* Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote: > markus reichelt wrote: > > * Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote: > > > >> We did run our attacks on loop-aes and we did find keying > >> material. We actually found a very large amount of keying > >> material. We didn't bother to implement a decryption utility > >> with the keys found it memory, it would be trivial to do so > >> though. > > > > So ... drop your pants, give more details. > > > > Pretty please :) > > > > Oh Markus! Always asking to catch people with their pants down. :-) Yes, it's my fav sports after a pub crawl following a soccer evening ;-) Seriously, as I'm reading the paper, I'll write down any (most) thoughts in here (and leave out as much tech talk as possible). The booting procedure largely depends on one's setup, obviously, and it is easy to figure it out before the attack. So if USB/PXE are disabled in BIOS one goes for CD boot but if that's disabled as well and the PC only boots from HDD, the system itself is (from a loop-AES user's point-of-view) best booted from HDD with the key residing on a CD/USB media. Also, the longer the key the better, as it increases the chance of flipping bits in the original attack and may complicate reconstruction. Not by much, and I'd rate it utterly neglectible compared to denying direct access to the machine. Concerning section "6.1 Identifying AES keys", and the keyfinder programme: Have you developped it using a genuine memory-image of an attack or did you use an emulator, like QEMU, in which an encryption scheme was operating and you just used an emulator memory-dump? And it's obvious that the technique works no matter which encryption scheme. Concerning section 8 "Countermeasures and their Limitations", at first glance "key expansion" would be my choice. And I would hate to see TPMs doing the trick as TPM is something I will refuse to use at all. "Architectural changes", concerning the routine encryption of memory contents, isn't it already done by some gaming console already? I don't remember exactly, I guess I heard a talk at CCC 2007 about hacking xbox and memory encryption was mentioned as a security measure. That said ... I think your attack-scheme can be put to good use for lots of people (using Windows). If the machine crashes one just invokes a memory dump and looks for one's data there. Back in my Windows days total system crashes happened far too often. So far, it's more of a James Bond scenario (you should contact their writers :-), but one that actually works and isn't just fancy special effects and all that. -- left blank, right bald
Attachment:
pgpdf7gwoQR1B.pgp
Description: PGP signature
