The Cold Boot Attack is Back

The Cold Book Attack was resurrected last week by some researchers at f-secure https://press.f-secure.com/2018/09/13/firmware-weakness-in-modern-laptops-exposes-encryption-keys/ .  I would like to provide some context for both the exploit and the mitigations because the cold boot attack is just the tip of the iceberg.   But first, if you don’t want to know the details, there are steps that organizations can take to protect against Cold Boot attacks on PC’s and Macs when using SecureDoc including:

Do physical servers really need to be encrypted?

In the past, I have tried to make the case for encrypting physical servers on premise.  The argument for not needing to encrypt them is that these servers usually run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center.  The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers.  I would counter that all drives eventually leave the data center for repair or disposal, and having them encrypted protects you from having your old drives show up on eBay, with your customer data still on them.  Encrypting the drive means it can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.

Enterprise Encryption for Linux

Enterprise Encryption for Linux

Linux has built in encryption for several years now, yet enterprises still struggle with encryption on Linux laptops.  Why is that? To answer this question, let’s first review the disk encryption capabilities that are built into Linux:

Proper encryption management and control strengthens computer forensic efforts

It has been awhile since I last wrote about computer forensics and encryption so it is time for an update.

First, what is Computer Forensics?   According to Wikipedia, Computer forensics is, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.”   In short it is like data recovery, but with additional guidelines and practices designed to create a legal “audit trail” that could be used in court if need be.

BitLocker: Compliant or Practical? – Mixed Messages from Microsoft

On one hand, Microsoft says that BitLocker with pre-boot authentication (TPM + PIN) is the recommended best practice (See Here).  On the other, Microsoft admits that BitLocker with their pre-boot authentication “inconveniences users and increases IT management costs.” A mixed message for any IT pro responsible for keeping devices compliant and secure.

Read on to discover the compliance shortfalls of BitLocker and how to address them.

Is Microsoft claiming Pre-Boot Authentication for FDE is not necessary?

Is Microsoft really claiming pre-boot authentication (PBA) for Full Disk Encryption (FDE) is not necessary? One could certainly get that impression from recent articles (HERE and HERE) posted by the organization.  The first article on “Types of attacks for volume encryption keys” lists a few known historical attacks that “could be used to compromise a volume encryption key, whether for BitLocker or a non-Microsoft encryption solution”, and the second makes statements like “For many years, Microsoft has recommended using pre-boot authentication to protect against DMA and memory remanence attacks. Today, Microsoft only recommends using pre-boot authentication on PCs where the mitigations described in this document cannot be implemented.

Cloud Physical Virtual VM Servers

Physical Servers to Hyper-Convergence – A Need for Encryption

In the past I have tried to make the case for encrypting physical servers on premise.   The argument for not needing to encrypt them is usually that these servers run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center.  The protection that FDE (Full Drive Encryption) brings only really applies to data at rest and it seldom is at rest on these servers.   I would counter that all drives eventually leave the data center for repair or disposal and having them encrypted protects you from having your old drives with your customer data on them show up on eBay.  An encrypted drive can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.

2017 International Cryptographic Module Conference and FDE cPPs

From May 17th to 19th, I had the pleasure of attending the Fifth International Cryptographic Module Conference (ICMC 2017) with my colleague, Alexander Mazuruc.   Alex usually attends this conference which focuses on cryptographic modules  and FIPS 140 type issues,  but this year there were 8 tracks on related subjects such as Quantum-safe crypto (yes, that is a thing), and Common Criteria.  The conference had about 35 different sponsors including the Trusted Commuting Group.  Overall I found the conference very informative and a good place to network in the community.