Use The CPU Cache To Prevent Cold Boot? No.

January 18, 2009 by Eliot 21 Comments

coldboot

Frozen Cache is a blog dedicated to a novel way to prevent cold boot attacks. Last year the cold boot team demonstrated that they could extract encryption keys from a machine’s RAM by placing it in another system (or the same machine by doing a quick reboot). Frozen Cache aims to prevent this by storing the encryption key in the CPU’s cache. It copies the key out of RAM into the CPU’s registers and then zeroes it in RAM. It then freezes the cache and attempts to write the key back to RAM. The key is pushed into the cache, but isn’t written back to RAM.

The first major issue with this is the performance hit. You end up kneecapping the processor when you freeze the cache and the author suggests that you’d only do this when the screen is locked. We asked cold boot team member [Jacob Appelbaum] what he thought of the approach. He pointed out that the current cold boot attack reconstructs the key from the full keyschedule, which according to the Frozen Cache blog, still remains in RAM. They aren’t grabbing the specific key bits, but recreating it from all this redundant information in memory. At best, Frozen Cache is attempting to build a ‘ghetto crypto co-processor’.

We stand by our initial response to the cold boot attacks: It’s going to take a fundamental redesign of RAM before this is solved.

[via Slashdot]

Faster Browsing With RAM Disks

November 20, 2008 by Eliot 70 Comments

esperancedv

A coworker approached us today wondering if they could get a performance boost using Samsung’s newly announced 256GB SSD. Most of their work is done in browser, so we said “no”. They’d only see benefit if they were reading/writing large files. Their system has plenty of RAM, and we decided to take a different approach. By creating a filesystem in RAM, you can read and write files much faster than on a typical hard drive. We decided to put the browser’s file cache into RAM. Continue reading “Faster Browsing With RAM Disks” →

Memristor-based Memory Prototype By 2009

July 11, 2008 by Benjamin Eckel 5 Comments

An article in EETimes suggests that we may see a memristor-based memory prototype in development as soon as 2009. The memristor is claimed by many to be the theorized fourth passive circuit element, linking the fundamental circuit variables of charge and flux. This news may not sound that exciting to most computer geeks, but this new component could usher in a new era of computer memory by forming the basis of RRAM (resistive random-access memory).

Scientists at HP labs have finally confirmed that the memristor behaves as their theories predicted. The reason that the component will work so well for memory is that the process is nonvolatile and the bits themselves will only change after the CPU tells them to. The bits in current DRAM systems slowly fade out and require a refreshment every 50 nanoseconds.

[via /.]

Breaking Disk Encryption With RAM Dumps

February 21, 2008 by Eliot 42 Comments

If you haven’t gotten a chance yet, do watch the video of this attack. It’s does a good job explaining the problem. Full drive encryption stores the key in RAM while the computer is powered on. The RAM’s stored data doesn’t immediately disappear when powered off, but fades over time. To recover the keys, they powered off the computer and booted from a USB disk that created an image of the RAM. You can read more about the attack here.

How can you reduce this threat? You can turn off USB booting and then put a password on the BIOS to prevent the specific activity shown in the video. Also, you can encrypt your rarely used data in a folder on the disk. They could still decrypt the disk, but they won’t get everything. I don’t think this problem will truly be fixed unless there is a fundamental change in hardware design to erase the RAM and even then it would probably only help computers that are powered off, not suspended.

The potential for this attack has always been talked about and I’m glad to see someone pull it off. I’m hoping to see future research into dumping RAM data using a USB/ExpressCard with DMA access.