Friday, February 22

Cold Boot Attacks on Encryption Keys

The EFF posted this article about a new found vulnerability in what they refer to as Popular Disk Encryption Technologies. After reading the details, it seems more like a vulnerability in File Encryption technologies -- these are the technologies that require a user to enter a password in order to encrypt or decrypt files and folders on the file system. The difference in my view is that the term Disk Encryption is usually used to refer to products that encrypt or protect the entire disk when it's shut down. This is important, though. File encryption is particularly important in shared use scenarios where you want to protect files or data from people who have physical access to your machine. What this tells us is that even if you log out or put the computer in sleep mode, someone can come along and run software to get the data that is stored in RAM which may include your encryption key (password). What they didn't say is whether other types of passwords or credential information is also stored in RAM. It's another argument for two-factor authentication where a password alone wouldn't be enough to carry out an attack on the data. At least, how I read it is that the password is what could be stored in RAM and not necessarily the protected data.

1 comment:

akale said...

Their intentions for this experiment were to extract encryption keys, and based on the video demonstration, they have tools built specifically for key retrieval. However, during the process, you notice that they dump the entire contents of the DRAM module to the USB disk which enables the attacker to search the saved content for other types of data.