Re: FDE and integrity of OS Was: How to Test HDD Encryption

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2007-11-14 Alexander Klimov wrote:
> On Tue, 13 Nov 2007, Ansgar -59cobalt- Wiechers wrote:
> > > But isn't FDE primarily targeted at protecting data from lost or
> > > stolen systems? A bit over 40% of data breaches are due to lost or
> > > stolen devices.
> >
> > That's its primary use. However, FDE also protects the integrity of
> > the operating system while the computer is not running.
>
> FDE can make tampering with your OS slightly harder but it does not
> protect OS integrity in any strong sense. Consider the following
> example (inspired by `Vbootkit' and `Blue Pill'): attacker who has
> temporary physical access to your computer (while it is switched off)
> changes the system so that attacker's software loads first (the
> attacker changes boot-sector or reflash BIOS), this software loads the
> rest of the system in a virtual environment.

These are additional attack vectors, none of which is addressed by
file-level encryption. I didn't say that FDE is a silver bullet, but it
does address attack vectors that file-level encryption doesn't, while
the issues file-level encryption takes care of (aside from protecting
data while the computer is switched off) are already addressed by the
operating system itself.

That said, manipulations of boot sector and MBR can be mitigated by
booting off other media (CD-R for instance), while BIOS manipulations
can only be mitigated by ensuring physical security AFAICS.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq