"IN FACT - it is more likely to be present in hardware incarnations then well written software implementations." Can you elaborate please?
On 2/22/08, Bryan Glancey <[EMAIL PROTECTED]> wrote: > I entirely disagree. This attack will not be deterred by hardware, since the > OS hardware driver link will always need to be present. It is not present in > all FDE products today - IN FACT - it is more likely to be present in > hardware incarnations then well written software implementations. > > Good paper. > > Regards; > > Bryan > > ------------------------------------ > Mobile Armor, Inc > Bryan E. Glancey > Senior Vice President & Chief Technology Officer > [EMAIL PROTECTED] > 400 South Woods Mill Rd. > Suite 300 > Chesterfield, MO 63017 > tel: 314-590-0902 > fax: 314-590-0995 > mobile: 314-495-2048 > ------------------------------------ > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garrett M. > Groff > Sent: Friday, February 22, 2008 8:03 AM > To: [email protected] > Subject: Re: [FDE] Scary...... > > Upon actually reading the paper, I answered my own question. The attack > works regardless of BitLocker's mode if the computer is on or in standby, > and works in "basic mode" (BitLocker+TPM in transparent operation mode) even > if computer is off (since booting it up will cause the TPM to automatically > release the key if no boot components have changed), but will not work if > computer is in hibernation or in an off state and not in basic mode. > > Very interesting paper. The attack exploits hardware, so I suspect we'll > need a hardware solution for this problem. > > - G > > > ----- Original Message ----- > From: "Dave Jevans" <[EMAIL PROTECTED]> > To: <[email protected]> > Cc: "Garrett M. Groff" <[EMAIL PROTECTED]> > Sent: Friday, February 22, 2008 12:17 AM > Subject: Re: [FDE] Scary...... > > > > This attack WOULD work, as it is preserving the AES keys in DRAM after the > > authentication has been completed. > > > > > > At 6:28 PM -0500 2/21/08, Garrett M. Groff wrote: > >>Regarding the following statement: > >>"It's a pretty exotic attack if you're using authentication (ie not > >>Bitlocker in TPM mode, or some autoboot mode)." > >> > >>That is only an issue when using BitLocker's "transparent operation mode," > >>right? I.e., when using BitLocker+TPM and requiring that a PIN or USB key > >>be > >>entered/present, this hardware-based attack doesn't work. Correct? > >> > >> > >>----- Original Message ----- > >>From: "SafeBoot Simon" <[EMAIL PROTECTED]> > >>To: <[email protected]> > >>Sent: Thursday, February 21, 2008 5:38 PM > >>Subject: Re: [FDE] Scary...... > >> > >> > >>It's a pretty exotic attack if you're using authentication (ie not > >>Bitlocker in TPM mode, or some autoboot mode). > >> > >>You'd have to attack a FDE protected machine that was on, or was on > >>only a very short time ago (minutes). Most data exposure comes from > >>people stealing drives or machines from cars etc which are long off. > >> > >>This is also not that new (though it seems to be creating a lot of > >>panic today) - it's an attack considered for many years. > >> > >>And of course with FDE, the simple act of zeroing all copies of the > >>key from memory on shutdown would resolve the "just off" scenario, > >>though nothing except something like Danbury or Seagate FDE solves the > >>"stolen while on" situation - but in that case, there are many good, > >>but perhaps more exotic attacks, like the firewire memory download, or > >>any potential network attack points. > >> > >> > >>On Feb 21, 3:19 pm, "Ali, Saqib" <[EMAIL PROTECTED]> wrote: > >>> http://citp.princeton.edu/memory/ > >>> > >>> However, hardware based encrypted drives like Seagate FDE would easily > >>> deter these type of attacks. > >>> _______________________________________________ > >>> FDE mailing list > >>> [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde > >> > >>_______________________________________________ > >>FDE mailing list > >>[email protected] > >>http://www.xml-dev.com/mailman/listinfo/fde > >> > >>_______________________________________________ > >>FDE mailing list > >>[email protected] > >>http://www.xml-dev.com/mailman/listinfo/fde > > > > > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
