Thursday, July 31, 2008

[Coding Freak] Source code for "Cold Boot" attack on Encryption Keys revealed

Coding Freak

Source code for "Cold Boot" attack on Encryption Keys revealed

Posted: 22 Jul 2008 10:59 PM CDT

There is a Popular belief among us

Data stored in a computer's RAM chips is lost when the system power is down


Contrary to popular assumption, DRAM's used in most modern computers retain their contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard.

So a group of researchers published a paper detailing how their team hacked into and recovered data from a group of supposedly secure laptops using the cold boot attack on DRAM. Check out the paper at this link. They are able to substantially extended the dissipation period by cooling the DIMMs - repeatedly spraying the DIMMs with inverted cans of air resulted in just one percent of data degrading after 10 minutes.

We demonstrate this risk by defeating several popular disk encryption systems,including BitLocker, TrueCrypt, and FileVault, and we expect many similar products are also vulnerable.


The team successfully demonstrated that by removing a DIMM from one computer and transporting it to a second unit, boot that unit using a specially designed microkernel, and then successfully dumping all data on the RAM chip to physical disk. The amount of bad (decayed) data depended on both the time a DIMM spent unpowered and the temperature at which it was kept, but the group was able to successfully reconstruct 128-bit AES encryption keys within seconds, even if 10 percent of the key had already decayed out of memory.

The nature of the attack requires physical access to the system. Once the physical access has been obtained, the hack itself can be performed in mere minutes.

Youtube Link

Checkout the video on dissipation period of the DRAM chips

Youtube Link

Checkout the official site: http://citp.princeton.edu/memory/

Checkout the Source Code at http://citp.princeton.edu/memory/code


www.codingfreak.blogspot.com



--
AKIRA


This message has been posted on HMGoogleGroup by: Akira
Goto Message, Contact Author, Discuss...

0 comments: