wrt Cold Boot Attacks on Disk Encryption

Jacob Appelbaum jacob at appelbaum.net
Sat Mar 15 17:05:36 EDT 2008 

Ken Buchanan wrote:
> A lot of people seem to agree with what Declan McCullagh writes here:
> 
>> It's going to make us rethink how we handle laptops in sleep mode and servers that use
>> encrypted filesystems (a mail server, for instance).
> 
> What I'd like to know is why people weren't already rethinking this
> when people like Maximillian Dornseif
> (http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf)
> and later Adam Boileau
> (http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf)
> showed you can read arbitrary RAM from a machine just by plugging into
> a FireWire port, due to lack of security considerations in the IEEE
> 1394 standard?
> 

I think that it's clear that people were shocked when Max released his
work. Many people may discount the work if they (say like many
Thinkpads) do not have at IEEE 1394 port. This is of course not going to
stop someone from inserting a cardbus card. Furthermore, I think Max
didn't manage to demonstrate a contradiction to a commonly held thought.

I'm sure it was no surprise to FreeBSD kernel developers that you could
use Firewire to read kernel memory structures using DMA.

> Adam Boileau demonstrated finding passwords, but of course we already
> know that it's easy to locate cryptographic keys in large volumes of
> data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html).
> 
> Reading cold DRAM may have some applications on its own -- if only
> because of the large number of devices that it effects -- but as far
> as walking up to a locked machine/hibernated laptop/whatever and
> stealing its RAM contents, the game may have been up some time ago.
> 

I think the most important aspect of this work is that by using
redundant (all Hail Nadia Heninger) keying information in memory we can
recover and make a pretty good confirmation. This means we don't have to
do reverse engineering to find keys and we can correct for errors.

Our keyfinder could be used with firewire and I think it stands on its own.

Regards,
Jacob Appelbaum

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list