Computer Scientists at Princeton University have shown some very easy and creative methods to hack

cryptographic key material with physical access to an encrypted

machine. Watch the video embedded below to find out how existing

technology is really vulnerable against Cold Boot Attacks on Encryption Keys.

 

 

All you need is a Duster spray can, if that, to cool the DRAM and extract the keys. The paper published

along with the video clearly outlines techniques for finding keys

residing in memory.The really cool part is that this technique doesn't

really hack into the encryption directly. Rather, it depends on

scanning the encryption keys by accessing the contents of the RAM and

then extracting the data either by directly tampering with the RAM or

by simply booting the computer from a USB drive. You can also read the

industry response and more details on these findings in the news.com article.

 

 

It is not all bad news ... Intel is planning on releasing a

technology code named “Danbury” which drastically reduces exposure to

the Cold boot attacks. Please note that Danbury technology will be part of the Intel vPro processor technology to be released later this year. Danbury uses dedicated platform hardware to

provide full disk encryption and the actual data encryption keys are

not kept in the DRAM. Although, Intermediate, or ‘wrapping’, keys used

to unlock data encryption keys are stored in DRAM temporarily,

when the user is physically present or while remote IT operation has

control of the platform. These keys are subsequently deleted once no

longer needed, thus reducing the exposure significantly.

 

 

I am also very happy to announce that Danbury SDK that can leveraged

by software vendors to enhance encryption software will be made on the manageability developer community

later this year. If you are interested to find out more about this

technology or are interested in developing encryption software using

this technology then feel free to leave a comment on this post.