I can't resist being a tease. There are four defenses, all substantially different from each other (i.e. they aren't variants of the same idea).
They line up, roughly, with the following attacks: (1) Grabbing a computer shortly after it has been cleanly shutdown and/or hibernated. (2) Yanking the battery from a live/screen-locked system and booting to an alternative device (USB or network). (3) Supercooling the memory to extend the data lifetime, then yanking the battery and moving the memory to a different system. (4) Making key recovery infeasible even in scenarios where the memory can be recovered with 99.9% accuracy. Defending against (1) is pretty easy and our solution there arguably isn't that innovative. Defending against (3) + (4) while keeping the performance impact under 10% took lots of thinking by some very bright people. Have to go pack now; I'll be happy to answer technical questions when I get back. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of SafeBoot Simon > Sent: Monday, August 04, 2008 2:40 PM > To: fde@www.xml-dev.com > Subject: Re: [FDE] software defense for "cold boot" attack? > > Now I'm curious as well, and I know that no amount of knowledge of the > hibernation file is going to help you if its encrypted as Tim > mentions. > > Ill be curious to learn how you can scrub the hard disk key for FDE > during a sleep event It would kind of indicate that automatic > sleep>hibernate may be an issue, as would anything which involved > reading the drive during the wake up process. > > Of course scrubbing file/folder keys during sleep is a well known and > commonly practiced process I cant think of any products which dont > already do this. > > S. > > > On Aug 4, 1:28 pm, "Tim Hollebeek" <[EMAIL PROTECTED]> wrote: > > > In this > > > lecture, I'll explain how we could have access to the undocumented > > > hibernation file. There is no need to act within 2 minutes of > > > shutdown... > > > READ and WRITE access to it. I'll also show how to use this file in > > > defensive and also offensive cases. > > > > I hope you'll include the details of how you accomplish this when the > > hibernation file is on the encrypted portion of the disk. That will > > be the fascinating part. > > > > Let's keep this discussion civil. I know everyone has their own > personal > > agendas, but trashing other bright people's work isn't necessary. > > > > _______________________________________________ > > FDE mailing list > > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde > > _______________________________________________ > FDE mailing list > FDE@www.xml-dev.com > http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
