Tools like BitLocker - can't access the drive without a PW
. The piece of hardware inside the device that is required for full disk encryption - generates random numbers but also has some hard numbers burned in (persistent memory)
. External hardware device for high end cryptography - can act as an SSL accelerator, and stores all the keys
. Using hardware as your basis of trust, examples being the TPM and HSM and UEFI Bios; very difficult to circumvent
. Bios interface that adds additional security functions
. Built into UEFI Bios to prevent malware infections to firmware and OS - has known good digital signatures built in and looks for them in the software that's booting
. Centralized way to determine if any of the devices on the system have changed - using signatures managed by the devices TPM
. Interference and pulse can be used to determine a devices use - so important to shield against it
. On 2.4GHz frequency so can be listened in - could inject a keylogger - so some makers are now using AES encryption
. Electromagnetic radiation can be used to recreate images seen and also a potential for firmware hacks
. Security vulnerabilities because they communicate over wireless - the manufacturer should build in good security to protect against this
. Alot of potential to be used for reconaissance or to connect to it to retrieve a copy of what was printed on it
. No special authentication - so important to enable encryption if any sensitive data is on it - and it's also an exfiltration risk
. When connected via USB, the OS sees it as an external storage device - so same concerns as removable drives
.
