Releases

posted on 04 August 2008 08:55

The recent Princeton University research and video demonstration that broke widely used disk encryption technologies is a scary prospect for many organizations.

Having physical access to a machine and simple hacking tools were all that was needed. The common belief was that disk encryption is almost unbreakable - and sufficient to prevent almost all device theft scenarios. This attack is very troubling, especially since full disk encryption was thought to be the panacea for protecting data on laptops!

BitArmor's CEO, Patrick McGregor's, Ph.D. thesis at Princeton was focused on building secure and resilient systems. In fact, he is one of the researchers mentioned in the Princeton paper as having proposed architectural enhancements to prevent these attacks. From the paper:

"Others have proposed architectures that would routinely encrypt the contents of memory for security purposes [28, 27]. These would apparently prevent the attacks we describe...."

DataControl – the solution against Cold Boot Attack scenarios

Based on Patrick's thought leadership, BitArmor DataControl has had several technologies to prevent such attacks, even before these became widely known. DataControl can prevent attacks on RAM from various threat scenarios described in the Princeton paper.

Our Full Disk Encryption (FDE) product can prevent cold boot attacks based on these scenarios:

- DRAM access during hibernation and within 2 minutes of shutdown: BitArmor scrubs keys using KeyScrubber™ technology immediately as the computer shuts down or goes into hibernation mode – accessing the memory will yield nothing.

- DRAM access during sleep or screen-lock modes: BitArmor uses patent pending cryptographic, OS and processor architecture techniques to prevent these attacks – even if the RAM is super-cooled, the leakage of a few bits per million is enough to secure the keys (the Princeton research data suggests that over 14,000 bits/million were "lost" when super-cooled in liquid nitrogen).

- Booting an alternate operating system: BitArmor uses patent pending, advanced memory system techniques to prevent this attack.

Our persistent file encryption (PFE) product has been resilient against these classes of attacks. It can protect against the following threat scenarios:

- DRAM access during hibernation: BitArmor scrubs keys when the computer goes into hibernation mode – accessing the memory will yield nothing.

- DRAM access during sleep or screen lock: BitArmor can be configured to scrubs keys when the computer goes into sleep mode and if the computer is off the corporate network. This might provide the optimal balance between security and end-user productivity.

- DRAM access when shutdown: BitArmor scrubs keys when the computer is shutdown – accessing the memory will yield nothing.

In addition to the above, DataControl's persistent file encryption uses multiple keys to encrypt files or folders – in the unlikely event that one key was compromised; the attacker would still only be able to access partial data. Moreover, DataControl has the ability instantaneously revoke keys, thus removing access to sensitive files and providing a higher level of security and peace of mind.

Summary

While our disk encryption product can, by itself, prevent the attacks described in the Princeton paper, we recommend our customers utilize the defense-in-depth capability of our integrated FDE+PFE solution to achieve an optimal balance of high security, high performance and end-user transparency.

^{[Formatted by Wendy Matthews.]}