Computer security systems vulnerable to new attacksFebruary 22nd, 2008 - 4:55 pm ICT by admin
New York, Feb 22 (IANS) A new category of computer attacks may compromise memory systems touted as foolproof, particularly in laptops, a recent study has found. The study, by researchers at Princeton, found these attacks overcome “disc encryption”, a broad set of security measures meant to protect information stored in a computer’s permanent memory.
The researchers cracked widely-used technologies like Microsoft’s BitLocker, Apple’s FileVault and Linux’s dm-crypt.
They described the attacks in a paper and video published Thursday on the web.
The team said these attacks are likely to break through other disc encryption systems because these technologies have similar structural features.
The attack is particularly effective against computers that are turned on but are locked, such as laptops in “sleep” or hibernation mode.
One effective countermeasure is to turn a computer off entirely, though in some cases even this does not guarantee protection.
“We’ve broken disc encryption products exactly when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said Alex Halderman of Princeton’s computer science department.
Halderman’s Princeton collaborators included graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman and Professor Edward Felten of the Centre for Information Technology Policy.
The findings demonstrate risks associated with recent high-profile thefts, including a Veterans Administration computer containing information on 26 million veterans and a University of California, Berkeley laptop that contained information on more than 98,000 graduate students and others, said Felten.
The team wrote programmes that gained access to essential encryption information automatically after cutting power to machines and rebooting them.
“This method is extremely resistant to countermeasures that defensive programmes on the original computer might try to take,” Halderman said.
Tags: alex halderman, bitlocker, business customers, calandrino, category of computer, computer attacks, computer science department, computer security systems, countermeasure, countermeasures, edward felten, hibernation mode, information technology policy, memory systems, new category, professor edward, security measures, sensitive corporate data, university of california berkeley, veterans administration