Slashdot Mirror

← Back to Stories (view on slashdot.org)

Solution Against Cold Boot Attack In the Making

Posted by kdawson on from the warm-it-by-the-fire dept.

Bubba writes "I just discovered this blog: Frozen Cache. It describes a concept for preventing cold boot attacks by saving the encryption key in the CPU cache. It is claimed that by disabling the CPU cache the key will remain in cache and won't be written to memory. The blog says they're working on a proof-of-concept implementation for Linux. Could this really turn out to be a working solution?" Update: 01/19 20:26 GMT by KD : Jacob Appelbaum, one of the authors of the cold boot attack paper, wrote in with this comment: "It's not a solution. It simply seeks to make it more obscure but an attacker would certainly still be able to pull off the attack. From what is on that blog, there's still a full keyschedule in memory at this time. This is how we reconstruct the key, the redundant information in memory; it's not just the 128/256 bit key itself. For older methods, they needed the actual specific key bits but we don't need them because we recreate them. Basically, the CPU is acting as a ghetto crypto co-processer. Emphasis on ghetto. It's a nice suggestion but the devil is in the details and sadly the details in this case aren't really up to snuff. It's a bogus solution."

10 of 260 comments (clear)

  1. Freeze the CPU by despe666 · · Score: 5, Insightful

    Good idea, until they figure out how to cold boot the CPU as well.

    1. Re:Freeze the CPU by ion.simon.c · · Score: 4, Insightful

      Thus, if the attacker has physical access to your box, you're screwed!

    2. Re:Freeze the CPU by bperkins · · Score: 4, Insightful

      Sorry, flop == flip-flop.

    3. Re:Freeze the CPU by GXTi · · Score: 3, Insightful

      SRAM uses circuits that resemble a flip-flop, e.g. a latch, which would be what GPP was referring to. You are correct though that SRAM preserves state for some time after removing power, again especially at colder temperatures. However, I don't imagine it will be too much trouble, as getting a CPU to dump latent data from its cache after a power cycle is probably quite difficult -- it's small enough and fast enough that I would be surprised if the CPU didn't just zero the entire thing on boot. Certainly you wouldn't be able to get it back out the same way it went in as retrieving cache lines that are not really there would be a bug.

    4. Re:Freeze the CPU by learningtree · · Score: 3, Insightful

      Carefully repowering SRAM can maintain the contents. I have seen SRAM come up with essentially 99% of the contents still intact after the SRAM had been powered down for over a week. I guess that once powered up, the SRAM has a preference to come back the way it was before powerdown. Or perhaps the slight residual voltage kept the SRAM contents intact. (Even though it was probably less than one tenth of a volt.) SRAM draws very little current when the voltages are reduced. Thus the power rails can maintain some small voltage for a very long time. .

      I would really like to see any citation to support your point. If true, this is really an interesting concept.

  2. a hack on a hack by freddy_dreddy · · Score: 3, Insightful

    FTA: "Disabling/freezing" the CPU's cache severely degrades the performance. However, this seems acceptable if one considers that this special mode only needs to be set whenever the screen is locked (all efforts are pretty much worthless if an unlocked laptop is stolen).
    br/>Sounds like a tiny back door fix with a hell of a cat flap in it.

    --
    "Violence is the last refuge of the competent, and, generally, the first refuge of the incompetent" - Thing_1
  3. I don't understand... by Kindaian · · Score: 3, Insightful

    Wasn't the "secure computing" preached by Intel/MS and others a "secure" platform that would solve all the security issues?

    To me seams that it was only a farse to disguise DRM into everyones computers...

    And fail...

  4. Re:Easier by ogl_codemonkey · · Score: 3, Insightful

    Yes, but the benefit of a cold-boot attack is that the data is just there; you don't need to remove the DIMMs and read tiny electrical fields with special machinery; you just read the bytes.

    There is no CPU instruction for *any* architecture that will give you the voltage level of a memory cell.

  5. Re:A safer alternative by Chaos+Incarnate · · Score: 3, Insightful

    The problem with encrypting the key via password is that it requires either storing the password in a reversible fashion (not hashed), which is terrible security, or requiring the user to enter the password before locking the system, which prevents inactivity timers from locking the system.

    --
    Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
  6. Re:Write a summary that's useful, kthx. by freedumb2000 · · Score: 4, Insightful

    Don't be arrogant and put the blame on the reader. It's called journalistic writing and typing a good summary does take a bit of care. Adhering to some basic writing principles, like the inverted pyramid, would go a long way even for a lowly summary writer/story submiter: http://en.wikipedia.org/wiki/Inverted_pyramid