cold boot attacks on disk encryption

Bill Frantz frantz at pwpconsult.com
Thu Feb 21 15:41:49 EST 2008


perry at piermont.com (Perry E. Metzger) on Thursday, February 21, 2008 wrote:

>
>Ed Felten blogs on his latest research:
>
>http://www.freedom-to-tinker.com/?p=1257
>
>Excerpt:
>
>    Today eight colleagues and I are releasing a significant new
>    research result. We show that disk encryption, the standard
>    approach to protecting sensitive data on laptops, can be defeated
>    by relatively simple methods. We demonstrate our methods by using
>    them to defeat three popular disk encryption products: BitLocker,
>    which comes with Windows Vista; FileVault, which comes with MacOS
>    X; and dm-crypt, which is used with Linux.
>
>More info: http://citp.princeton.edu/memory
>
>Paper: http://citp.princeton.edu.nyud.net/pub/coldboot.pdf

Their key recovery technique gets a lot of mileage from using the
computed key schedule for each round of AES or DES to provide
redundant copies of the bits of the key.  If the computer cleared
the key schedule storage, while keeping the key itself when the
system is in sleep mode, or when the screen-saver password mode
kicks in, this attack would be less possible.

If, in addition, the key was kept XORed with the secure hash of a
large block of random memory, as suggested in their countermeasures
section, their attacks would be considerably more difficult.

These seem to be simple, low overhead countermeasures that provide
value for machines like laptops in transit.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | The first thing you need when  | Periwinkle
(408)356-8506      | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, CA 95032

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list