Overview
Explore full disk encryption vulnerabilities and defense strategies in this 53-minute conference talk from BSidesLV 2013. Delve into management, forensics, memory verification, and encryption deployment techniques. Examine real-world scenarios, including a two-story family case and breakthrough methods for breaking encryption. Learn about user convenience settings, physical access risks, and the balance between usability and security. Discover best practices for preboot authentication, disabling DMA interfaces and standby modes, password reset policies, and backup strategies. Gain insights on independent verification and engage in a Q&A session to enhance your understanding of full disk encryption security.
Syllabus
Introduction
Overview
Management
Forensics
Memory
Verification
Encryption Deployment
Breaking Encryption
TwoStory Family
The Scenario
The Real Test
Breakthrough
What is the passphrase
User convenience setting
Full disk encryption failure
Physical access
Usability vs security
Preboot authentication
Disable DMA interfaces
Disable standby
Password resets
Backups
Independent Verification
Conclusions
Questions
Taught by
BSidesLV