February 21, 2008
Encryption Not What It's Cracked Up To Be
Disk encryption is one of those darlings that businesses, the prudent, and the paranoid turn to as a matter of preserving confidentiality in digital content. Law enforcement tend to disfavor encryption as it is an impediment in their work of obtaining evidence against lawbreakers. Homeland security and intelligence agencies have mixed feelings about it. They like it well enough to preserve their secrets, but when terrorists and other miscreants use it, well, that's another story. The most recent example is the Boucher case out of the District of Vermont. There poor Mr. Boucher was arrested because he had alleged child pornography on his laptop as identified by name of files. When the forensic technician went to later examine the laptop, the files were discovered to be encrypted with PGP software. The government claims that it cannot break PGP. As one commenter to an earlier post pointed out, if the government can break PGP, it probably wouldn't waste that bit of information on an alleged holder of child pornography when terrorist intelligence is at stake. Fair enough.
Other entities beyond government and terrorists have an interest in encryption. Your local media content provider is one. Sony and Toshiba certainly had a stake in encrypting their high definition DVD formats after the fiasco of standard DVD encryption. Fifteen lines of code broke that. High definition was to be different, and to some extent, it is a bit harder to break, but not impossible. Enterprising hackers looked for the keys in memory when a disc loaded, and, well, history repeats itself. The reaction was to revoke certain keys which required a firmware update to play later manufactured discs. This isn't exactly the most consumer friendly way to handle a business where someone comes home from the Wal-Mart with a disc, plops it into the home player and expects it to simply play.
It seems, though, that those DVD hackers may have been on to something. There is a report in CNET about a new hack strategy that describes something similar to defeat PGP, BitLocker, FileVault, and the rest. If the keys are in memory, then they can be scanned to pick the lock. This affects machines in sleep mode and other various states of hibernation. As a side note, Microsoft designed Vista to push sleep mode as a way of faking a fast restart once reawakened, assuming of course, the machines re-awake. (On my Vista machine it should be called coma mode because I have to unplug it and reboot to get it to restart when that happens. I found out the hard way when my cat walked across my keyboard one time and placed the machine into that state by accident.)
Still, it seems the only way to keep determined people out of an encrypted drive is to turn off the computer, which is kind of silly if one needs to use it. There are even techniques to get the data from RAM chips removed from one machine to another if done within the right time-frame and temperature.
This is all detailed in a paper out of Princeton University. You can read about the paper here and follow the links to get the actual PDF. The implications are something to think about.
February 21, 2008 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Encryption Not What It's Cracked Up To Be: