Security researchers have developed prototype countermeasures to defend against the recently developed cold boot crypto attack. Cold boot is a technique for snatching cryptographic keys from memory, creating a means to circumvent disk encryption. A targeted machine that's been left hibernating would be turned off and quickly …
So how would
Disabling booting from anything other than internal hard disk, locking the BIOS with a password be circumvented for cold boot attack?
Getting round BIOS passwords is easy...! There's several methods that your average 14 year old would probably know. I'll leave out the details, it's not hard to find them out if you fancy doing a bit of research.
Open the case, whip out the RAM, stick it in your computer next to it, and use that to extract the keys. Even if you don't have your own computer with you, chilling the ram gives you a window of 20 mins - an hour to get it into a new computer. You can achieve this cooling by using an aerosol, upside soen (Most commonly mentioned in the proof of concepts is a can of compressed air)
Re: So how would
Stick the key-grabbing distro on a sata/ide disk sporting a cable, take the side off the machine, flick power and quickly swap drive cables?
This might be more feasible with two people : one standing by with the drive cable and the other by the power switch.
By removing the RAM modules and putting them in another computer, of course.
Re: So how would
er, fairly easily?
Freeze the RAM chips, pop 'em out (a hammer will get you access, if you haven't got anything more useful) and then pop 'em into another machine to analyse?
Could even make a small RAM copier which would support various RAM module formats and take a copy of the data onto a built in HDD or something. Probably not very hard to do.
You could just lock the door to your office?
Paris - Cold boot? Joke? Anyone?
How about encrypting the key in ram, storing the new encryption key in CPU cache, or using some form of system-id as the encryption key key?
Well thank god
they have a solution to this problem, I was losing sleep at night worrying about this style of attack.
I've solved the problem. I've now electrified my computer case and also filled the insides with barbed wire and thermite....now it wont turn on though :( I wonder why....
Why not just build some extra functionality into the RAM modules that when the power supply to the module sags below a pre-determined voltage, it clears a register in the chip that forces a return of 0x00000000 on any memory that has not been written to since powering-up.
Something along this line would kill these cold boot attacks dead since you can't read the value of a memory address until it's been written to.
The only way I can see to get around this, you would need to supply a constant source of power to the module so it doesn't flag the memory as powered-off, and then you would need to some how provide a DRAM refresh cycle while the RAM is removed from the PC which isn't something you are gunna be able to do quickly and/or easily!
*Grabs his coat and heads to the patent office!
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...