[FDE] DRAM attack - not thwarted at all by Seagate's driveCORRECTION the data on the HDD IS Protected!!!

Garrett M. Groff groffg at gmgdesign.com
Fri Feb 29 22:13:30 MST 2008 

I concede your points. My frustration is not with Secude's hardware+software solution specifically. In fact, I think hardware-based encryption (like the Momentus drive) is the way to go in the long haul (hardware+software attacks are typically more difficult than software-only attacks). Just a bit frustrated that I can't sleep as easy at night knowing that the "theoretical" RAM analysis technique will (soon?) be used by more than a group of researchers at Princeton, realistically.

- Garrett



  ----- Original Message ----- 
  From: Larry Massey 
  To: fde at www.xml-dev.com 
  Sent: Friday, February 29, 2008 3:30 PM
  Subject: Re: [FDE] DRAM attack - not thwarted at all by Seagate's driveCORRECTION the data on the HDD IS Protected!!!


  Garrett:

   

  Glad you "conveniently" received that email.J

   

  Yes, you may be a bit too picky. 

   

  Our solution is to solve a Data At Rest problem that in pure Software Laptop Encryption products is broken by exposing the encryption key residing in PC DRAM and NOT to solve the problem of securing the contents of DRAM which would a different data exposure problem, of course.

   

  We make no claim to solve the problem of data exposed in DRAM, simply to not put data in DRAM at a point in time that it could be exposed and used to defeat HDD on board encryption technology. You may want to spend some time learning more about the Seagate drive, as it is quite an interesting and secure technology.

   

  If any of you will be attending the Data Protection Summit in LA next month, we will have a presentation on this specific topic (again DAR only), I will also be attending and would love to meet any members of this very enjoyable although overly cloaked group on this blog. Maybe we can even get together for a dinner one evening. I am sure that some of this blogs under cover vendors might even be willing to foot the bill.

   

  Regards,

  Larry

   

   

  ___________________________________________________

  Larry Massey

  President

   

  SECUDE IT Security, LLC 
  380 Sundown Drive
  Dawsonville, GA  30534 USA 



  Tel : +1 706 216 8609 

  Fax:    +1 706 216 4696

  Mobile : +1 706 215 3854 

  larry.massey at usa.secude.com
  www.secude.com

   

  From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com] On Behalf Of Garrett M. Groff
  Sent: Friday, February 29, 2008 2:07 PM
  To: fde at www.xml-dev.com
  Subject: [FDE] DRAM attack - not thwarted at all by Seagate's drive

   

  I conveniently got an email from Secude in my inbox. One of the closing paras had the following:

   

   

  As you continue your investigation of disk-encryption technologies, I invite you to contact us to learn more about our partnership with Seagate and other hard drive manufacturers and how we eliminate the types of vulnerabilities found in DRAM attacks.  By encrypting data at the drive level, we are able to offer you the highest level of protection.  

   

   

  Of course, that's not true at all. The vulnerability of data residing in DRAM still exists. That will be the case until we get "secure RAM," or something along those lines.

   

  However, it is true that the particular attack involving reading the FDE key directly from RAM is defeated since that key is never written to RAM.

   

  Maybe I'm being too picky here, but looking ahead, this technique could be used to read information from any application that happens to be open at the moment using software that looks for juicy keywords (like "confidential" or "password"). Doesn't that seem like the next logical threat once the "low-hanging fruit" (such as it is) of cold-boot key discovery is patched? I mean, how long are we going to have secure disks with wide-open RAM chips?

   

  - Garrett



------------------------------------------------------------------------------


  _______________________________________________
  FDE mailing list
  FDE at www.xml-dev.com
  http://www.xml-dev.com/mailman/listinfo/fde
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20080301/a9cd063d/attachment.html

More information about the FDE mailing list