LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Cold Reboot Attacks on Disk Encryption

Cold Reboot Attacks on Disk Encryption

Posted Feb 21, 2008 17:55 UTC (Thu) by JoeBuck (subscriber, #2330)
Parent article: Cold Reboot Attacks on Disk Encryption

It's not clear that this attack provides much additional capability to either industrial spies or cops.

This attack relies on getting a computer that is still running, so that you can either chill the RAM or immediately transfer the data out. But there are other attacks available in that case. If it's a laptop, you can just take the machine, leaving the power running. Even if not, there is technology available to keep the machine running (saw that on Schneier's blog. If someone has physical access to your machine when it's powered on and the encrypted disk is mounted, they have your data.

As a practical matter, the key can be erased from RAM by an appropriate overwriting sequence (like those used for memory tests) that should suffice to prevent recovery. This could happen on shutdown, and the user could also be given a "panic button".

(Log in to post comments)

Cold Reboot Attacks on Disk Encryption

Posted Feb 21, 2008 18:52 UTC (Thu) by alecs1 (guest, #46699) [Link] 

Two comments about available techonogy(I don't know how usefull):
1.At least in Romania and Germany they have Schuko (http://en.wikipedia.org/wiki/Schuko) as a
standard, the pins are 19 mm and the hole in the socket almost as deep as the lenght of the
pins. Someone would have to chop the plug seriously in order to get to the pins, I tryed right
now, and there is no space to do anything without choping the plug/socket. (these schuko will
get replaced, you need such force to pull them out that many times you also pull the socket
from the wall).
2.Does this represent such an inovation that it will get a patent? I remember powering a
socket like that myself, out of curiosity, this is a trivial idea.

Plug too hard? Jack the cable.

Posted Feb 22, 2008 3:02 UTC (Fri) by midg3t (subscriber, #30998) [Link]

Just remove the plastic sheath from the cable and poke your power source into the live & neutral wires. Unplug machine, profit.

Cold Reboot Attacks on Disk Encryption

Posted Feb 22, 2008 4:20 UTC (Fri) by knobunc (subscriber, #4678) [Link] 

http://www.schneier.com/blog/archives/2008/02/hotplug_1.html has some of the relevant tech
they use for this.  I looked at the site and they have a few suggested methods for hooking in
to the target computer's power:

The Easy: If it is plugged into a power strip, you plug their UPS into the same strip then
pull the plug to mains power.  Take the computer, power strip and UPS off to your lab.  (Same
works if the outlet has 2 sockets, just unplug from the one that the computer is not using and
plug the ups into that then take the outlet with you)

The Harder: If there is no power strip, remove the outlet from the wall (while the computer is
still plugged in).  Attach some special jumper cables to the screws on the back and cut
(physically) the mains power.

The Hardest: Strip the power cord to the computer and attach the UPS wires directly to the
wires inside the cord.

-ben

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.