cold boot attacks on disk encryption
Leichter, Jerry
leichter_jerrold at emc.com
Fri Feb 22 08:38:35 EST 2008
| Their key recovery technique gets a lot of mileage from using the
| computed key schedule for each round of AES or DES to provide
| redundant copies of the bits of the key. If the computer cleared
| the key schedule storage, while keeping the key itself when the
| system is in sleep mode, or when the screen-saver password mode
| kicks in, this attack would be less possible.
We've viewed "screen locked" and "sleep mode" (with forced screen lock
on wake) as equivalent to "off". Clearly that's no longer a tenable
position. Sensitive data in memory must be cleared or encrypted,
with decryption requiring externally-entered information, whenever
the screen is locked or sleep mode initiated. This would actually
make them *safer* than the "off" state, since at least you know
your software can gain control while entering those states!
| If, in addition, the key was kept XORed with the secure hash of a
| large block of random memory, as suggested in their countermeasures
| section, their attacks would be considerably more difficult.
|
| These seem to be simple, low overhead countermeasures that provide
| value for machines like laptops in transit.
I suspect GPS chip sets will become a standard part of laptops
in the future. One can imagine some interesting techniques based
on them. Even now, most laptops have motion sensors (used to
"safe" the disks), which could be used.
I seem to recall some (IBM?) research in which you wore a ring
with an RFID-like chip in it. Move away from your machine for
more than some preset time and it locks. I'm sure we'll see
many similar ideas come into use.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list