Archive for the 'Cryptography' Category

Stealing Encrypted Data !

The Center for Information Technology policy group at Princeton university published a finding in which they showed how simple it is to break “Encrypted Hard drives” using cold boot attack.

This attack as described in the paper is very simple and can be performed by an average guy. The attacks exploit the DRAM remanence effects to recover cryptographic keys held in memory. There is a good video posted by the group which includes a demonstration of how simple it is to break an encrypted system (when the system is up and running or in standby/hibernate mode) and it is worth watching.

Most corporations use Pointsec for full disk encryption. The researchers were successful in retrieving the encryption key for hard drives encrypted using BitLocker, FileVault, dm-crypt, and TrueCrypt. A possibility exists where Pointsec encrypted drives are also vulnerable.

What steps can corporations take to mitigate the risk ?

  • Change the machine’s architecture: Find DRAM systems that lose their state quickly. This might not be feasible from a cost standpoint on existing machines.
  • Prevent physical access to DRAM chips and modules: Tamper resistant hardware, does it exist ? 🙂
  • Complete “shutdown” : Educate corporate users to completely “shudown” their laptops (instead of going in to hibernate / standby mode) while traveling etc.