Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

been there -- Cold Boot Attacks on Disk Encryption -- report on

From: David Farber <dave () farber net>
Date: Fri, 22 Feb 2008 04:51:00 -0800

________________________________________
From: Paul E. Robichaux [paul () robichaux net]
Sent: Thursday, February 21, 2008 7:51 PM
To: David Farber; ip
Subject: Re: [IP] Cold Boot Attacks on Disk Encryption -- report on

I want to point out that this class of attacks (generically known as “Freon attacks”) have been known for some time, 
although the Princeton team has done great work in making the attack more practical. BitLocker offers operating modes 
that mitigate the risk of these attacks; for more details, check out the Microsoft Data Encryption Toolkit for Mobile 
PCs at 
<http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx><http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx>.
 It details the various BitLocker operating modes and the specific threats that they do, and do not, protect against.

Disclaimer: I was the lead author for the Data Encryption Toolkit documents.

Cheers,
-Paul


On 2/21/08 4:25 PM, "David Farber" <dave () farber net> wrote:




Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: February 21, 2008 3:57:43 PM EST
To: dave () farber net
Cc: Jacob Appelbaum <jacob () appelbaum net>
Subject: Re: [IP] Cold Boot Attacks on Disk Encryption

Dave,

The paper published today makes some pretty strong claims about the
vulnerabilities of Microsoft's BitLocker, Apple's FileVault,
TrueCrypt, Linux's dm-crypt subsystem, and similar products.

So I put the folks behind it to a test. I gave them my MacBook laptop
with FileVault turned on, powered up, encrypted swap enabled, and the
screen saver locked.

They were in fact able to extract the 128-bit AES key; I've put screen
snapshots of their FileVault bypass process here:
http://www.news.com/2300-1029_3-6230933-1.html

And my article with responses from Microsoft, Apple, and PGP is here:
http://www.news.com/8301-13578_3-9876060-38.html

Bottom line? This is a very nicely done attack. It's going to make us
rethink how we handle laptops in sleep mode and servers that use
encrypted filesystems (a mail server, for instance).

-Declan

Jacob Appelbaum wrote:

With all of the discussions that take place daily about laptop
seizures,
data breech laws and how crypto can often come to the rescue, I
thought
the readers of IP might be interested in a research project that was
released today. We've been working on this for quite some time and are
quite proud of the results.
Ed Felten wrote about it on Freedom To Tinker this morning:
http://www.freedom-to-tinker.com/?p=1257




-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: