Lest We Remember: Cold Boot Attacks on Encryption Keys

New news and release discussion.
User avatar
Posts: 12628
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom

Lest We Remember: Cold Boot Attacks on Encryption Keys

Post by Andy »

Lest We Remember: Cold Boot Attacks on Encryption Keys
The security researcher who demonstrated the 'cold boot' attack has released the source code for the hack. The attack, first demonstrated in February, uses a set of utilities to lift crypto keys from memory even after a reboot.

A boon for hackers and computer forensics experts alike, the approach created a means to circumvent disk encryption simply by powering off a target machine which has been left hibernating or screen-locked, and quickly re-booting it to an external hard drive loaded with customised software. The attack worked because DRAM chips used by modern computers retain data for seconds or even minutes after being powered down, contrary to popular opinion. Cooling the chips wasn't absolutely necessary but aided the process in some cases.

Once the data is recovered utilities are needed to make sense of the information and perform functions such as correcting errors caused by bit decay.

The approach was pioneered by researchers from the Electronic Frontier Foundation, Princeton University and Wind River. One of the researchers involved in the celebrated hack, Jacob Appelbaum, released source code for the utilities used for it at the Hackers on Planet Earth (HOPE) conference in New York last weekend. It's hoped the release of the utilities will spur the development of countermeasures as well as raising awareness about the risks posed by the original attack.

A research paper on the attack along with explanatory video and code for the utilities can all be found here.
See the video: http://citp.princeton.edu/memory

http://www.theregister.co.uk/2008/07/21 ... utilities/

It seems we're not as safe as we thought are we...


Post by hounsell »

Wow. I didn't think that was possible. It's a pretty impressive method of attack though. It'll get good results and is fairly simple.

User avatar
FTP Access
Posts: 732
Joined: Mon Sep 04, 2006 1:45 pm
Location: Norway

Post by longview »

We should start using non-reversible encryption for our disks. That'll show those government hackers who's the boss!
Let's sperg about hardware
E6410 - i5-560m, 8GB, WXGA+, NVS 3100M, Samsung SSD 830 128GB, WWAN, 9-cell, E-Port Plus Replicator
Desktop - i5-2500k (4.3 GHz TB), 8 GB, HD6950 2GB, 2x24" 1080p, Samsung SSD 830 128GB + 2 TB stripe, Xonar D2X

Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

Actually, this kind of attack has been known for.... quite a long time. Trying not to be long winded, I owned an MWAVE modem/soundcard back when linux was just starting to get attention. Before there were drivers for winmodems, the solution to getting them to work was loading windows, then quickly powering off the machine and loading linux. Apparently the PnP architecture of linux was able to use the still-resident driver loaded into the memory space to make use of the device. Since then, I dont leave my machine until a few minutes after powered off (at work).

User avatar
FTP Access
Posts: 66
Joined: Thu Jun 19, 2008 1:02 am
Location: Dundee, UK

Post by IainK »

This is why you disable all boot devices other than the hdd containing windows/linux/whatever in the bios and set a password!!

Pretty cool attack though I have to say
And RentedMule just wow! I will be quoting that in future

User avatar
FTP Access
Posts: 1022
Joined: Fri Sep 01, 2006 10:04 pm
Location: The Ephemeral between existance and non-existance: AKA "being"

Post by Frozenport »

The reality is that under normal circumstances this threat is comical. Here is what Princeton has to say about their own technique... Note that in many cases even 5% data loss will make the encypted information totally useless...

Code: Select all

Our first tests measured the decay rate of each memory
module under normal operating temperature, which
ranged from 25.5C to 44.1C, depending on the machine
(see Figures 1, 2, and 3). We found that the dimensions
of the decay curves varied considerably between
machines, with the fastest exhibiting complete data loss
in approximately 2.5 seconds and the slowest taking an
average of 35 seconds.
I suppose the best thing to protect yourself from this is to simply make our comptuers difficult to open. Thus, ducktape seems to thrawt this new hacking technique.
Part Time Troll - HPC Enthusiast - Spelling Master - Old Fart