cold boot attacks on disk encryption
Ali, Saqib
docbook.xml at gmail.com
Thu Feb 21 15:14:45 EST 2008
After thinking about this a bit, i have changed my views on this
attack. i think it is quite easy to perform this attack. i myself have
been in similar situations, where my personal computer could have been
easily compromised by this attack
However, the hardware based encryption solutions like (Seagate FDE)
would easily deter this type of attacks, because in a Seagate FDE
drive the decryption key never gets to the DRAM. The keys always
remain in the Trusted ASIC on the drive.
On Thu, Feb 21, 2008 at 11:51 AM, Perry E. Metzger <perry at piermont.com> wrote:
>
> "Ali, Saqib" <docbook.xml at gmail.com> writes:
> > This methods requires the computer to be "recently" turned-on and unlocked.
>
> No, it just requires that the computer was recently turned on. It need
> not have been "unlocked" -- it jut needed to have keying material in RAM.
>
>
> > So the only way it would work is that the victim unlocks the disks
> > i.e. enter their preboot password and turn off the computer and
> > "immediately" handover (conveniently) the computer to the attacker so
> > that the attacker remove the DRAM chip and store in nitrogen.
>
> LN2 is pretty trivial to get your hands on, and will remain happy and
> liquid in an ordinary thermos for quite some hours or longer. However,
> the authors point out that canned air works fine, too.
>
>
> > And the attacker has to do all this in less then 2 seconds.... :)
>
> No, they may even have minutes depending on the RAM you have.
>
>
> > Or am I missing something?
>
> People readily assume that rebooting or turning off a computer wipes
> RAM. It doesn't. This is just more evidence that it is bad
> to assume that the contents of RAM are gone even if you turn off the
> machine.
>
> Perry
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list