Full Disk Encryption Isn't Quite Dead Seattle WA
Manipulating cold memory chips isn't for the faint at heart. Over the past two years, other researchers realized they could capture memory on powered-up computers by using the 1394 FireWire port found on most higher-end laptops.
E Project
(206) 341-9117
1008 Western Avenue # 500
Seattle, WA
(206) 341-9117
1008 Western Avenue # 500
Seattle, WA 98104
Services
Marketing Sales, Internet Products and Services, Internet Services, Computer Hardware and Supplies, Internet Service Providers
Data Provided by:
Soho Network Solutions Llc
(206) 625-1666
2625 280th Place Ne
Redmond, WA
(206) 625-1666
2625 280th Place Ne
Redmond, WA 98101
Services
Computer and Equipment Dealers, Computers and Equipment Installation, Computer Networking Installation, Computer Systems Integration, Computer Network Hardware
Payment Options
MasterCard, VISA
Data Provided by:
CSG Openline
(206) 763-7000
2811 South 102nd Street
Seattle, WA
(206) 763-7000
2811 South 102nd Street
Seattle, WA 98168
Services
Internet Products and Services, Internet Services, Computer Hardware and Supplies, Telemarketing Services
Data Provided by:
IKON Office Solutions - Copying and Duplicating Service, Digital Printing Services
(206) 901-2500
12606 Interurban Avenue South
Seattle, WA
(206) 901-2500
12606 Interurban Avenue South
Seattle, WA 98168
Services
Computer and Equipment Dealers
Data Provided by:
Wiresoft Net
(425) 481-7443
2001 6th Ave Suite 3020
Seattle, WA
(425) 481-7443
2001 6th Ave Suite 3020
Seattle, WA 98121
Services
Internet Security Services, Computers and Equipment Wholesale and Manufacturers, Computer Security Systems and Services, Computer Software, Computer Network Hardware
Hours
Mon-Fri: 09:00 AM-05:00 PM
Payment Options
VISA, Personal Checks
Data Provided by:
Geek Patrol a Squad of geeks to you repair computer networks internet WE ARE THE BEST BUY
(206) 264-0626
Seattle, WA
(206) 264-0626
Seattle, WA 98111
Services
Computers and Equipment Repair and Maintenance, Computer and Equipment Dealers, Computer Supplies Parts and Accessories, Computer Software, Computer Networks
Hours
Mon 08:00 AM-08:00 PM
Tue 08:00 AM-08:00 PM
Wed 08:00 AM-08:00 PM,
Payment Options
Personal Checks, Cash Only, PayPal
Data Provided by:
Coolanimalstuff.Com
(206) 306-7200
506 2nd Avenue # 1014
Seattle, WA
(206) 306-7200
506 2nd Avenue # 1014
Seattle, WA 98104
Services
Gift Shops, Internet Products and Services, Internet Services, Computer Hardware and Supplies
Data Provided by:
Pacific NW Business Product
(206) 622-9630
2450 6th Avenue South Suite 101
Seattle, WA
Pacific NW Business Product
(206) 622-9630
2450 6th Avenue South Suite 101
Seattle, WA 98134
Services
Office Furniture and Equipment Dealers, Office Supplies Retail, Computer Hardware and Supplies
Data Provided by:
Cox Interactive Media Inc
(206) 728-8260
2807 3rd Avenue 300
Seattle, WA
Cox Interactive Media Inc
(206) 728-8260
2807 3rd Avenue 300
Seattle, WA 98121
Services
Internet Products and Services, Multimedia, Internet Services, Computer Hardware and Supplies
Data Provided by:
GCI Cable Inc
(206) 441-6408
2001 6th Avenue
Seattle, WA
GCI Cable Inc
(206) 441-6408
2001 6th Avenue
Seattle, WA 98121
Services
Computer Hardware and Supplies
Data Provided by:
Data Provided by:
Provided By: 
| Full disk encryption isn't quite dead | At least once a month, it seems some vendor or techie claims to have broken a version of a hard drive full-disk encryption (FDE) program scheme, whether it's from Microsoft (my full-time employer), BitLocker, open source favorite TrueCrypt, or some other variant. All the stories and the hype are enough to make one wonder if FDE is dead.
The brief -- and slightly qualified -- answer is no. There are a handful of clever attacks, as well as software to make them easier to pull off. Luckily there are easy ways to prevent most of them. We will start, however, with an attack that doesn't have an easy defense.
[ A malicious Facebook ad is redirecting users to fake antivirus software. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
Cold boot attack
In February 2008, a team including Princeton's Dr. Edward Felton -- one of the world's premier computer security researchers -- used an interesting intrinsic property of computer memory to successfully hack BitLocker [PDF]. It turns out that computer memory chips will hold their contents from a few seconds to a few minutes after the computer's power is turned off. Further, lowering the temperature or freezing the chips enables the contents to remain in play much longer -- enough time to be transferred to another specialized analysis computer so that the data can be copied to permanent storage. The attack team could then search for the primary BitLocker encryption key and unlock the data.
Browser Security Deep Dive
The "cold boot" attack is perhaps the toughest attack to defend against on a computer without specialized crypto-hardware. The flaw lies more with computer memory than the involved crypto. All software-based crypto has to eventually place the decryption key in normal memory in an unprotected state so that it can be used to decrypt the hard drive. An attacker can always find the unprotected key when he or she has a copy of memory to examine.
This plan requires the attacker to somehow acquire the victim's computer while it's powering down, just after it's powered down, or when it's coming back up from a suspended or standby state. Then the attacker has to freeze the chips, transfer them to another specialized computer, and use specially built software to find the key for the FDE cipher. If you're worried about this attack, make sure your unattended, powered-on computers have good physical security; alternatively, consider using hardware crypto solutions that are resistant to cold boot attacks.
Manipulating cold memory chips isn't for the faint at heart. Over the past two years, other researchers realized they could capture memory on powered-up computers by using the 1394 FireWire port found on most higher-end laptops. Here's one discussion detailing how to crack BitLocker using the FireWire memory attack [PDF].
Exploitation via FireWire
Prolific crypto- an... |
Click here to read the rest of this article from Computer User
