BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 25d, 20h, 25m | CPU: 21% | MEM: 6100MB of 11089MB used
{The community for beta collectors}

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
 PostPost subject: Lest We Remember: Cold Boot Attacks on Encryption Keys        Posted: Tue Jul 22, 2008 8:51 am 
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12473

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
Lest We Remember: Cold Boot Attacks on Encryption Keys

Quote:
The security researcher who demonstrated the 'cold boot' attack has released the source code for the hack. The attack, first demonstrated in February, uses a set of utilities to lift crypto keys from memory even after a reboot.

A boon for hackers and computer forensics experts alike, the approach created a means to circumvent disk encryption simply by powering off a target machine which has been left hibernating or screen-locked, and quickly re-booting it to an external hard drive loaded with customised software. The attack worked because DRAM chips used by modern computers retain data for seconds or even minutes after being powered down, contrary to popular opinion. Cooling the chips wasn't absolutely necessary but aided the process in some cases.

Once the data is recovered utilities are needed to make sense of the information and perform functions such as correcting errors caused by bit decay.

The approach was pioneered by researchers from the Electronic Frontier Foundation, Princeton University and Wind River. One of the researchers involved in the celebrated hack, Jacob Appelbaum, released source code for the utilities used for it at the Hackers on Planet Earth (HOPE) conference in New York last weekend. It's hoped the release of the utilities will spur the development of countermeasures as well as raising awareness about the risks posed by the original attack.

A research paper on the attack along with explanatory video and code for the utilities can all be found here.


See the video: http://citp.princeton.edu/memory

Source:
http://www.theregister.co.uk/2008/07/21 ... utilities/


It seems we're not as safe as we thought are we...

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject:        Posted: Tue Jul 22, 2008 9:24 am 
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
Wow. I didn't think that was possible. It's a pretty impressive method of attack though. It'll get good results and is fairly simple.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject:        Posted: Tue Jul 22, 2008 4:46 pm 
FTP Access
User avatar
Offline

Joined
Mon Sep 04, 2006 1:45 pm

Posts
732

Location
Norway

Favourite OS
HP keystroke RPL
We should start using non-reversible encryption for our disks. That'll show those government hackers who's the boss!

_________________
Let's sperg about hardware
E6410 - i5-560m, 8GB, WXGA+, NVS 3100M, Samsung SSD 830 128GB, WWAN, 9-cell, E-Port Plus Replicator
Desktop - i5-2500k (4.3 GHz TB), 8 GB, HD6950 2GB, 2x24" 1080p, Samsung SSD 830 128GB + 2 TB stripe, Xonar D2X


Top  Profile  WWW
 PostPost subject:        Posted: Wed Jul 23, 2008 1:37 am 
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
932
Actually, this kind of attack has been known for.... quite a long time. Trying not to be long winded, I owned an MWAVE modem/soundcard back when linux was just starting to get attention. Before there were drivers for winmodems, the solution to getting them to work was loading windows, then quickly powering off the machine and loading linux. Apparently the PnP architecture of linux was able to use the still-resident driver loaded into the memory space to make use of the device. Since then, I dont leave my machine until a few minutes after powered off (at work).


Top  Profile
 PostPost subject:        Posted: Wed Jul 23, 2008 2:02 am 
FTP Access
User avatar
Offline

Joined
Thu Jun 19, 2008 1:02 am

Posts
66

Location
Dundee, UK

Favourite OS
Mac OS X Leopard 10.5.7
This is why you disable all boot devices other than the hdd containing windows/linux/whatever in the bios and set a password!!

Pretty cool attack though I have to say :)
And RentedMule just wow! I will be quoting that in future :D


Top  Profile  WWW
 PostPost subject:        Posted: Thu Jul 24, 2008 7:36 am 
FTP Access
User avatar
Offline

Joined
Fri Sep 01, 2006 10:04 pm

Posts
1022

Location
The Ephemeral between existance and non-existance: AKA "being"

Favourite OS
Rhapsody, BeOS
The reality is that under normal circumstances this threat is comical. Here is what Princeton has to say about their own technique... Note that in many cases even 5% data loss will make the encypted information totally useless...

Code:
Our first tests measured the decay rate of each memory
module under normal operating temperature, which
ranged from 25.5C to 44.1C, depending on the machine
(see Figures 1, 2, and 3). We found that the dimensions
of the decay curves varied considerably between
machines, with the fastest exhibiting complete data loss
in approximately 2.5 seconds and the slowest taking an
average of 35 seconds.


I suppose the best thing to protect yourself from this is to simply make our comptuers difficult to open. Thus, ducktape seems to thrawt this new hacking technique.

_________________
Image
Part Time Troll - HPC Enthusiast - Spelling Master - Old Fart


Top  Profile  WWW
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 




Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS