[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] been there -- Cold Boot Attacks on Disk Encryption -- report on
________________________________________ From: Paul E. Robichaux [paul@robichaux.net] Sent: Thursday, February 21, 2008 7:51 PM To: David Farber; ip Subject: Re: [IP] Cold Boot Attacks on Disk Encryption -- report on I want to point out that this class of attacks (generically known as “Freon attacks”) have been known for some time, although the Princeton team has done great work in making the attack more practical. BitLocker offers operating modes that mitigate the risk of these attacks; for more details, check out the Microsoft Data Encryption Toolkit for Mobile PCs at <http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx><http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx>. It details the various BitLocker operating modes and the specific threats that they do, and do not, protect against. Disclaimer: I was the lead author for the Data Encryption Toolkit documents. Cheers, -Paul On 2/21/08 4:25 PM, "David Farber" <dave@farber.net> wrote: Begin forwarded message: From: Declan McCullagh <declan@well.com> Date: February 21, 2008 3:57:43 PM EST To: dave@farber.net Cc: Jacob Appelbaum <jacob@appelbaum.net> Subject: Re: [IP] Cold Boot Attacks on Disk Encryption Dave, The paper published today makes some pretty strong claims about the vulnerabilities of Microsoft's BitLocker, Apple's FileVault, TrueCrypt, Linux's dm-crypt subsystem, and similar products. So I put the folks behind it to a test. I gave them my MacBook laptop with FileVault turned on, powered up, encrypted swap enabled, and the screen saver locked. They were in fact able to extract the 128-bit AES key; I've put screen snapshots of their FileVault bypass process here: http://www.news.com/2300-1029_3-6230933-1.html And my article with responses from Microsoft, Apple, and PGP is here: http://www.news.com/8301-13578_3-9876060-38.html Bottom line? This is a very nicely done attack. It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). -Declan Jacob Appelbaum wrote: > With all of the discussions that take place daily about laptop > seizures, > data breech laws and how crypto can often come to the rescue, I > thought > the readers of IP might be interested in a research project that was > released today. We've been working on this for quite some time and are > quite proud of the results. > Ed Felten wrote about it on Freedom To Tinker this morning: > http://www.freedom-to-tinker.com/?p=1257 ------------------------------------------- -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC