[Cryptography] Dark Mail Alliance specs?

Dave Howe davehowe.pentesting at gmail.com
Mon Mar 31 08:31:50 EDT 2014

On 29/03/2014 12:22, Ralf Senderek wrote:
> I very much doubt that. An attacker with physical access reboots my
> server in order to compromise it.

With cloud/virtualization though, that isn't a requirement.

Your attacker gets a snapshot of your machine, disk and memory - your
machine continues running apart from the fraction of a second it takes
for the memory image to be created.  Your provider may do that anyhow
once in a while, if he is migrating virtual machines to save power or
better distribute load, but in this case, the image left behind is retained.

Your attacker then takes a copy of the image to a dedicated vm instance,
that lets him single-step the machine (and its perception of time),
examine files and code in memory, and so forth. the VM may well
recognize that it has lost external heartbeat after a few seconds, but
that few seconds is an age in terms of cpu, and he gets to rewind that
as often as it takes to modify the running code to believe the heartbeat
is still there, give him a working shell as any valid user, and so forth.

The latter is probably beyond *most* attackers - they can take your
memory image and load it as though it was a "suspended" vm, but won't
have access to the hypervisor to the point they can single step - so
their attack on memory will be much more trial-and-error.  But with a
copy of the stock hypervisor and the image, they can probably manage
well enough.

More information about the cryptography mailing list