RE: regarding the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anders is right, filling the memory with 0s once the shut down procedure
starts is only to keep away the rookies. A professional cold boot attack
would be cooling down the DRAMS, power off the machine, putting the DRAMS in
the other computer and booting with the imaging tool.

However, my question is what Markus wrote, why do you suggest Serpent
instead of AES cipher?

Regards,
Viktor

-----Original Message-----
From: linux-crypto-bounce@xxxxxxxxxxxx
[mailto:linux-crypto-bounce@xxxxxxxxxxxx] On Behalf Of Anders Andersson
Sent: Monday, January 05, 2009 2:56 AM
To: Nicholas
Cc: linux-crypto@xxxxxxxxxxxx
Subject: Re: regarding the cold-boot attack

Well, you missed checking what "cold boot" means, for example. Quoting
from Wikipedia:

"A hard reboot (also known as a cold reboot, cold boot or cold start)
is when power to a computer is cycled (turned off and then on) or a
special reset signal to the processor is triggered (from a front panel
switch of some sort). This restarts the computer without first
performing any shut-down procedure."

The last sentence is what's important here.

Kind regards,
Anders


On Sun, Jan 4, 2009 at 8:08 PM, Nicholas <nicholas@xxxxxx> wrote:
> Regarding the Cold Boot attack, it occurred to me that all you would have
> to do to defeat it is rig the linux kernel (or whatever OS you're using)
> to just fill the memory with 0's before shutting down completely (assuming
> a soft shutdown is possible).  I'm not a computer programmer, but I would
> imagine this would solve any problems with keys remaining in memory.  Is
> this a viable option?  Or perhaps I'm missing something?
>
> --Nicholas
>
> On Fri, January 2, 2009 9:00 pm, markus reichelt wrote:
>> Hi,
>>
>> since Jacob talked about his cold-boot attack stunt at 25C3[1,2] (go
>> watch his talk, he mentions us but not the super-shy dm-crypt people
>> :-) and I am still in the process of hacking some loop-AES magic into
>> the recent Slackware (namely its installer), I wrote a script
>> regarding the attack and attached it (let's hope the mailinglist
>> software can cope - else you can get it from [3])
>>
>>
>> From the upcoming text:
>>
>>
>> FAQ 28: Is there a defense against the cold-boot attack?
>>
>> In short, there is not. The only way to be safe is to prevent
>> physical access to the machine in question.
>>
>> On the other hand, the attack aims towards aquiring encryption keys.
>> So why not give the attacker both what he is looking for anyway and
>> slow him down at the same time? Concerning loop-AES, follow these
>> guidelines:
>>
>> - Disable network,USB,CD-ROM booting in BIOS and boot from harddisk
>> (with the key residing on an external medium)
>>
>> - Use a different cipher than AES, namely Serpent.
>>
>> - If you must use the AES cipher, do not use key scrubbing.
>>
>> - And most importantly, set up as many encrypted loop-devices as
>> possible.
>>
>> The attacker does not know about the layout of your system, he is
>> just looking for encryption keys within a memory image he has
>> obtained through questionable methods. So by spamming the system RAM
>> with encryption keys you let the attacker sort it all out and do not
>> make it deliberatly easy for him by just setting up the few encrypted
>> loop devices you actually use. Trade memory for time.
>>
>> While this procedure does not stop the attacker, it surely slows him
>> down. Maybe this attack is carried out with a relatively short
>> time-window and this procedure just might buy you the time (or
>> obscurity) you need - who knows?
>>
>> In case you know or have a feeling that your system has been
>> subjected to the cold-boot attack (f.e. at US customs, a friendly
>> visit of your DHS agent, ...), ditch your current crypto setup and
>> recreate it from scratch.
>>
>>
>> You can use this script to set up a number of encrypted loop-devices
>> automatically on boot, different available ciphers are chosen
>> somewhat randomly. Feel free to adapt it to your needs.
>>
>> first adapt the config. then f.e. use
>>
>> loopsetup.sh 33 setup
>>
>> in order to set up encrypted loop-devices 33-254 with
>> aes256,serpent256,twofish256 picked somewhat-randomly
>>
>> and if you want to detach encrypted loop-devices again use
>>
>> loopsetup.sh 33 destroy
>>
>>
>>
>> [1] http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html
>> [2]
>>
http://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2922-en-advanced_mem
ory_forensics_the_cold_boot_attacks.mp4
>> [3] http://mareichelt.de/pub/mine/loopsetup.sh
>> --
>> left blank, right bald
>> loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq
>
>
>
> -
> Linux-crypto:  cryptography in and on the Linux system
> Archive:       http://mail.nl.linux.org/linux-crypto/
>
>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/



__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3735 (20090104) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3735 (20090104) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux