[FDE] DRAM attack - not thwarted at all by Seagate's drive

[Garrett M. Groff]

I conveniently got an email from Secude in my inbox. One of the closing paras had the following:


As you continue your investigation of disk-encryption technologies, I invite you to contact us to learn more about our partnership with Seagate and other hard drive manufacturers and how we eliminate the types of vulnerabilities found in DRAM attacks.  By encrypting data at the drive level, we are able to offer you the highest level of protection.  


Of course, that's not true at all. The vulnerability of data residing in DRAM still exists. That will be the case until we get "secure RAM," or something along those lines.

However, it is true that the particular attack involving reading the FDE key directly from RAM is defeated since that key is never written to RAM.

Maybe I'm being too picky here, but looking ahead, this technique could be used to read information from any application that happens to be open at the moment using software that looks for juicy keywords (like "confidential" or "password"). Doesn't that seem like the next logical threat once the "low-hanging fruit" (such as it is) of cold-boot key discovery is patched? I mean, how long are we going to have secure disks with wide-open RAM chips?

- Garrett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20080229/04c456b2/attachment.html