[FDE] Data at Rest, Data in Transit, and Data in Use
Allen
netsecurity at sound-by-design.com
Fri Jul 27 22:45:16 MDT 2007
Patrick Cahalan wrote:
[snip]
> Finally, remember, (e) for detachable media, including laptop hard
> drives, the USER is considered the "node associated with the media",
> so really, your data can't be considered secure, because the user is
> the node, and the user has the key. (Unless, I suppose, you have the
> ability to revoke the key remotely, preventing Disgruntled Joe from
> taking a laptop out and then quitting with a copy of your code base
> already in his possession).
First, your definitions are great for the various states and
requirements.
Second, I wanted to add three additional vectors that could be
used to compromise almost any data in any state of being - rubber
hose cryptography by thugs or economic criminals, threatened
torture or death of a loved one, and finally the types of torture
represented by extreme rendition, Abu Ghraib, and Guantanamo.
Very few of us would be able to withstand the kinds of torture
that have been developed in the name of exporting and enforcing
one or another dogma.
So what can we do? Not a d%^& thing I suspect except help each
other to come up with plausible deniability solutions and not
putting ourselves and our families in harm's way.
I've not seen much about plausible deniability in various
discussions except with the TruCrypt people. Perhaps this is an
area that needs thought on and possible solutions proposed.
Best,
Allen
More information about the FDE
mailing list