Is full disk encryption all it is cracked up to be?

09Mar08

If you haven’t heard about it by now you really should read some other blogs.  ;)   I wasn’t going to blog about this because it has been well covered already but last week I was having a conversation with a fellow techie and he hadn’t heard anything about it.  So here we are.

A few weeks ago a team at Princeton posted that they had a method of quickly sucking the information from RAM and extracting information, namely encryption keys.  The video will walk you through how it works and I’ll be the first to admit, it is really cool!

Quick story though is that RAM does not get flushed immediately after powering off the laptop.  This allows for a cold boot attack if your machine is on or in sleep mode where upon start up it boots from a USB drive and memory is sucked off.  If you are using disk encryption where do you think they key is stored?  If you guessed RAM you would be correct.  This means that after dumping the RAM, an attacker could extract your encryption key and then have full access to your disk.

So why bother encrypting your disk if there are ways around it?  Because as of today the risk is low that your memory will be jacked.  I still highly recommend full disk encryption but if you are worried about this kind of attack read my notes below:

  • This attack requires physical access to your machine.  If you allow people physical access to your machine you should assume that some way or another they will get access to your data.  Don’t let people play with your laptop.
  • Turn your computer off when it will be out of your hands.  In most cases this will negate the attack as the memory will have enough time to fade.
  • Via the BIOS, disable booting to other devices other than the hard disk.
  • Set a BIOS password so that the attacker can not change the boot order.  (Yes I know there are ways around the BIOS password, but it is another hurdle.)

The tools they used are not currently released, but it didn’t take long for someone to churn out a tool.

I love this kind of stuff!


Filed under: Security   |  Comment
Tags: , ,