Explore the intricacies of full disk encryption in this conference talk that delves into attack vectors and defense strategies. Learn about management and performance implications, data recovery techniques, and the importance of verifying encryption effectiveness. Discover the vulnerabilities associated with physical access, unattended machines, and memory-resident information. Examine real-world scenarios, including stolen encrypted laptops and zero-knowledge attacks. Gain insights into forensic approaches, penetration testing methodologies, and the delicate balance between convenience and security. Understand why encryption failure is rare but not impossible, and how to improve overall system security by addressing external factors and potential weaknesses.
Overview
Syllabus
Attacking & Defending Full Disk Encryption By Tom Kopchak
management
performance implications
data recoveryo
What's Next? memory
Verifying Full Disko Encryption
Trust but Verify
Breaking Encryption Is Hard Look for Weakest Link Think Outside the Box Profit!
Encrypted Laptop STOLEN It's safe, right?
The Solution Forensics Penetration Testing Zero Knowledge vs
Fully Encrypted Administrator Confidence: 100%
Machine Powered Off Full Disk Images Created
Grace period for pre-boot authentication lockout
Downgrade memory Leverage DMA - Exploit OS
Failure of a Encryption? Encryption Did Not Fail! Convenience vs. Security Zero knowledge attack
Understand the Vulnerabilities Physical access Unattended machines Passphrases/decryption keys Memory-resident information
Conclusions FDE is not bulletproof Encryption failure is rare External Factors Understand risks and vulnerabilities, improve where possible
