Re: Memory location of the encryption key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Feb 14, 2011 at 02:03:01PM +0100, Peter wrote:
> Hey!
> 
> I've been reading Gutmann's paper on data remanence, which says that if
> some data is kept in the same memory location for very little time (1
> second), the possibility for recovery of this data is very low, because
> the data had not yet had the time to change the relevant physical
> properties used in cold boot attacks. My question is, does dm-crypt change
> the memory location of encryption key every second? Does dm-crypt rewrite
> the memory location of the key when removing an active mapping? What other
> cold boot attack mitigation techniques the dm-crypt does?

I think there is some confusion: A cold-boot attack uses
the fact that many DRAM memory cells retain their state for seconds
or minutes after power is removed. The thing with memory cells
attenuating to what was stored in them over time is something
different.  

Complementing memory contents does not help against cold-boot 
attacks at all. It does help against the memory cells attenuating 
to their contents. Also note that the attenuation problem is 
typical for SRAM, while cold-boot attacks typically target DRAM. 
Also note that detectione memory attenuation can be quite difficult 
and may require you to take the memory chip through a large
number of measurements over different environmental conditions.

Finally, cold-boot attacks are used against PCs and similar
systems, while attenuation attacks are done against key-storage 
devices, like SRAM or FLASH-memory in chipcards.

This is not the whole story, of course.
 
There is basically nothing you can do against cold-boot attacks,
except overwrite memory contents in time. That requires attack
detection.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux