http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/ Engadget Comments for Bootable flash key makes disk encryption attacks super-simple http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 7:23AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
When playing an encrypted movie you could probably get the keys while the PC is still running. There's no need to get fancy and freeze chips etc.]]>Mar 4th 2008 9:11AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 7:26AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 8:33AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 8:55AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
That's not a complete fix/that's already imlemented by most vendors (TrueCrypt comes to mind), and hopefully implemented by OS designers as well.

Also note that if you ditch the key when you enter sleep mode you have to unmount all partitions/containers that were mounted when you initially entered sleep mode. This creates real issues when you sleep while applications have files open on those partitions (potential filesystem corruption).

That doesn't help at all against the user doing a cold reboot, however. That is surely what they would do in this case, to capture as much as possible of your currently operating memory.]]>Mar 4th 2008 8:55AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
The only case is when a user simply locks his computer while running a task that needs access to a secure partition. In reality, this probably isn't such a good idea in the first place if you have such precious data on that partition.

There are probably cases where the attack would work that isn't covered by these two scenarios, but these are probably the most common ones.]]>Mar 5th 2008 4:48AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
All its doing in that screenshot is dumping the RAM which will not contain any decryption key.]]>Mar 4th 2008 7:33AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/I remember this!
Every single decryption key is stored in the special decryption key slot, which is COMPLETELY INACCESSIBLE to the computer!]]>Mar 4th 2008 12:17PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/None of the virtual machines currently support the TPM bios which is what loads the decryption key into the RAM.

All that the above screenshot is doing is dumping the VIRTUAL RAM which contains no decryption key, and the virtual disk probably isnt even encrypted.

I'm guessing they did that because you cant take a screen shot in syslinux!]]>Mar 4th 2008 12:50PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 7:42AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 3:55PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/2.?????
3.profit!]]>Mar 4th 2008 8:34AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 9:09AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 8:39AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 1:18PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
It would be very poor security procedure to allow a PC to boot off a USB or CD/DVD. Yes, you can alter the BIOS of many PCs to allow this but, changing BIOS settings of a powerd down PC requires opening the case.

By the way, good security should require that the case be locked.

Really scary would be portable application that could be run on a locked down PC.

Charlie Balch
Professor of CIS
Arizona Western College]]>Mar 4th 2008 8:54AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/In the real world very few companies(and even fewer individuals) actually even alter bios settings, most of which these days allow booting from usb by default, even fewer companies go further to put on a bios password, and even fewer still bother locking their cases.

]]>Mar 4th 2008 10:03AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Major computer vendors might even advertise that they are shipping with basic features by default. I find it kind of cool that I can boot off a floppy or a flash but how many regular users would care?
Charlie]]>Mar 4th 2008 1:12PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 3:33PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
]]>Mar 4th 2008 9:01AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 9:11AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 10:27AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 10:29AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 10:53AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/ Is disabling boot from USB out of the question ? Many bioses allow that. Even changing the boot order and then password protecting the BIOS would probably be enough for most systems, though there's probably a few that don't allow such.

But all it will take is a bios update to fix that.

Interesting, but not too earth shattering...]]>Mar 4th 2008 11:35AMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/Mar 4th 2008 12:58PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/- the cryptographic key never leaves the hard drive
- it's stored on an ASIC in the hard drive with no probe points
- any attempt to remove the ASIC from the drive package locks the drive and cuts power to the chip, erasing its memory

For those serious about security, stop messing with bandaids and lock it down tight. Here's a more detailed description of this: http://www.seagate.com/docs/pdf/security/Princeton_RC514_1_0702.pdf

storageeffect.com]]>Mar 4th 2008 2:10PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://storageeffect.com/category/data-security/]]>Mar 4th 2008 2:25PMhttp://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/http://www.engadget.com/2008/03/04/bootable-flash-key-makes-disk-encryption-attacks-super-simple/
The attack itself is interesting and high-tech, I enjoy the process of explaining my friends how it works and I am glad that today they work on this kind of stuff in universities.

However, I believe the story is a bit overhyped, because you can protect yourself very well if you follow some reasonable security guidelines. By "reasonable" I mean "guidelines that won't force you to change your entire life and habits". One has to rationally study the problem and figure out that the chance of becoming a victim can be minimized to acceptable rates.

This story provides some tips: http://www.lazybit.com/index.php/2008/02/27/protect-cold-reboot-attack-encryption?blog=2]]>Mar 5th 2008 4:44AM