Re: [FDE] DRAM attack - not thwarted at all by Seagate's driveCORRECTION the data on the HDD IS Protected!!!

Sun, 02 Mar 2008 15:26:22 -0800 

Hi, Garrett.
Can you tell me from were are you getting this technical information on the Seagate Momentus FDE.2? 

Thanks!

On Mar 1, 2008, at 11:30 AM, Andreas W. Kuhn wrote:


Garrett,


I think there are many that feel like you. There could theoretically  
be

any number of future possibilities to lift temporary data from DRAM.

Like it has been said in previous comments, the best way preventing
lifting of sensitive temporary data from DRAM is simply to try and
circumvent storing sensitive data in DRAM

The Seagate MOMENTUS FDE.2 approach is a simple one:


Keep the encryption key in a safe partition of the hard drive and do  
not

make it available for the system to see.

The Seagate MOMENTUS FDE.2 does just that. It works as follows:


User must authenticate themselves directly to the drive using a  
password
before the drive will unlock and allow the normal OS to boot. This  
does not

use either the BIOS or the OS to perform the authentication.

The Seagate  MOMENTUS FDE.2  drive supports more secure authentication

approach where the authentication to the drive is done using an  
alternate
pre-boot OS held in a protected area of the drive, and also support  
new ATA
security commands for Trusted Send and Trusted Receive to protect  
the password.



If the authentication is successful, as determined by the Seagate  
MOMENTUS FDE.2
drive, then the drive is unlocked and the system is allowed to boot  
normally.



With this solution, not only is the authentication done before any  
foreign software
is allowed to load, the encryption keys are never exposed outside  
the protected
hardware of the drive itself, including the user area of the drive  
or in the OS, which

is what these attacks are exploiting.


A solution for the stand-by mode on the Seagate MOMENTUS FDE.2 is  
apparently
imminent. This will make it the only solution available that will  
support both,

secure "hibernation" and secure "stand-by" mode.



Garrett wrote:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+ In fact, I think hardware-based encryption (like the Momentus  
drive) is the way to go in the long
+ haul (hardware+software attacks are typically more difficult than  
software-only attacks).

+

+ Just a bit frustrated that I can't sleep as easy at night knowing  
that the "theoretical" RAM analysis
+ technique will (soon?) be used by more than a group of researchers  
at Princeton, realistically.

_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde



_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde






















					Reply via email to