On Mon, Mar 14, 2011 at 11:16:55PM +0100, Hanno Foest wrote: > On Tue Feb 15 10:54:35 CET 2011, Milan Broz wrote: > > [Cold Boot attacks] > > Moreover, this attacks also include "platform reset" attack when you > > simply reset device and store memory image, because the power was > > still present, there is no memory loss (except few pages for image > > tool). > > Hi, sorry for the late reply... but I've been wondering if these attacks > - rebooting the device into some kind of imaging tool for retrieving the > memory image with the encryption key - can't be prevented by storing > the key in a place in memory where it would be inevitably overwritten by > the contents of the boot media. That would be extremely difficult and relatively easy to circumvent, e.g. by a PCI-E card that reads the memory and stops the boot proccess before any data is loaded. Incidentally, a simple way to kill the generic reset attack is to use a BIOS password and force a memory check. > Obviously this wouldn't stop the kind of attacks where the cooled RAM is > being read in some kind of external device, but it would surely make > attacks more expensive. Indeed. One problem is that it is hard to know where the boot code actually gets loaded to. A second problem is that it is rather small (~100 bytes) and could possibly made smaller. That may be enough to overwrite a key, but not a key-setup, i.e. the cipher with the key configured. Then there is the question of what to do if you have more than one key. The simple way is to just have the BIOS erase the memory, and a memory check does that. Obviously that is not enough. The "memory freezing attack is also not very expensive, say < $1000. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
