5 Votes
Drive Encryption Defeated
With the numerous cases of lost and stolen laptops containing sensitive and private information making headlines, governments and businesses have turned to drive encryption as a means of mitigating their data loss risks. Drive encryption differs from file encryption in that the entire volume is encrypted and unintelligible without the requisite keys. Without knowledge of the key at boot-time, the system is unable to decrypt the volume. Once running, the keys are retained in RAM for necessary decryption routines.
Herein lies the weakness. Sponsored by the Department of Homeland Security, Princeton researchers discovered that by deep freezing RAM chips, the data is not lost when the power goes off. Normally, without a refresh charge, the volatile state of RAM is lost. While a deep liquid nitrogen freeze allows the attacker to preserve the RAM contents for long periods of time, the researchers discovered that even bursts of compressed air chilled the chips enough that data was retained for several minutes. The extra time was necessary to preserve the chips such that the decryption keys could be copied and then used normally to access the stolen hard drives.
Similarly tagged OmniNerd content:
- Twitter Hack Affects Stock Trading, by VnutZ 25 days ago
- Government Console Hacking, by VnutZ about 1 year ago
- Malware Expanding Its Horizons, by VnutZ about 2 years ago
- SSL Snafu by Comodo, by VnutZ about 2 years ago
Print Friendly
Write an Article
Drive Encryption Defeated -- or not by johnny_boy
At a talk I attended recently, a Seagate researcher said that Seagate is now manufacturing drives that feature Full Disk Encryption — their FDE line of drives. His expectation is that within the next few years all drives will offer this technology, since the capability to do so will already be built into the ASIC that services all the other drive requirements.
A member of the audience asked "What about cryogenic attacks", which I interpreted to be this type of "freeze the RAM and snoop around" attack, but instead the answer he gave was along the lines of "Well yes, by feeding known bit patterns into the drive and watching the thermal radiation it is possible to get some hint as to the key, but it’s not a practical attack at this point." An unexpected and interesting response.