Full disk encryption (FDE) solutions, like AlertBoot, work. If someone tries to force their way into a laptop protected with FDE, chances are he won’t get in.
But, once in a blue moon, I hear (or read) comments from supposed IT professionals who say that encryption in of itself is a joke, or that they can bypass it easily (in 5 minutes or less!), and that, generally, it doesn’t work. I’m not sure where they get this information.
Is it personal experience? (If so, I feel for them. One wonders where they obtained their encryption software that soured them on the entire technological gamut). Is it something they read or saw? (I’m looking in your direction, Hollywood). Are they just trolling?
Research Calls for Technology to Break FDE
A new paper — The Growing Impact of Full Disk Encryption on Digital Forensics (unfortunately, behind a paywall) — has pointed out that, from a law enforcement point of view, full disk encryption used on laptops create insurmountable or costly problems.
In fact, the authors of the paper go on to propose that methods to bypass and break FDE ought to be developed. The proposal is quite amusing: those who develop encryption are always on the lookout to ensure that such methods wont’ work on encrypted data. The revelation of a valid bypass would, naturally, be shared with other forensic experts, which would make it to the radar of encryption specialists, who would develop a countermeasure.
Things would be back to square one, and encryption would be stronger for it. This is why the encryption community tends to welcome news of weaknesses.
This is not to say that there aren’t methods, today, for gleaning data from computers already protected with the likes of laptop encryption. However, to call these methods “breaking encryption” or “bypassing encryption” is misleading since they only work when encryption is technically not active.
For example, one method of gaining access to encrypted data is to acquire an image of live data”: that is, making a full copy of a computer’s entire disk content while the computer is up and running. When it comes to FDE, the only time when it’s protecting your data is when the computer’s off. Encryption is momentarily switched off when you turn on the computer and provide the correct password (if you’re going to work on your computer, you’ve got to be able to see what you’re doing. This requires that encryption be turned off).
So, if a computer is up and running, by definition it means that whatever disk encryption was in place was temporarily deactivated. Obviously, you can’t claim to have bypassed encryption if it’s not being used.
On the other hand, what do these little technicalities matter if your data is available to the “wrong” people due to such methods? After all, the point of encryption is to protect data.
Well, unfortunately, nobody said that FDE was a silver bullet against all data attacks (and if someone did, he was trying to sell you something). This admission, despite being an admission of weakness, goes a long way towards better protecting you.
For example, knowing that full disk encryption only protects your laptop’s contents when the device is in the “off” state, now you know that you should never leave it up and running 24/7 (also a good thing for the environment, supposedly) while you’re away from your desk. I can think of at least one situation where a medical organization had to send out HIPAA breach notices because a doctor had left her computer in that state when someone burglarized her home while she was away.
Also, if you’re in an emergency, you know you can pull the plug out from your computer the moment you hear someone breaking in. That’ll instantly shut down your computer, allowing the full power of FDE to kick in (don’t forget about the batteries).
Long story, short: encryption really works, and it works well. Just be aware that there are certain limitations
Related Articles and Sites: