How secure is your FDE solution?

Printable View

February 22nd, 2008, 04:15 PM
tin.roof.rabbit

How secure is your FDE solution?

From a University of Princeton study? Not very.

Quote:

We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques.

http://citp.princeton.edu/memory/

Full story sent to me is below.
http://www.networkworld.com/news/200...n-cracked.html

Just food for thought for those of us regulated by HIPPA, FERPA, or other government privacy laws that may require the use of a Full Disk Encryption solution.

Ciao
February 22nd, 2008, 04:51 PM
oofki

Well a lot of notebooks have FDE they just need to incorporate those technologies into all types of motherboards.
February 22nd, 2008, 06:47 PM
phernandez

Beat me to it. Caught the story at Wired Blogs and it is scary indeed. Keep an eye on those laptops!
February 22nd, 2008, 07:37 PM
HTRegz

How secure is your FDE solution?

I was really uncertain of where I wanted to post this, but this is probably the best forum.

Quote:

Source: http://www.heise-online.co.uk/securi...--/news/110174
Scientists at Princeton University have demonstrated how encryption keys can be retrieved from memory if the attacker has physical access to a computer which is switched on or in standby, by making use of a well known phenomenon – the relatively slow decay of DRAM data when power is removed.

This is rather interesting. While right now it's purely academic in application. I wonder if we'll see the development of a technology that applies this. As this could have significant uses in forensics. Beyond the obvious forensic gain, there is the negative... the encryption is essentially useless if this is every applied outside of the academic world.

Think about what this means to companies with encrypted laptops... It could potentially give industrial espionage a whole new twist. It also makes it more dangerous to openly travel with sensitive information, even if encrypted, on your laptop.

In the end though... my poll question really sums it up... Will we ever see this applied? Beyond that questions that people may want to take a stab at:
Do we need to see this applied?
Does it actually have practical application?
Will hardware be modified to somehow prevent this?
February 22nd, 2008, 08:22 PM
morganlefay

Already posted

http://antionline.com/showthread.php?t=276690

SANS has a video link too...

http://isc.sans.org/diary.html?storyid=4006

MLF
February 22nd, 2008, 08:39 PM
HTRegz

Quote:

Originally Posted by morganlefay

Already posted

http://antionline.com/showthread.php?t=276690

SANS has a video link too...

http://isc.sans.org/diary.html?storyid=4006

MLF

That's for pointing it out... threads are merged.
February 23rd, 2008, 05:35 AM
oofki

I will answer " Will hardware be modified to somehow prevent this?" With hopefully. It would be great to see really.
February 24th, 2008, 12:33 PM
nihil

Hmmmm,

Peter Gutmann published on this about 10 years ago. He was looking at the pure remnance phenomenon rather than encryption, but the principles were the same.

It all boils down to physical security. I must say that I find it a little far-fetched that a thief would be able to access the computer within the time frame suggested.

Quote:

The most practical solution to the problem of DRAM data retention is therefore to constantly flip the bits in memory to ensure that a memory cell never holds a charge long enough for it to be "remembered". While not practical for general use, it is possible to do this for small amounts of very sensitive data such as encryption keys. This is particularly advisable where keys are stored in the same memory location for long periods of time and control access to large amounts of information, such as keys used for transparent encryption of files on disk drives. The bit-flipping also has the convenient side-effect of keeping the page containing the encryption keys at the top of the queue maintained by the system's paging mechanism, greatly reducing the chances of it being paged to disk at some point.
May 4th, 2011, 09:49 PM
cross

I was just about to post something, but it kind of relates to this thread, so...

How secure is a solution like Symantec endpoint encryption? Aside from reading the dram, are there easy ways to bypass a product like this (before lockout, after lockout, etc)? We use it at my work, and man, what a headache it causes! Always breaking causing users to have to ship us the laptops to fix, slows down the machines to all hell, etc. Wondering if its worth all this hassle or if its just for show?

Just noticed how old this thread was, active section huh?
May 5th, 2011, 08:42 AM
nihil

Hi cross,

Quote:

How secure is a solution like Symantec endpoint encryption?

A lot more secure than not having one, as you force an attacker to have to deal with another obstacle.

I usually look on these solutions as being mainly aimed at laptops or home installations, where there is generally a greater potential security risk of loss or theft.

If I got a stolen machine with an encrypted drive I would either wipe it or replace it, so the security would have done its job.

Please remember that a lot of security (AV for example) is mostly a CYA exercise for IT. They have it so that they can demonstrate that they have shown "due diligence".

In your case I would have thought that the question should be whether the product you are using is the most cost effective, and plays nicely with the rest of your systems and applications?

There are a variety of products on the market that do pretty much the same thing, so perhaps it is time to look around if you are having problems?

:)