Re: wrt Cold Boot Attacks on Disk Encryption
A lot of people seem to agree with what Declan McCullagh writes here: It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). What I'd like to know is why people weren't already rethinking this when people like Maximillian Dornseif (http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf) and later Adam Boileau (http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf) showed you can read arbitrary RAM from a machine just by plugging into a FireWire port, due to lack of security considerations in the IEEE 1394 standard? Adam Boileau demonstrated finding passwords, but of course we already know that it's easy to locate cryptographic keys in large volumes of data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html). Reading cold DRAM may have some applications on its own -- if only because of the large number of devices that it effects -- but as far as walking up to a locked machine/hibernated laptop/whatever and stealing its RAM contents, the game may have been up some time ago. - Ken - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: wrt Cold Boot Attacks on Disk Encryption
Ken Buchanan wrote: A lot of people seem to agree with what Declan McCullagh writes here: It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). What I'd like to know is why people weren't already rethinking this when people like Maximillian Dornseif (http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf) and later Adam Boileau (http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf) showed you can read arbitrary RAM from a machine just by plugging into a FireWire port, due to lack of security considerations in the IEEE 1394 standard? I think that it's clear that people were shocked when Max released his work. Many people may discount the work if they (say like many Thinkpads) do not have at IEEE 1394 port. This is of course not going to stop someone from inserting a cardbus card. Furthermore, I think Max didn't manage to demonstrate a contradiction to a commonly held thought. I'm sure it was no surprise to FreeBSD kernel developers that you could use Firewire to read kernel memory structures using DMA. Adam Boileau demonstrated finding passwords, but of course we already know that it's easy to locate cryptographic keys in large volumes of data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html). Reading cold DRAM may have some applications on its own -- if only because of the large number of devices that it effects -- but as far as walking up to a locked machine/hibernated laptop/whatever and stealing its RAM contents, the game may have been up some time ago. I think the most important aspect of this work is that by using redundant (all Hail Nadia Heninger) keying information in memory we can recover and make a pretty good confirmation. This means we don't have to do reverse engineering to find keys and we can correct for errors. Our keyfinder could be used with firewire and I think it stands on its own. Regards, Jacob Appelbaum - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: wrt Cold Boot Attacks on Disk Encryption
On Mon, 25 Feb 2008, Ken Buchanan wrote: Adam Boileau demonstrated finding passwords, but of course we already know that it's easy to locate cryptographic keys in large volumes of data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html). This was implemented (in part by some of my colleagues at Leuven as joint work with Utimaco) as long ago as 2000: KeyGrab TOO The search for keys continues Dirk Janssens, Ronny Bjones, Joris Claessens Citeseer seems to be offline at the moment, but if anyone's interested in reading the paper, I believe I can give you a copy. --Len. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
wrt Cold Boot Attacks on Disk Encryption
From:David Farber [EMAIL PROTECTED] Subject: [IP] Cold Boot Attacks on Disk Encryption -- report on To: ip [EMAIL PROTECTED] Date:Thu, 21 Feb 2008 16:25:43 -0500 Begin forwarded message: From: Declan McCullagh [EMAIL PROTECTED] Date: February 21, 2008 3:57:43 PM EST To: [EMAIL PROTECTED] Cc: Jacob Appelbaum [EMAIL PROTECTED] Subject: Re: [IP] Cold Boot Attacks on Disk Encryption Dave, The paper published today makes some pretty strong claims about the vulnerabilities of Microsoft's BitLocker, Apple's FileVault, TrueCrypt, Linux's dm-crypt subsystem, and similar products. So I put the folks behind it to a test. I gave them my MacBook laptop with FileVault turned on, powered up, encrypted swap enabled, and the screen saver locked. They were in fact able to extract the 128-bit AES key; I've put screen snapshots of their FileVault bypass process here: http://www.news.com/2300-1029_3-6230933-1.html And my article with responses from Microsoft, Apple, and PGP is here: http://www.news.com/8301-13578_3-9876060-38.html Bottom line? This is a very nicely done attack. It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). - -Declan Jacob Appelbaum wrote: With all of the discussions that take place daily about laptop seizures, data breech laws and how crypto can often come to the rescue, I thought the readers of IP might be interested in a research project that was released today. We've been working on this for quite some time and are quite proud of the results. Ed Felten wrote about it on Freedom To Tinker this morning: http://www.freedom-to-tinker.com/?p=1257 - --- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]