In section 3 of the journal article, \"A systematic Assessment of the Security o

Question

In section 3 of the journal article, "A systematic Assessment of the Security of Full Disk Encryption", the authors describe three types of attacks against software-based FDE - Direct Memory Access (DMA) attacks, Cold Boot attacks, and Evil Maid attacks. Review the three types of attacks and write a discussion board post describing which of the three you think is the most likely threat. Does your answer differ if you consider college campus users instead of business users? What about government computers and those used by the military?

Need help ASAP please!!

Explanation / Answer

Here we describe three types of attacks against software-based FDE
i.e.,

Now we start discussion about those predominant attacks in briefly.

=======================

DMA attack (Direct Memory Access) :

It's a type of side channel attack in the computer securiity, where the attackers use the high speed transmitting port to sprick the system or connected device,which give access to DMA.

As we know that DMA is connected in many connection, so it allows the transfer of data between itself and the system at very high speed.

The best way to prevent the DMA attacks:-

Example ports that allows DMA connections are Express-card, Fire-wire, Thunder-bolt, PCI.

===========================

Cold Boot Attack:

It's a process of retrieving un authorized access of system encrypted keys when the computer be in idle state. This is due to DRAM chips which retains the data for certain period of time even after system got turned off.

The quantity of time to remains data in the chip set can be easily increased by removing chip from mother board and cooling it by the using of compressed air.
Due to this, attacker will easily gain full access to the encrypted keys whichh allows the user to decrypt easily.

To avoid this attack it is necessary to the chip set are need to be embeded with mother board which make it impossible to remove the chip slot

Evil Maid Attacks:

It's a kind of security exploitation which mainly concentrated on computing devices which has shut down now and left unattended,
It totally depends on the attacker's ability to access the computing machine, without having owners knowledge.

The main purpose of this attack is to do steal and sell the key, otherwise it will change the computing device software rights.

========================

With modern world of security it is easy to make the system physically safe without much hassle.

Yes it's certainly differ for College and business users, since the industrial data are more complex and important than the campus-data, so the security feature will be more secured for business users.

Also the systems used by the Goverment and military are eventually a high level of security since the information highly confedential and important, so it will infuse most of time and money for safe guarding to all the attacks.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.