Error opening template: advertisement/zones/468x60_generic.tplError opening template: advertisement/zones/728x90_leaderboard.tplError opening template: advertisement/zones/728x90_bottom_ad.tplError opening template: advertisement/zones/300x250_right_ros_up.tplError opening template: advertisement/zones/300x250_right_ros_down.tplError opening template: advertisement/zones/160x600_left_nav.tplError opening template: advertisement/zones/160x600_right_nav.tpl How Reliable is Data Encryption Software?

How Reliable is Data Encryption Software?

As it turns out, conventional data encryption software just might not be as secure as once perceived. Newly released research has revealed that the security settings of both Microsoft's BitLocker and Apple's File Vault can be easily bypassed, giving crackers access to a user's personal information. The published paper clearly illustrated how such attacks are able to access computer memory and scan the encryption keys used to encode data.

Memory modules can retain data for any given period of time from seconds to minutes. This allows cryptographic keys to be retrieved even when they have been removed from the computer's motherboard. Data encryption software solutions scramble data on protected hard drives and also store the encryption keys in memory. When the computer is sent into Hibernation or Standby mode, the keys are placed in a memory file. While all data in the memory is meant to be automatically deleted when putting the computer to sleep, RAM chips in some machines take longer to completely clear it. This explains how thieves are able to access data that is supposedly protected, taking advantage while the machine is still in sleep mode. They could perform this activity by simply loading the computer from a removable drive or over a network and then scanning the memory for encryption keys. Experts suggest that the only way data encryption software can completely protect a drive is if the machine is shut down entirely, allowing the RAM data to vanish.

Research Conclusions

Some researchers have said that this latest revelation indicates that data encryption software might not be able to protect cryptographic keys from the natural functions of the operating system. Others believe that the answer doesn't lie in software, but hardware solutions. Security experts suggest that consumers should look into buying computers that come with built-in encryption features. They maintain that data encryption hardware is capable of eliminating unauthorized access because none of the keys are actually used on the hard drive, aside from the chip. The only way to crack the encrypted message would be to remove or physically destroy the chip.

The findings regarding the two vulnerable applications are something that could have serious ramifications in the terms of compliance. In a number of states such as California, legislation calls for public companies to disclose details of data security breaches to all individuals who were impacted. The exception is if the compromised data can be verified as encrypted. Data encryption hardware can eliminate the possibility of embarrassment and corporate losses by securely storing cryptographic keys on removable media.

Software in general is known to be vulnerable, many of them containing errors in the source code their based on. Software vulnerabilities give points of entry to both hackers and malicious programs. When considering the facts, it's hard to prove that any form of data encryption software could be sufficient. What makes a good method of defense doesn't always make the best solution. If you're truly concerned about the integrity and confidentiality of your data, you may want to look into hardware-based solutions.


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.