Computer Scientists at Princeton University have shown some very easy and creative methods to hack
cryptographic key material with physical access to an encrypted
machine. Watch the video embedded below to find out how existing
technology is really vulnerable against Cold Boot Attacks on Encryption Keys.
All you need is a Duster spray can, if that, to cool the DRAM and extract the keys. The paper published
along with the video clearly outlines techniques for finding keys
residing in memory.The really cool part is that this technique doesn't
really hack into the encryption directly. Rather, it depends on
scanning the encryption keys by accessing the contents of the RAM and
then extracting the data either by directly tampering with the RAM or
by simply booting the computer from a USB drive. You can also read the
industry response and more details on these findings in the news.com article.
It is not all bad news ... Intel is planning on releasing a
technology code named “Danbury” which drastically reduces exposure to
the Cold boot attacks. Please note that Danbury technology will be part of the Intel vPro processor technology to be released later this year. Danbury uses dedicated platform hardware to
provide full disk encryption and the actual data encryption keys are
not kept in the DRAM. Although, Intermediate, or ‘wrapping’, keys used
to unlock data encryption keys are stored in DRAM temporarily,
when the user is physically present or while remote IT operation has
control of the platform. These keys are subsequently deleted once no
longer needed, thus reducing the exposure significantly.
I am also very happy to announce that Danbury SDK that can leveraged
by software vendors to enhance encryption software will be made on the manageability developer community
later this year. If you are interested to find out more about this
technology or are interested in developing encryption software using
this technology then feel free to leave a comment on this post.