Thursday, February 28, 2008

Warming the cold boot – a bit of braggin’ from BitArmor

By now, all of you are aware of the attacks on full disk encryption technologies described by Princeton researchers. In short, they describe how one can “steal” the contents of RAM and extract the encryption passwords kept in clear text. The research concludes that almost all disk encryption products have the same fundamental flaw that enables anyone, without custom-built and expensive resources, to gain access to the system. Rich Mogull has a good blog on how one should think through the ramifications.

This is scary news and rightfully so. We have seen encryption vendors approach this differently.

  • The don’t-worry, be happy approach: Some claim the attack is so esoteric, the customer need not worry – this is just research stuff.
  • Leave it to us approach: Some claim to have solved the problem, but with no indication of what that means or how they do it.
  • Increase your complexity approach: Some want you to increase the end-user complexity with process and unnatural actions to solve the problem. Not a good idea – every time we ask the end user to be responsible, we lose control and confidence that it was indeed secure. Transparency is the key to security..

We at BitArmor have taken another approach – the “solve the problem” approach. In fact, we had solved this problem, before it even became a known issue. Our CEO, Patrick McGregor is one of the researchers mentioned in the Princeton paper as having proposed architectural enhancements to prevent (the key word being prevent :))these attacks. From the paper:

“Others have proposed architectures that would routinely encrypt the contents of memory for security purposes [28, 27]. These would apparently prevent the attacks we describe..”

The “others” mentioned above, in case you were wondering, are McGregor et al… Check out his blog on his experience at Princeton...

Sorry if we seem to be bragging a bit – not often does a small startup from steeltown open up such a big can of whupass against a new broad new threat!

We have since applied (we had the technology already for a while) for multiple patents on technologies to solve these and similar attacks. Find out more on the BitArmor website ( for a high level look at how we deal with specific cold boot threats.

As soon as we can write up detailed information on exactly how we are dealing with the specific cold boot threats in our FDE (full disk encryption) as well as PFE (persistent file encryption) solutions, we will put it up here. Look for more information next week…

No comments: