BBtv "Hacker HOWTO": Cold Boot Encryption Attack

Posted on May 11, 2008 9:05 PM |


Xeni visits the offices of the Electronic Frontier Foundation and speaks with Jake Appelbaum and Bill Paul, two of the authors of a security research paper that shows how your computer's memory can be tricked into revealing data you thought was safely encrypted, and out of the reach of others.

One method involves using a can of compressed air to quickly cool the memory chip, but freezing the target isn't the only way to lull it into submission -- Paul shows us how to use an iPod or a USB thumb drive to do the same thing. These methods have been shown to defeat three popular disk encryption products commonly used to protect data on laptops: BitLocker (Windows Vista), FileVault (MacOS X), and dm-crypt (Linux).

Here's the entire text of the report draft, released earlier this year: Lest We Remember: Cold Boot Attacks on Encryption Keys . Authors: J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.

The team plan to research additional software tools and a final version of their report at Usenix Security Symposium in July/August.

Special thanks to Seth Schoen and Peter Eckersley of the EFF.

posted in: hacker howtosecurityxeni jardin
Favorite this!
Send this to a Friend
Older Speed Racer's "photo-anime" hyperreality: John Gaeta interview, part 2.
Newer Kevin Kelly: "Asia Grace," and A Thousand True Fans.

Discussion

Take a look at this
#1 posted by zuzu Author Profile Page, May 12, 2008 1:40 AM

msramdmp is the program in question being used on the iPod (or booting from any USB disk such as a flash drive). Thanks to Jake Appelbaum, Robert Wesley McGrew, et. al. for demonstrating how practicable this attack really is.

Take a look at this
#2 posted by ioerror , May 12, 2008 2:49 AM

zuzu, I assure you that the iPod is not loaded with msramdmp. We wrote all of our own software for these attacks. msramdmp is very limited and bloated for what it can do. It stomps on a ton of memory because it uses SYSLINUX, it doesn't play nice with 64bit, etc, etc.

Everything we've written is from scratch because we care about having the most minimal memory footprint possible.

Take a look at this
#3 posted by Qozmiq , May 12, 2008 10:12 AM

Dolphinporn.com got the best of me (or worst, as you like it) and I had to see if it was real. Warning, under no circumstances should you Google dolphinporn.com, or any wholly owned subsidiary. I warned you.

Take a look at this
#4 posted by zuzu Author Profile Page, May 12, 2008 1:09 PM
zuzu, I assure you that the iPod is not loaded with msramdmp. We wrote all of our own software for these attacks. msramdmp is very limited and bloated for what it can do. It stomps on a ton of memory because it uses SYSLINUX, it doesn't play nice with 64bit, etc, etc.
Ah, sorry about that. I shouldn't have spoken so definitively about a presumption. Thanks for the clarification.

Do you plan on publicly releasing the software with the final report at the Usenix Security Symposium?

Take a look at this
#5 posted by ioerror , May 12, 2008 2:23 PM

We'll release most of the software in the near-ish future.

Take a look at this
#7 posted by Xeni Jardin Author Profile Page, May 12, 2008 10:02 PM

@seanboing, oh, not if you speak dolphin it's not. The wav files of underwater squeaks on that page are downright filthy. There should at least be some age verification link or something! Christ!

Take a look at this
#8 posted by seanboing , May 14, 2008 1:10 PM

Ahh Xeni, you crack me up!

Post a comment

Anonymous