9 Students have released a significant new research result. They show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. They demonstrate their methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux. The research team includes J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.
Their site has links to the paper, an explanatory video, and other materials.
The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Their research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.
This entry was posted
on Monday, February 25th, 2008 at 2:47 am and is filed under IT security.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
4 Responses to “BitLocker, FileVault, dm-crypt, and TrueCrypt all hacked”
[...] the encryption easier to crack these days (see this post), are you worried about your data showing up in some odd place like ebay for all to see? Spread [...]
To defeat this attack, don’t use standby mode if you’re transporting your rig anywhere it might be at risk. Crossing international borders is the number one worst.
There’s another “attack” out there. In one recent case, a guy crossing the border into the US let cops see his data. They thought (right or wrong, I don’t know) that there was ‘questionable content’ on there. Somehow the machine got turned off, and had hardcore encryption in place. So they went to court and a judge signed off on a subpoena forcing the guy to give up his password, on the basis that once he’d given permission to search he couldn’t revoke it.
And a Federal appeals court (I *think* the Second Circuit in New York?) upheld this.
So: we cannot ever give law enforcement in the US permission to search our disks as we can’t revoke it later.
Fortunately, this is the sole exception I’m aware of to the US 5th Amendment right not to give up your password voluntarily. So in the US, you don’t have to hide the fact that you’re doing encryption as you cannot be held in jail until you cough it up.
In too many other countries, the real risk is “rubber hose decryption” – passwords extracted via torture. If there’s ANY risk of that, and so far I’m willing to say there isn’t in the USofA, you have to go to either hidden encryption, or double layer where they “force” one password out of you not knowing there’s another layer. The TrueCrypt documentation covers these cases.
I’m in the US and doing whole-disk “in your face” encryption through DM-Crypt (Ubuntu Linux alternate install CD).
But you granted the consent to search. Before the police finished their search the encryption interrupted the search. Therefore, since you already consented to a search, they are allowed to request your password as part of the continuing search.
I don’t know the specifics of this case but the aforementioned seems extremely likely, and I’ve never, ever heard of someone giving consent to the search and then being able to revoke that consent before the search is complete. You can say yes or no, not yes then no. In fact by saying yes then no the police are likely to use the “suspicious behavior” loophole to continue the search.
Leave a Reply
About Security Extra
SecurityExtra tracks news on information and physical security – two sections of business that for too long have been treated separately. They are the same. more...
Latest Feedback
Seymour Butz: But you granted the consent to search. Before the police finished their search the encryption...
d: yes you can revoke. it’s called a CONSENT to search.
Jim March: To defeat this attack, don’t use standby mode if you’re transporting your rig anywhere it...
schoolgal: If you are looking for a good hardware firewall then go for Cyberoam UTM. It also has other features such...
Jon Selby: The disposal aspect of green IT security is an important subject to raise. Far and away the best...
FREE Security Updates
It Support Select the right company to provide your IT support services and it will pay off. Click for info.
Toshiba Laptop Repairs You need a company who can provide you with the most professional, cost effective Toshiba laptop repairs.
Cigarette Smoke Alarm Enforce the smoking ban by using quality guaranteed cigarette alarms from SDFireAlarms.co.uk.
Web Design Lancaster Great Web Design from Lancaster Based Oporation ICTINSITE. Run to make your SEO and web Campaigns FLY.
Marcus Evans scam Anyone can be a victim to online frauds. Know how to protect your business by visiting here.
Marcus Evans scam Sign up today for a Marcus Evans scam prevention conference
Posted by SecExtra on February 25th, 2008
February 28th, 2008 at 5:19 am
[...] the encryption easier to crack these days (see this post), are you worried about your data showing up in some odd place like ebay for all to see? Spread [...]
June 14th, 2009 at 2:42 am
To defeat this attack, don’t use standby mode if you’re transporting your rig anywhere it might be at risk. Crossing international borders is the number one worst.
There’s another “attack” out there. In one recent case, a guy crossing the border into the US let cops see his data. They thought (right or wrong, I don’t know) that there was ‘questionable content’ on there. Somehow the machine got turned off, and had hardcore encryption in place. So they went to court and a judge signed off on a subpoena forcing the guy to give up his password, on the basis that once he’d given permission to search he couldn’t revoke it.
And a Federal appeals court (I *think* the Second Circuit in New York?) upheld this.
So: we cannot ever give law enforcement in the US permission to search our disks as we can’t revoke it later.
Fortunately, this is the sole exception I’m aware of to the US 5th Amendment right not to give up your password voluntarily. So in the US, you don’t have to hide the fact that you’re doing encryption as you cannot be held in jail until you cough it up.
In too many other countries, the real risk is “rubber hose decryption” – passwords extracted via torture. If there’s ANY risk of that, and so far I’m willing to say there isn’t in the USofA, you have to go to either hidden encryption, or double layer where they “force” one password out of you not knowing there’s another layer. The TrueCrypt documentation covers these cases.
I’m in the US and doing whole-disk “in your face” encryption through DM-Crypt (Ubuntu Linux alternate install CD).
August 3rd, 2009 at 1:05 pm
yes you can revoke. it’s called a CONSENT to search.
January 13th, 2010 at 4:51 am
But you granted the consent to search. Before the police finished their search the encryption interrupted the search. Therefore, since you already consented to a search, they are allowed to request your password as part of the continuing search.
I don’t know the specifics of this case but the aforementioned seems extremely likely, and I’ve never, ever heard of someone giving consent to the search and then being able to revoke that consent before the search is complete. You can say yes or no, not yes then no. In fact by saying yes then no the police are likely to use the “suspicious behavior” loophole to continue the search.