Re: the cold-boot attack - a paper tiger?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Fri, 23 May 2008 07:57:11 -0700 (PDT)
schrieb Phil <philtickle200@xxxxxxxxx>:

> To clarify: My understanding of key scrubbing in
> loop-aes is it is designed to prevent burn in as
> described in the Guttmann paper, which has not yet
> been shown to be a practical threat at any rate.
> Unlike the so-called "cold boot" attack, which can be
> defeated if keys in memory are overwritten after use. 

Yes, the authors also clearify this point at
http://citp.princeton.edu/memory/faq/
--
Q. Isn’t this the same as burn-in effects noticed by Gutmann? Can’t
encryption programs rotate keys to get around this?

A. Gutmann notes that data written to RAM for extended periods may
become “burned in,” allowing it to be easily recovered later. We
describe a different effect: data written even momentarily to RAM
persists for a non-trivial period of time. We exclusively rely on the
latter effect to recover data. This allows us to recover keys even if,
following Gutmann’s advice, those keys are stored only briefly at any
single location within RAM.
--

And there is even a section about loop-AES in their paper (§ 7.5)
http://citp.princeton.edu/pub/coldboot.pdf
--
[...]
Loop-AES attempts to guard against the long-term memory burn-in effects
described by Gutmann [25] and others. For each of the 65 AES keys, it
maintains two copies of the key schedule in memory, one normal copy and
one with each bit inverted. It periodically swaps these copies,
ensuring that every memory cell stores a 0 bit for as much time as it
stores a 1 bit. Not only does this fail to prevent the memory remanence
attacks that we describe here, but it also makes it easier to identify
which keys belong to Loop-AES and to recover the keys in the presense
of memory errors [...] 
--

so keyscrubbing can even help the attackers ;)

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/



[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux