Garrett, I think there are many that feel like you. There could theoretically be any number of future possibilities to lift temporary data from DRAM.
Like it has been said in previous comments, the best way preventing lifting of sensitive temporary data from DRAM is simply to try and circumvent storing sensitive data in DRAM The Seagate MOMENTUS FDE.2 approach is a simple one: Keep the encryption key in a safe partition of the hard drive and do not make it available for the system to see. The Seagate MOMENTUS FDE.2 does just that. It works as follows: User must authenticate themselves directly to the drive using a password before the drive will unlock and allow the normal OS to boot. This does not use either the BIOS or the OS to perform the authentication. The Seagate MOMENTUS FDE.2 drive supports more secure authentication approach where the authentication to the drive is done using an alternate pre-boot OS held in a protected area of the drive, and also support new ATA security commands for Trusted Send and Trusted Receive to protect the password. If the authentication is successful, as determined by the Seagate MOMENTUS FDE.2 drive, then the drive is unlocked and the system is allowed to boot normally. With this solution, not only is the authentication done before any foreign software is allowed to load, the encryption keys are never exposed outside the protected hardware of the drive itself, including the user area of the drive or in the OS, which is what these attacks are exploiting. A solution for the stand-by mode on the Seagate MOMENTUS FDE.2 is apparently imminent. This will make it the only solution available that will support both, secure "hibernation" and secure "stand-by" mode. Garrett wrote: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + In fact, I think hardware-based encryption (like the Momentus drive) is the way to go in the long + haul (hardware+software attacks are typically more difficult than software-only attacks). + + Just a bit frustrated that I can't sleep as easy at night knowing that the "theoretical" RAM analysis + technique will (soon?) be used by more than a group of researchers at Princeton, realistically.
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
