Arch Linux

veek

Member

Registered: 2006-03-10

Posts: 167

Researchers: Disk Encryption Not Secure (Article Title)

Article from Wired: http://blog.wired.com/27bstroke6/2008/0 … s-dis.html
Link to Princeton website documenting the research: http://citp.princeton.edu/memory/

I found this article discussing a weakness in encrypted disk solutions.
To summarize, disk encryption systems keep the decryption key in
RAM. So a computer that is sitting unattended is vulnerable, even if locked
in standby mode. Even after being powered off the contents of RAM are retained
for some time (seconds to minutes) and the key can be dumped from memory.
This technique was demonstrated by researchers and is not terribly difficult to do.

Several encryption systems were tested including TrueCrypt.

That said, several countermeasures were proposed in the comments under
the article. A feature of TrueCrypt (and I think dm-crypt) mentioned in the comments
doesn't seem to have been taken into account by the researchers, and seems to me to be
an effective solution. TrueCrypt only keeps the key in memory while the encrypted volume
is mounted. When the volume is unmounted the key is removed from memory. It also
apparently has an auto-unmount feature making it possible to have encrypted volumes
unmounted when a user logs off and/or after a period of inactivity. This of course means
that you need your truly sensitive data in a separate encrypted partition that can be
unmounted and mounted at will since you can't unmount your primary partition while you're
running the OS (right?).

So the unmounted volume's key being removed from memory combined with the
auto-unmount feature seem to be a pretty solid solution, maybe not ideal. At least
removing the key from memory makes the attack in the article futile.

Any thoughts from the security minded people? To date I've never been a real security nut,
but recently I've been having to travel with a laptop with some expensive proprietary software.
I'm thinking I should make an encrypted partition for valuable data.

barebones

Member

Registered: 2006-04-30

Posts: 235

Re: Researchers: Disk Encryption Not Secure (Article Title)

I think the solution to this problem may be even simpler than that. To  dump the contents of your memory, the attacker needs to get access to your computer immediately, either to actually dump the memory or to freeze the ram. So, wait 5 minutes. If your data is really that sensitive that this could be an issue, keeping an eye on the computer for that small period of time should be no problem. Also, if your data is that sensitive, you should never leave it unattended when it is anything but shut off. IE, don't put it in hibernate and walk off. Or, even better, if your data is that sensitive, don't leave it unattended. Period. From everything that I've read, it looks like most of the real problems with data security are between the keyboard and chair, not the hardware or software.

SiC

Member

From: Liverpool, England

Registered: 2008-01-10

Posts: 430

Re: Researchers: Disk Encryption Not Secure (Article Title)

From everything that I've read, it looks like most of the real problems with data security are between the keyboard and chair, not the hardware or software.

Most problems with life in general can be reduced to PEBKAC at some level.

veek

Member

Registered: 2006-03-10

Posts: 167

Re: Researchers: Disk Encryption Not Secure (Article Title)

You guys make valid observations, but the point of encryption is to protect data when things
don't go as planned. Obviously if you're always able to follow common sense practices
with regard to sensitive data that's great.

MrWeatherbee

Member

Registered: 2007-08-01

Posts: 288

Re: Researchers: Disk Encryption Not Secure (Article Title)

I think the solution to this problem may be even simpler than that. To  dump the contents of your memory, the attacker needs to get access to your computer immediately, either to actually dump the memory or to freeze the ram. So, wait 5 minutes. If your data is really that sensitive that this could be an issue, keeping an eye on the computer for that small period of time should be no problem. Also, if your data is that sensitive, you should never leave it unattended when it is anything but shut off. IE, don't put it in hibernate and walk off. Or, even better, if your data is that sensitive, don't leave it unattended. Period. From everything that I've read, it looks like most of the real problems with data security are between the keyboard and chair, not the hardware or software.

Yes.

The whole idea that "there is no easy solution" to this is hyperbole. We've always known that WDE is ineffective (of, course) while the computer is running. Solution: turn it off. The latter was never considered a surprising weakness; it was just part of the process of securing the data.

So, now we are "simply" faced with modifying what the term "off" means. It should be expanded to mean waiting an additional 60 seconds or so after power is disconnected. That is now part of the process and does not seem too difficult to me.

Other more sophisticated methods can be worked on as solutions, but in the meantime, this is not a deal-breaker in comparison to what was deemed "secure" prior to publication of this particular research.