|
Posted by Rick Merrill on February 23, 2008, 9:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Monty Solomon wrote:
> New Research Result: Cold Boot Attacks on Disk Encryption
> February 21st, 2008 by Ed Felten
>
> Today eight colleagues and I are releasing a significant new research
> result. We show that disk encryption, the standard approach to
> protecting sensitive data on laptops, can be defeated by relatively
> simple methods. We demonstrate our methods by using them to defeat
> three popular disk encryption products: BitLocker, which comes with
> Windows Vista; FileVault, which comes with MacOS X; and dm-crypt,
> which is used with Linux. The research team includes J. Alex
> Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William
> Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and
> Edward W. Felten.
>
> Our site has links to the paper, an explanatory video, and other
> materials.
>
> The root of the problem lies in an unexpected property of today's
> DRAM memories. DRAMs are the main memory chips used to store data
> while the system is running. Virtually everybody, including experts,
> will tell you that DRAM contents are lost when you turn off the
> power. But this isn't so. Our research shows that data in DRAM
> actually fades out gradually over a period of seconds to minutes,
> enabling an attacker to read the full contents of memory by cutting
> power and then rebooting into a malicious operating system.
>
> ...
>
> http://www.freedom-to-tinker.com/?p=1257
>
The problem is that a reboot does NOT turn off the memory, and on
a few systems the POST code is not even fully run.
So if your encryption key is in the DRAM - kiss it goodbye!
|