Most technologies and techniques intended for securing digital data focus on protection while the machine is turned on – mostly by defending against remote attacks. An attacker with physical access to the machine, however, can easily circumvent these defenses by reading out the contents of the storage medium on a different, fully accessible system or even compromise program code on it in order to leak encrypted information. Especially for mobile users, that threat is real. And for those carrying around sensitive data, the risk is most likely high.
This talk will introduce a method of mitigating that particular risk by protecting not only the data through encryption, but also the applications and the operating system from being compromised while the machine is turned off.