are constantly being developed and you need to regularly
review your defences and your incident response plan accordingly.
(Guest Editor Frantzen): Critical questions need to be asked of
encryption software vendors: how they keep the keys in memory, and if
they wipe the data whenever a screensaver is activated, whenever the
computer is put to sleep, whenever the computer is hibernating.]
</quote>

<quote>
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
</quote>

-- 
God Bless,
Sam Morgan
http://linuxbasics.org
Linux, the lifetime learning experience

More information about the QnA mailing list