Thursday, February 21, 2008

Disk encryption not enough?

Just saw this come off the wire - from on how disk encryption from Bitlocker and Apple's FileVault has been circumvented by a few researchers. If this is as simple as they make it sound, this is a bit worrisome. However, I am not ready to buy this fully, till I understand this a bit more.

For one, I was under the impression that Bitlocker protected against booting via an alternative OS (especially a system with a TPM chip on it) because it can perform bootup integrity checks. The article seems to claim this is one of the ways in... Hmm, not so sure...

Further questions:
Is this attack valid for all authentication scenarios such as TPM+Pin?
How easy is it to scan the RAM on a locked system?

There was another article recently in eWeek that talked about FDE not being sufficient protection. I personally think that we need defense against multiple scenarios - not sure if the defense-in-depth term can be used, but seems to fit the best...

Looking forward to understanding this a bit more...

No comments: