[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption
Mark Cohen
markc at binaryfaith.com
Tue Mar 4 17:42:14 UTC 2008
Check this out:
http://www.hackaday.com/2008/03/03/bootable-usb-ram-capture/
-Mark
On Feb 21, 2008, at 8:16 PM, Kristian Erik Hermansen wrote:
> On Thu, Feb 21, 2008 at 9:53 AM, Jacob Appelbaum
> <jacob at appelbaum.net> wrote:
>> Abstract:
>> Contrary to popular assumption, DRAMs used in most modern computers
>> retain their contents for seconds to minutes after power is lost,
>> even
>> at operating temperatures and even if removed from a motherboard.
>> Although DRAMs become less reliable when they are not refreshed, they
>> are not immediately erased, and their contents persist sufficiently
>> for
>> malicious (or forensic) acquisition of usable full-system memory
>> images.
>> We show that this phenomenon limits the ability of an operating
>> system
>> to protect cryptographic key material from an attacker with physical
>> access. We use cold reboots to mount attacks on popular disk
>> encryption
>> systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no
>> special devices or materials. We experimentally characterize the
>> extent
>> and predictability of memory remanence and report that remanence
>> times
>> can be increased dramatically with simple techniques. We offer new
>> algorithms for finding cryptographic keys in memory images and for
>> correcting errors caused by bit decay. Though we discuss several
>> strategies for partially mitigating these risks, we know of no simple
>> remedy that would eliminate them.
>>
>> A good intro is on Ed Feltens blog:
>> http://www.freedom-to-tinker.com/?p=1257
>>
>> Our full paper, with a nice video and photos is here:
>> http://citp.princeton.edu/memory/
>>
>> If you'd like to test your system, I think we can arrange something
>> at
>> the next Noisebridge meeting!
>
> Now this is *real* hacking. Excellent stuff :-) Looking forward to
> testing it out...
> --
> Kristian Erik Hermansen
> --
> "It has been just so in all my inventions. The first step is an
> intuition--and comes with a burst, then difficulties arise. This thing
> gives out and then that--'Bugs'--as such little faults and
> difficulties are called--show themselves and months of anxious
> watching, study and labor are requisite before commercial success--or
> failure--is certainly reached" -- Thomas Edison in a letter to
> Theodore Puskas on November 18, 1878
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
More information about the Noisebridge-discuss
mailing list