We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

A Password is Not Enough: Why disk encryption is broken and how we might fix it

Formal Metadata

Title
A Password is Not Enough: Why disk encryption is broken and how we might fix it
Title of Series
Number of Parts
112
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Since the publication of the cold boot attack on software disk encryption 5 years ago, there has been little progress on developing countermeasures and implementing defenses in the disk encryption technologies already in wide use. Furthermore, many users of full disk encryption have physical security habits that fall outside the security models of disk encryption software and thus are more vulnerable than they realize. After examining a set of effective, easily executable, attacks on off- the-shelf disk encryption, and contextualizing them in x86 system architecture, we examine recent research on means of mitigating these attacks. By integrating AES new instructions, x86 debugging registers, encrypted RAM, IOMMU, and the TPM into a combined encryption system, the difficulty of executing a successful attack is raised significantly. We will examine the construction of this system in detail, and, at a higher level, the role of full disk encryption in assuring meaningful security in the face of physical access. Source to an experimental version of the system will be made available. Daniel Selifonov has consulted for a handful of research oriented startups since 2007, and built systems for information technology where security was considered throughout design and implementation, rather than as an afterthought. His research interests in security include reverse engineering, applied cryptography, client side security, and user acceptable information system design. He believes that businesses, no matter the size, should have the tools to defend themselves without getting in the way of core operations, and that existing tools and building blocks require too much expert input to implement correctly.