You might be shocked to learn this, but when a quivering-lipped Chloe from 24 cracks the encryption on a terrorist’s hard drive in 30 seconds, the TV show is faking it. “So what? It’s just a TV show.” Well, yes, but it turns out thatreal federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.
The study, titled “The growing impact of full disk encryption on digital forensics,” illustrates the difficulty that CSI teams have in obtaining enough digital data to build a solid case against criminals. According to the researchers, one of which is a member of US-CERT — the US government’s primary defense against internet and digital threats — there are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off a computer (for transportation) without realizing it’s encrypted, and thus can’t get back at the data (unless the arrestee gives up his password, which he doesn’t have to do); second, if the analysis team doesn’t know that the disk is encrypted, it can waste hours trying to read something that’s ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data.
The paper does go on to suggest some ways to ameliorate these issues, though: Better awareness at the evidence-gathering stage would help, but it also suggests “on-scene forensic acquisition” of data, which involves ripping unencrypted data from volatile, live memory (with the cryogenic RAM freezing technique, presumably). Ultimately, though, the researchers aren’t hopeful: “Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption,” concludes the paper.
Friday, November 18, 2011
Full Disk Encryption and Law Enforcement
From Sebastian Anthony Full disk encryption is too good, says US intelligence agency: