Full Disk Encryption Isn't Quite Dead Oklahoma City OK
Manipulating cold memory chips isn't for the faint at heart. Over the past two years, other researchers realized they could capture memory on powered-up computers by using the 1394 FireWire port found on most higher-end laptops.
Nuvox Communications
(800) 672-1450
501 Couch Drive
Oklahoma City, OK
(800) 672-1450
501 Couch Drive
Oklahoma City, OK 73102
Services
Internet Services, Computer Hardware and Supplies, Long Distance Phone Services, Local Phone Services
Data Provided by:
Results Computer Inc
(405) 232-7177
2 NW 6th Street
Oklahoma City, OK
(405) 232-7177
2 NW 6th Street
Oklahoma City, OK 73102
Services
Computer and Equipment Dealers, Used and Recycled Computers, Computer Peripherals, Computer Hardware and Supplies
Data Provided by:
Oklahoma City Office Systems Inc
(405) 942-6674
33 North Meridian Avenue
Oklahoma City, OK
(405) 942-6674
33 North Meridian Avenue
Oklahoma City, OK 73107
Services
Copiers and Supplies, Copiers Service and Repair, Computer Peripherals, Copying and Duplicating Services Commercial and Industrial, Fax Equipment and Supplies
Hours
Mon-Fri: 08:00 AM-05:00 PM
Data Provided by:
ACS Computer Store
(405) 524-6852
3509 N Classen Boulevard
Oklahoma City, OK
(405) 524-6852
3509 N Classen Boulevard
Oklahoma City, OK 73118
Services
Computer and Equipment Dealers, Used and Recycled Computers, Computer Hardware and Supplies, Consumer Electronics Stores, Commercial Printing
Data Provided by:
Advanced Laser Solutions
(405) 307-0233
2201 South Santa Fe Avenue
Oklahoma City, OK
Advanced Laser Solutions
(405) 307-0233
2201 South Santa Fe Avenue
Oklahoma City, OK 73109
Services
Scientific Instruments and Supplies Dealers, Computer Supplies Parts and Accessories, Computer Peripherals, Laboratory Equipment Service and Repair, Laboratory Equipment and Supplies
Data Provided by:
Emsco Electric Supply CO
(405) 235-6331
1101 W Sheridan Avenue
Oklahoma City, OK
(405) 235-6331
1101 W Sheridan Avenue
Oklahoma City, OK 73106
Services
Electric Equipment and Supplies Dealers, Electric Equipment and Supplies Wholesale and Manufacturers, Computers and Equipment Repair and Maintenance, Consumer Electronics Stores, Hardware Dealers
Data Provided by:
Red Bud Computing
(866) 773-3283
3441 Northwest 19th Street
Oklahoma City, OK
Red Bud Computing
(866) 773-3283
3441 Northwest 19th Street
Oklahoma City, OK 73107
Services
Computer and Equipment Dealers, Computer Hardware and Supplies, Computer Software
Data Provided by:
Seagate Technology
(800) 732-4283
Oklahoma City, OK
Seagate Technology
(800) 732-4283
Oklahoma City, OK 73101
Services
Computer Peripherals
Data Provided by:
Randy's Home and Hardware Page
(405) 949-2162
4421 Norht West 18th
Oklahoma City, OK
Randy's Home and Hardware Page
(405) 949-2162
4421 Norht West 18th
Oklahoma City, OK 73107
Services
Hardware Wholesale and Manufacturers, Computer and Equipment Dealers
Data Provided by:
Modern Electronics LLC
(405) 632-6797
3201 S Western Avenue
Oklahoma City, OK
(405) 632-6797
3201 S Western Avenue
Oklahoma City, OK 73109
Services
Copiers and Supplies, Copiers Service and Repair, Computer and Equipment Dealers, Computer Hardware and Supplies, Copying and Duplicating Services
Data Provided by:
Data Provided by:
Provided By: 
| Full disk encryption isn't quite dead | At least once a month, it seems some vendor or techie claims to have broken a version of a hard drive full-disk encryption (FDE) program scheme, whether it's from Microsoft (my full-time employer), BitLocker, open source favorite TrueCrypt, or some other variant. All the stories and the hype are enough to make one wonder if FDE is dead.
The brief -- and slightly qualified -- answer is no. There are a handful of clever attacks, as well as software to make them easier to pull off. Luckily there are easy ways to prevent most of them. We will start, however, with an attack that doesn't have an easy defense.
[ A malicious Facebook ad is redirecting users to fake antivirus software. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
Cold boot attack
In February 2008, a team including Princeton's Dr. Edward Felton -- one of the world's premier computer security researchers -- used an interesting intrinsic property of computer memory to successfully hack BitLocker [PDF]. It turns out that computer memory chips will hold their contents from a few seconds to a few minutes after the computer's power is turned off. Further, lowering the temperature or freezing the chips enables the contents to remain in play much longer -- enough time to be transferred to another specialized analysis computer so that the data can be copied to permanent storage. The attack team could then search for the primary BitLocker encryption key and unlock the data.
Browser Security Deep Dive
The "cold boot" attack is perhaps the toughest attack to defend against on a computer without specialized crypto-hardware. The flaw lies more with computer memory than the involved crypto. All software-based crypto has to eventually place the decryption key in normal memory in an unprotected state so that it can be used to decrypt the hard drive. An attacker can always find the unprotected key when he or she has a copy of memory to examine.
This plan requires the attacker to somehow acquire the victim's computer while it's powering down, just after it's powered down, or when it's coming back up from a suspended or standby state. Then the attacker has to freeze the chips, transfer them to another specialized computer, and use specially built software to find the key for the FDE cipher. If you're worried about this attack, make sure your unattended, powered-on computers have good physical security; alternatively, consider using hardware crypto solutions that are resistant to cold boot attacks.
Manipulating cold memory chips isn't for the faint at heart. Over the past two years, other researchers realized they could capture memory on powered-up computers by using the 1394 FireWire port found on most higher-end laptops. Here's one discussion detailing how to crack BitLocker using the FireWire memory attack [PDF].
Exploitation via FireWire
Prolific crypto- an... |
Click here to read the rest of this article from Computer User
