Saturday, February 23, 2008

New Research Result: Cold Boot Attacks on Disk Encryption

I'm not sure what to make of this exactly. Having read the short form in the blog linked below, it seems to me that the exploit is remarkably simple to implement. In the past, for most users on Win XP machines in the shops I ran, the sleep/hibernate modes were turned off as the laptop often wouldn't come back up cleanly. However, Vista seems to have fixed that and I often leave my Macbook in the sleep state for quick restart. On my personal machines, I use either Bitlocker or FileVault (as appropriate to the OS) thinking that coupled with a strong password, I was safe. Effective immediately I will stop using sleep modes.

The bigger question for me as a CIO is how do we respond to protect our data as it wanders around outside the relative safety of the corporate environment. Given the significant negative impact every time someone "loses" a laptop with personal and corporate data on it, like here and here, the risk is real.

What are you doing about it? Is the risk real or is this another lab experiment unlikely to propagate into the wild?

Freedom to Tinker » Blog Archive » New Research Result: Cold Boot Attacks on Disk Encryption: "Freedom to Tinker
… is your freedom to understand, discuss, repair, and modify the technological devices you own.

New Research Result: Cold Boot Attacks on Disk Encryption
February 21st, 2008 by Ed Felten
Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux. The research team includes J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.

Our site has links to the paper, an explanatory video, and other materials.

The root of the problem lies in an unexpected property of today’s "



(Via .)

No comments: