Hola, les paso un intersante estudio sobre ataques de booteo en frio para obtener claves de encriptación en DRAM.
http://citp.princeton.edu/memory/ De las preguntas frecuentes: Q. What encryption software is vulnerable to these attacks? A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable. Q. What can users do to protect themselves? A. The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers' physical security could be compromised. On most systems, locking the screen or switching to "suspend" or "hibernate" mode does not provide adequate protection. (Exceptions exist; some systems may not be protected even when powered off. Check with the developer of your disk encryption software for further guidance.) Q. Don't we already know that someone with physical access to my computer can steal my data? A. The main purpose of disk encryption is to prevent someone who has physical access to your computer from accessing your data without your key or password. People commonly use these tools with the assumption that they provide substantial protection should their computers be lost or stolen. Unfortunately, we demonstrate that existing disk encryption systems rely on assumptions about computer memory that make them vulnerable to attack under certain common circumstances. Q. Isn't this the same as burn-in effects noticed by Gutmann? Can't encryption programs rotate keys to get around this? A. Gutmann notes that data written to RAM for extended periods may become "burned in," allowing it to be easily recovered later. We describe a different effect: data written even momentarily to RAM persists for a non-trivial period of time. We exclusively rely on the latter effect to recover data. This allows us to recover keys even if, following Gutmann's advice, those keys are stored only briefly at any single location within RAM. Q. Isn't your attack difficult to carry out? Don't you need materials like liquid nitrogen? A. We found that information in most computers' RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — "canned air" spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes. Parece que para proteger las laptops vamos a tener que extraerles los memory chips :P saludos, --p
_______________________________________________ Lugro mailing list [email protected] http://www.lugro.org.ar/mailman/listinfo/lugro
