Cold Reboot Attacks on Disk Encryption [LWN.net]

Cold Reboot Attacks on Disk Encryption

Posted Feb 21, 2008 18:43 UTC (Thu) by zlynx (subscriber, #2285)
In reply to: Cold Reboot Attacks on Disk Encryption by cventers
Parent article: Cold Reboot Attacks on Disk Encryption

Use a case-open sensor or five to trigger thermite "heat sinks" (heh) mounted on your hard
disks and RAM.

Physical destruction is the only way to be sure.

(Log in to post comments)

Cold Reboot Attacks on Disk Encryption

Posted Feb 21, 2008 19:28 UTC (Thu) by cventers (subscriber, #31465) [Link]

As long as we're playing that game, what if they splice open the power 
cable and attach their own source so that they can untether it from your 
outlet, then take it back to their lab where they can use ultrasound to 
find the case sensors, then cut around them?

:p

Seriously though, there is often a cost factor in making security 
decisions, and I would like to think that so-called "secure DIMMs" that 
are designed to quickly empty themselves upon power loss become prevalent. 
Extraction could still be possible by carefully applying the right power 
to the right pins while removing the chips, but at least it wouldn't be as 
easy as the attack described in this paper appears to be.

Cold Reboot Attacks on Disk Encryption

Posted Feb 21, 2008 22:36 UTC (Thu) by endecotp (guest, #36428) [Link]

> what if they splice open the power cable and attach their 
> own source so that they can untether it from your outlet, 
> then take it back to their lab

I think you were joking, but that's actually exactly what they do:

http://www.engadget.com/2007/11/06/wiebetech-hotplug-lets...

Cold Reboot Attacks on Disk Encryption

Posted Feb 23, 2008 22:42 UTC (Sat) by macc (subscriber, #510) [Link]

GPS? tilt sensor or one of these little gyro thingies used
for model helicopters? Then moving the box would shut the OS down?

G!
MACC

Cold Reboot Attacks on Disk Encryption

Posted Feb 26, 2008 5:52 UTC (Tue) by njs (subscriber, #40338) [Link]

Naw, don't shut down.  Presumably the real solution is to every n minutes throw away crypto
keys and at the next attempt to access the encrypted data, require the passphrase be
re-entered.  (We assume that attackers can't or won't breach the case to suck things out in
less than n minutes.)  Then if you want to get fancy, you can also add accelerometers to the
list of things that trigger the crypto keys being flushed.

Nagging the user on a timer is somewhat annoying, of course, but should be practical if one
really has secret data (and if you segregate out the actually secret stuff from the everyday
stuff).  It might even be a feature to bug the user occasionally while they have secret data
open, to remind them of this fact -- sort of a modern equivalent to root's "#" prompt.

Cold Reboot Attacks on Disk Encryption

Posted Feb 25, 2008 13:11 UTC (Mon) by forthy (guest, #1525) [Link]

"Intrusion detection" is the key here. Add an acceleration sensor to your case, and make sure to set the thresholds so that any small case movement causes the system to erase its memory and shut down. Optimally screw the case to the wall so that you have to open it to move it, anyway, and no accidental kick with your foot will trigger the sensor. And remember to put trip wires around your door - as typical geek, you are supposed to be lonely (you know all your friends only by their IRC nicks, and all women you know have the jpeg surname ;-), so the likelyhood that someone else trips over your trip wires is extremely small ;-).