regarding the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

since Jacob talked about his cold-boot attack stunt at 25C3[1,2] (go
watch his talk, he mentions us but not the super-shy dm-crypt people
:-) and I am still in the process of hacking some loop-AES magic into
the recent Slackware (namely its installer), I wrote a script
regarding the attack and attached it (let's hope the mailinglist
software can cope - else you can get it from [3])


From the upcoming text:


FAQ 28: Is there a defense against the cold-boot attack?

In short, there is not. The only way to be safe is to prevent
physical access to the machine in question.

On the other hand, the attack aims towards aquiring encryption keys.
So why not give the attacker both what he is looking for anyway and
slow him down at the same time? Concerning loop-AES, follow these
guidelines:

- Disable network,USB,CD-ROM booting in BIOS and boot from harddisk
(with the key residing on an external medium)

- Use a different cipher than AES, namely Serpent.

- If you must use the AES cipher, do not use key scrubbing.

- And most importantly, set up as many encrypted loop-devices as
possible.

The attacker does not know about the layout of your system, he is
just looking for encryption keys within a memory image he has
obtained through questionable methods. So by spamming the system RAM
with encryption keys you let the attacker sort it all out and do not
make it deliberatly easy for him by just setting up the few encrypted
loop devices you actually use. Trade memory for time.

While this procedure does not stop the attacker, it surely slows him
down. Maybe this attack is carried out with a relatively short
time-window and this procedure just might buy you the time (or
obscurity) you need - who knows?

In case you know or have a feeling that your system has been
subjected to the cold-boot attack (f.e. at US customs, a friendly
visit of your DHS agent, ...), ditch your current crypto setup and
recreate it from scratch.


You can use this script to set up a number of encrypted loop-devices
automatically on boot, different available ciphers are chosen
somewhat randomly. Feel free to adapt it to your needs.

first adapt the config. then f.e. use

loopsetup.sh 33 setup

in order to set up encrypted loop-devices 33-254 with
aes256,serpent256,twofish256 picked somewhat-randomly

and if you want to detach encrypted loop-devices again use

loopsetup.sh 33 destroy



[1] http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html
[2] http://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2922-en-advanced_memory_forensics_the_cold_boot_attacks.mp4
[3] http://mareichelt.de/pub/mine/loopsetup.sh
-- 
left blank, right bald
loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq

Attachment: pgp9QGy4ZhIOm.pgp
Description: PGP signature


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux