Click here to receive your FREE subscription to Campus Technology
Opinion
Research Has Chilling Effect on Hard Drive Encryption
3/14/2008
Finally, they put it all together and used these techniques to successfully attack encryption products such as BitLocker, TrueCrypt, and Apple's File Vault. If you're not use wading through research findings, this means our data encryption procedures aren't as good as we thought they were. It means back to the drawing board.
But Won't 'Trusted Compuing' Hardware Solve the Problem?
The response of some security experts was that the capabilities of Trusted Computing hardware would address the kind of vulnerabilities exploited by the Princeton researchers. (Although not extensively used, Trusted Computing Modules or TCMs are now found on many--roughly 150,000--personal computers. In response, the Princeton researchers point out that even though the TCM administers which software modules can use a key, once the key is stored in DRAM by the application, it is vulnerable to the kind of attack they reported.
They also noted that they were able to defeat Microsoft's BitLocker encryption despite its use of TPM and that the use of TCM actually increased the vulnerability because the system will automatically mount hardware protected disks when the machine is powered on.
So What Can Be Done?
Defending yourself against memory imaging attacks is difficult: The key has to be stored somewhere. The Princeton research group that documented this vulnerability recommends countermeasures that focus on discarding or obscuring encryption keys before an adversary might gain physical access, preventing memory-dumping software from being executed on the machine, physically protecting DRAM chips, and possibly making the contents of memory decay more readily.
Unfortunately many of these strategies involve changes to the application or operating system software and are not under the user's control. Examples include software that overwrites encryption keys when they are no longer needed, systems that clear memory at boot time, or systems that limit booting from the network or removable media.
Other countermeasures involve hardware changes that are similarly not available to the user. For example, physically protecting the DRAM chips by encasing them in epoxy or designing chips whose memory decays very quickly when power is lost.
Finally, the Princeton group found that locking your computer screen, which leaves the computer running but requires a password before allowing user interaction, does not protect what you have stored in memory. Similarly, putting your computer in "sleep," "suspend," or hibernate mode is not effective since an attacker could simply awaken the computer and extract the contents of memory as described earlier.
Two New Rules to Protect Data on Your Laptop
Fortunately there are practical steps you can take to protect sensitive data on your personal computer:
1. If you have sensitive data on your computer and must leave it unattended, do a complete shut down. Don't put it to sleep; don't put it in hibernation. Turn it off.
2. After you do a complete shut down, wait a minute or so before leaving your computer unattended.
Doug Gale is president of Information Technology Associates, LLC (www.it associates.org) an IT consultancy specializing in higher education. He has more than 30 years of experience in higher education as a faculty member, CIO, and research administrator.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Sun, Stanford Working To Archive History
In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.
- The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services
The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.
- Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads
At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.
- Automation Chimera: Education Is Not Management
The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.
- Cognos Releases BI Software for Linux-based IBM System z Mainframe
Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.
- Facebook and Collegiality: A Serendipitous Social Niche
Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.
