Secure storage follow up, discussion summary - PowerPoint PPT Presentation

1 / 4
About This Presentation
Title:

Secure storage follow up, discussion summary

Description:

How to Manage Persistent State in DRM Systems. William Shapiro and Radek ... Boot time applications. until switch point. including BitLocker. Windows Vista OS ... – PowerPoint PPT presentation

Number of Views:9
Avg rating:3.0/5.0
Slides: 5
Provided by: pet1168
Category:

less

Transcript and Presenter's Notes

Title: Secure storage follow up, discussion summary


1
Secure storagefollow up, discussion summary
Papers AES-CBC Elephant diffuser A Disk
Encryption Algorithm for Windows Vista Niels
Ferguson, Microsoft, niels_at_microsoft.com August
2006 How to Manage Persistent State in DRM
Systems William Shapiro and Radek
Vingralek August 2001 Presentation by Petri Yllö
27.4.2007
2
BitLocker- The red area is encrypted
Typically one local NTFS hard disk insidea
laptop devided in two logical partitions
MBR
System volume 1,5 GB
Third local logical volume ( on the first
or second HD ) Drive D
Logical volume on network file server Drive F
Boot time applications until switch
point including BitLocker
(logical volume 1)
Windows Vista OS
Operating system volume
Applications
(logical volume 2 )
Encrypted drive C
User data
3
BitLocker -partial reply attack
  • Replace some encrypted sectors with old versions
    of those sectors
  • If encryption key and sector number are not
    changed decryption produces original plaintext
    (old version)
  • Not relevant in defined target context protect
    data on a lost laptops HD
  • Attacker has to get access to the data on the
    hard disk of the same computer at some time
    before the attack. If he has at that time
    temporary access through granted authorization or
    some vulnerability he can make offline copies of
    relevant encrypted sectors in order to get the
    same access in the future to the new data on the
    HD. Alternatively he could install a traditional
    rootkit at the time he has authorized access.
  • In most cases difficult to replace applications
    with older (vulnerable) versions because size and
    location of files may have been changed
  • Could be practically used to replay some smaller
    items, e.g. passwords, configuration parameters
    or application data if carefully planned.

4
TDB protection of data on the stable storage
  • Integrity of the Commit chunk proved with a
    digital signature. Secret key from ROM is used
  • Replay attack is prevented by one-way counter in
    the commit chunk. Counter is compared to
    persistent memory counter
  • Log entries after checkpoint are protected with
    chain of hash values starting from the commit
    chunk (secure log)
  • Log entry at the checkpoint contains a hash value
    for the root of the location map
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure storage follow up, discussion summary" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!