Is full disk encryption all it is cracked up to be?

09Mar08

If you haven’t heard about it by now you really should read some other blogs.  😉  I wasn’t going to blog about this because it has been well covered already but last week I was having a conversation with a fellow techie and he hadn’t heard anything about it.  So here we are.

A few weeks ago a team at Princeton posted that they had a method of quickly sucking the information from RAM and extracting information, namely encryption keys.  The video will walk you through how it works and I’ll be the first to admit, it is really cool!

Quick story though is that RAM does not get flushed immediately after powering off the laptop.  This allows for a cold boot attack if your machine is on or in sleep mode where upon start up it boots from a USB drive and memory is sucked off.  If you are using disk encryption where do you think they key is stored?  If you guessed RAM you would be correct.  This means that after dumping the RAM, an attacker could extract your encryption key and then have full access to your disk.

So why bother encrypting your disk if there are ways around it?  Because as of today the risk is low that your memory will be jacked.  I still highly recommend full disk encryption but if you are worried about this kind of attack read my notes below:

  • This attack requires physical access to your machine.  If you allow people physical access to your machine you should assume that some way or another they will get access to your data.  Don’t let people play with your laptop.
  • Turn your computer off when it will be out of your hands.  In most cases this will negate the attack as the memory will have enough time to fade.
  • Via the BIOS, disable booting to other devices other than the hard disk.
  • Set a BIOS password so that the attacker can not change the boot order.  (Yes I know there are ways around the BIOS password, but it is another hurdle.)

The tools they used are not currently released, but it didn’t take long for someone to churn out a tool.

I love this kind of stuff!

Advertisements


One Response to “Is full disk encryption all it is cracked up to be?”


  1. 1 Gobbas Crap » How to get info from an encrypted harddrive.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: