Cold Boot Attack Utilities Released At HOPE Conference 113
An anonymous reader writes "Jacob Appelbaum, one of the security researchers who worked on the cold boot attacks to recover encryption keys from memory even after reboot, has announced the release of the complete source code for the utilities at The Last HOPE in New York City. The hope (obligatory pun) is that the release of these tools will help to improve awareness of this attack vector and enable the development of countermeasures and mitigation techniques in both software and hardware. The full research paper (PDF) is also available."
Yup (Score:2, Interesting)
I was there in the room when they released this attack. It was really an interesting idea of taking the memory out before decay happens and putting into another box to read stuff off of it. Of Course Physical security of a machine will solve this problem but it is a very interesting attack.
There are some ways to minimize the problem (Score:5, Interesting)
The purpose of full disk encryption (or system encryption in TrueCrypt is), in my opinion, not meant as a "one password to protect everything". It's just an extra measure to secure temporary files, the swap file and other tracks the OS and applications may spread around. You should still encrypt your really secret files separately, and use basic precautions such as secure file erasure when you've used them.
That said, I still don't think this attack is so important. If you have the file system mounted, and an attacker gains access to your computer, the files are already there!
Re:Tamper proof case, anyone? (Score:2, Interesting)
Re:There are some ways to minimize the problem (Score:3, Interesting)
The whole point of this is unclean shutdown. How is your computer going to overwrite the keys in memory when someone pulls the plug?
Sometimes the mere presence of a file, encrypted or not, is "incriminating" enough. Ask Kevin Mitnick about NSA.TXT on a floppy he had - it was a listing of a host with the registered users at the National Computer Security Archive, and that got quickly spun to "having compromised the security of the NSA".
Sometimes you want to hid the existence of information, not just the information.
Capturing machines with full disk encryption (Score:5, Interesting)
Here's the existing approach to this problem.
Re:Tamper proof case, anyone? (Score:2, Interesting)
A lot of the new 'cool' law enforcement devices are USB, for easy access and easy reading of the computer. Imagine a computer that has three in-use USB ports and one open slot, and plugging a device into the open slot (or plugging a new device in by removing an existing one without disabling the security feature) would cause the computer to fry itself.
Is it foolproof? No, but it'd be a start.
Re:Memory wiper? (Score:2, Interesting)
Re:Yup (Score:1, Interesting)
With multicore processors, it might be feasible to keep the key in a CPU register and not in RAM at all times.