cold boot attacks on disk encryption

Sherri Davidoff alien at MIT.EDU
Thu Feb 21 17:33:22 EST 2008 

As soon as I heard about this research I had to try it out. My laptop 
(Thinkpad) has an encrypted Truecrypt partition.  I quickly made a 
modified bootable DSL usb memory dumper, powered the machine down, 
waited a minute, dumped memory, and found that I could recover passwords 
from multiple prior reboots. I was able to recover my Truecrypt password 
even if the volume was not mapped at the time of reboot, as well as GPG 
passwords, SSH passwords, etc etc. It was really easy.

During physical pentests, when I grab an encrypted laptop from an 
office, my clients usually respond that the laptop was "encrypted" and 
the data was therefore safe. That's not necessarily true, of course, but 
we don't have the time during these engagements to test out the security 
of the encryption products/implementation, and neither do most attackers.

Now attackers (or customs) just have to grab a live laptop, plug in a 
USB memory dumper and power cycle the system in order to obtain a 
dictionary of likely passwords and potentially recover encryption keys. 
Presumably tools to to accomplish this will soon be found in the wild 
and will become accessible to attackers with even low levels of 
technical skill.

I imagine this will eventually have a big impact on the way 
organizations respond to stolen mobile device incidents. With the 
current technology, if a laptop or mobile device is on when it's stolen, 
companies will need to assume that the data is gone, regardless of 
whether or not encryption products have been deployed.

Anyone familar with the laws in the arena? Are there regulations which 
require reporting only if data on a stolen device is not encrypted?

Sherri



Ali, Saqib wrote:
> interesting paper. but i fail to see how this could be "deadly" (as
> the author puts it) to the disk encryption products.
> 
> This methods requires the computer to be "recently" turned-on and unlocked.
> 
> So the only way it would work is that the victim unlocks the disks
> i.e. enter their preboot password and turn off the computer and
> "immediately" handover (conveniently) the computer to the attacker so
> that the attacker remove the DRAM chip and store in nitrogen. And the
> attacker has to do all this in less then 2 seconds.... :) If the
> attacker is standing right next to the victim, why even let the victim
> turn-off the unlocked computer????
> 
> Or am I missing something?
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list