Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cold Boot Attack Utilities Released At HOPE Conference

Posted by Soulskill on from the shining-a-spotlight dept.

An anonymous reader writes "Jacob Appelbaum, one of the security researchers who worked on the cold boot attacks to recover encryption keys from memory even after reboot, has announced the release of the complete source code for the utilities at The Last HOPE in New York City. The hope (obligatory pun) is that the release of these tools will help to improve awareness of this attack vector and enable the development of countermeasures and mitigation techniques in both software and hardware. The full research paper (PDF) is also available."

3 of 113 comments (clear)

  1. There are some ways to minimize the problem by Psionicist · · Score: 5, Interesting

    The way I see this, you should simply not store keys in memory (that is have your encrypted file system mounted) when you not need access to the files. A correct program will overwrite the keys when the file system is dismounted.

    The purpose of full disk encryption (or system encryption in TrueCrypt is), in my opinion, not meant as a "one password to protect everything". It's just an extra measure to secure temporary files, the swap file and other tracks the OS and applications may spread around. You should still encrypt your really secret files separately, and use basic precautions such as secure file erasure when you've used them.

    That said, I still don't think this attack is so important. If you have the file system mounted, and an attacker gains access to your computer, the files are already there!

    1. Re:There are some ways to minimize the problem by Anonymous Coward · · Score: 3, Interesting

      The whole point of this is unclean shutdown. How is your computer going to overwrite the keys in memory when someone pulls the plug?

      Sometimes the mere presence of a file, encrypted or not, is "incriminating" enough. Ask Kevin Mitnick about NSA.TXT on a floppy he had - it was a listing of a host with the registered users at the National Computer Security Archive, and that got quickly spun to "having compromised the security of the NSA".

      Sometimes you want to hid the existence of information, not just the information.

  2. Capturing machines with full disk encryption by Animats · · Score: 5, Interesting

    Here's the existing approach to this problem.

    1. Send in SWAT team. Stop user from turning off computer.
    2. Bring in HotPlug kit and UPS.
    3. Plug "Mouse Jiggler" into USB port to keep no-activity timeout from causing logout.
    4. Turn on UPS.
    5. Plug HotPlug unit into UPS.
    6. Plug HotPlug unit output plug (a male plug which is a power output) into power strip, or, if necessary, remove wall outlet plate and connect clamp-on connectors to hot wires.
    7. Unplug power strip from line power. HotPlug unit will switch in power from UPS.
    8. Plug power strip into UPS. HotPlug unit will recognize this and deenergize its output plug.
    9. Unplug HotPlug output plug and input plug. Computer is now running entirely on UPS.
    10. Carry computer and UPS to forensics lab before UPS battery runs down.
    11. Plug in UPS to keep battery charged.
    12. Access disk as desired.