By John Leyden
19th January 2009
Security researchers have developed prototype countermeasures to defend
against the recently developed cold boot crypto attack.
Cold boot is a technique for snatching cryptographic keys from memory,
creating a means to circumvent disk encryption. A targeted machine
that's been left hibernating would be turned off and quickly rebooted
using an external hard drive, loaded with customised software, in order
to extract encryption keys stored in memory.
The technique works because DRAM circuits used in modern PCs retain data
for a short time after they are powered down, contrary to popular
opinion. Cold boot attacks are of potential interest to both hackers and
computer forensics experts.
Crypto boffins are on the way to defending against the attack. By saving
cryptographic keys in CPU cache, instead of potentially vulnerable DRAM,
the attack can potentially be frustrated.
"By switching the cache into a special mode one can force that data
remains in the cache and is not written to the backing RAM locations,"
write the security researchers behind the Frozen Cache blog. "Thus, the
encryption key can't be extracted from RAM. This technique is actually
not new: LinuxBIOS/CoreBoot calls this Cache-as-RAM. They use it to
allow "RAM access", even before the memory controller is initialized."
Please help InfoSecNews.org with a donation!