Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Cold Boot Attacks on Encryption Keys



On Fri, Nov 8, 2013 at 10:05 PM, Tom Metro <tmetro+blu at gmail.com> wrote:
> Bill Bogstad wrote:
>> Cold Boot Attacks on Encryption Keys


> But then the scenario starts to get a bit more far fetched. The people
> seizing your server apparently already know or suspect you are using
> full disk encryption, and your data is valuable enough to warrant
> bringing in people skilled enough to hot jumper your machine to a
> portable power source before moving it back to a lab where the RAM can
> be frozen and dumped.

Depending on the size of the computer, they don't need any special
skills to keep the juice going when they move it.    I'm pretty sure
that anyone who reads this mailing list could figure out how to use a
HotPlug (available for less than $600) to do it.

http://www.wiebetech.com/products/HotPlug.php

Apparently,  the "authorities" do this often enough that a commercial
product was developed to make it easy.   A mouse jiggler" is included
so that the password protected screensaver doesn't kick in while the
system is being transported.  Recovering the encryption key from
memory is only needed if the screensaver has a chance to come on.  Of
course, they can do that at their leisure; when an expert has time.

> In any case, as soon as the machine is moved or a cover opened, a trip
> switch cuts power internally. If they weren't expecting this, you've
> increased your chances that all or most of your key will be corrupted by
> the time they get some freon on your RAM.

This definitely makes it tougher.   They have to bring the freon with
them and do everything on-site.  Probably not doable in the middle of
a gun battle at KAOS' headquarters.

BTW, this is getting a little far afield from the circumstance where
the owner of the system deliberately pulls the plug on their system.
The scenario where you are running into the server room to pull the
plug with the good/bad guys right on your tail is probably such that
the key will not be recoverable by the attackers.   Still I thought
that it was worth mentioning that just because power has been removed
doesn't mean that the key is gone.

Bill Bogstad



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org