Re: the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:

> markus reichelt wrote:
> > * Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
> > 
> >> We did run our attacks on loop-aes and we did find keying
> >> material. We actually found a very large amount of keying
> >> material. We didn't bother to implement a decryption utility
> >> with the keys found it memory, it would be trivial to do so
> >> though.
> > 
> > So ... drop your pants, give more details.
> > 
> > Pretty please :)
> > 
> 
> Oh Markus! Always asking to catch people with their pants down. :-)

Yes, it's my fav sports after a pub crawl following a soccer evening
;-)



Seriously, as I'm reading the paper, I'll write down any (most)
thoughts in here (and leave out as much tech talk as possible).

The booting procedure largely depends on one's setup, obviously, and
it is easy to figure it out before the attack. So if USB/PXE are
disabled in BIOS one goes for CD boot but if that's disabled as well
and the PC only boots from HDD, the system itself is (from a loop-AES
user's point-of-view) best booted from HDD with the key residing on
a CD/USB media.

Also, the longer the key the better, as it increases the chance of
flipping bits in the original attack and may complicate
reconstruction. Not by much, and I'd rate it utterly neglectible
compared to denying direct access to the machine.

Concerning section "6.1 Identifying AES keys", and the keyfinder
programme: Have you developped it using a genuine memory-image of an
attack or did you use an emulator, like QEMU, in which an encryption
scheme was operating and you just used an emulator memory-dump?

And it's obvious that the technique works no matter which encryption
scheme. Concerning section 8 "Countermeasures and their Limitations",
at first glance "key expansion" would be my choice. And I would hate
to see TPMs doing the trick as TPM is something I will refuse to use
at all. "Architectural changes", concerning the routine encryption of
memory contents, isn't it already done by some gaming console
already? I don't remember exactly, I guess I heard a talk at CCC 2007
about hacking xbox and memory encryption was mentioned as a security
measure.


That said ... I think your attack-scheme can be put to good use for
lots of people (using Windows). If the machine crashes one just
invokes a memory dump and looks for one's data there. Back in my
Windows days total system crashes happened far too often.


So far, it's more of a James Bond scenario (you should contact their
writers :-), but one that actually works and isn't just fancy special
effects and all that. 


-- 
left blank, right bald

Attachment: pgpdf7gwoQR1B.pgp
Description: PGP signature


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux