Laptop Disk Encryption Vulnerabilities

There is lots of talk going around about the results of research showing that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. More specifically the results

show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents.

The full research paper can be downloaded here and the conclusion needs to be taken seriously by the security industry.

The attacks we describe are practical—for example, we have used them to defeat several popular disk encryption systems….There seems to be no easy remedy for these vulnerabilities. Simple software changes are likely to be ineffective; hardware changes are possible but will require time and expense; and today’s Trusted Computing technologies appear to be of little help because they cannot protect keys that are already in memory. The risk seems highest for laptops, which are often taken out in public in states that are vulnerable to our attacks. These risks imply that disk encryption on laptops may do less good than widely believed.

The paper describes an attack on Windows Bitlocker (included with Vista) and describes how it is particularly vulnerable [to attack], because it allows the disk encryption keys to be extracted.

More comment on Bruce Schneier’s blog here.