Is there a way to protect against "Cold Boot Attack" without turning off ur computer?

Lets say I wanted to attack your computer ..
I walk in to your house, you are not home and your computer is up,
with TC-volumes mounted and everything ..
Now, why on Earth would I turn off your computer, open the case and freeze your RAM with liquid nitrogen, remove the RAM from the sockets and mount them in my "cold-boot" attack-machine to extract the encryption-key when I could just image your drives ?

Physical access to a live system equals "game over" . It really is that simple .
There are much more serious threats to be concerned about than "cold-boot" but it does sound kinda sexy .. "Cryogenic computer-attack" ..

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

It's good that someone brought that up. That's the standard thing that experts tell you about a live system.

However, I don't think it's correct. How are you going to image my hard drive if the keyboard and screen are locked out and you have no way to unlock them (or more accurately, there is no known way to unlock them). I've brought this up numerous times, and no one has yet shown me how they would bypass a simple screen/keyboard lock that's made by a reputable company other than Microsoft.

So, in my opinion, preventing cold boot/DMA attacks is an important topic. The simple line "Once someone has access to your live system, the game's over" is a cop-out. If you can enumerate the ways in which a system can be compromised, and plug every potential hole, then you can have a secure, live system.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I No More Than You, so basically you are saying mounted encryption + keyboard / screen lock => secure against all threats except Cold Boot / Memory attacks.

First, is this true? Are there any other vulnerabilities?

and if not, what particular software would you recommend? How would I know that there would be no way to access my live mounted encryption once I turn on the keyboard / screen lock?

Second, is there anything better than keyboard / screen locks?

Third, I still want to look into that potential Alladin Etoken solution....

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

If you turn off autorun and use a good screen/keyboard lock, then I would say you're probably in good shape, except for the cold boot/DMA of course. I know of no other attacks on a live system, though you're still susceptible to all the attacks that an offline system would be susceptible to (e.g. hardware keyloggers)

Study, study, study. Know all the vulnerabilities that people try to exploit. And it doesn't hurt to be paranoid. There's no magic bullet. You just have to know more than your potential attackers.

I remember someone posting something about a hardware device on this forum a while back. I, of course, like the know it all that I am, pointed out that it's still vulnerable to the cold boot attack, and I haven't heard anything since. Maybe someone could post a link to it. I don't even remember what it was called.

You could post a question on the PGP forums.

p.s. I'm just going to warn you not to expect a solution to the cold boot/DMA problem with software system encryption. It would be extremely difficult to prevent. I would go with either the hardware encryption or hibernation options. Just a warning. The outlook doesn't look good for a complete solution any time soon.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Here's the link to the thread I was talking about.

https://www.wilderssecurity.com/showthread.php?t=256545

Here's the link to Predator, which LockBox provided in that thread:

http://www.montpellier-informatique.com/predator/en/index.php

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

http://blog.pgp.com/index.php/2008/02/on-the-cold-boot-attack-on-computer-memory/

Unfortunately it appears dreams are shattered and hopes are crushed. The above quote is from Jon Callas, CTO of PGP, from the link above. Is he cold or what?

@connect4
The best way to learn this stuff is to stick around and answer other peoples' questions on the privacy forums and on the TrueCrypt forums, if you're a member. That's the best way to really expand your knowledge.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Store your sensitive data in a separate volume. Only mount it when needed, and dismount it anytime you step away from your system. As I mentioned earlier, the key will be cleared from RAM.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Me thinks the OP wants to download/torrent or have something else running when away from the computer, hence the reason he or she stressed having the computer running. I ran into the same problem a while ago, but I have no great solution to share.

Neither hibernating nor dismounting solves that problem. Just dismounting will probably be effective for most people, but still, the OS is vulnerable. And any leak of data from the dismounted volume to the OS is still in play (as is any data remnant in RAM of course).

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Well its more about a true encryption solution + the convenience of leaving your computer on. Torrenting / Downloading would only be 1 of the many conveniences of leaving your computer on while it is safely 100% encrypted....

I no more than U:

Thank you for the links. So I think you are correct and there aren't any practical convenient software solutions to safeguard against cold boot attack.


However, I am going to keep my eye out on future solutions, For example:

It would seem that PGP or other companies are currently working on hardware solutions to combat Cold Boot.

http://www.pgp.com/insight/newsroom/cold_boot_attack_response.html
"...Q: Is there a hardware solution to this type of attack?
A: PGP Corporation is willing to work with hardware manufacturers that make CPUs, chipsets, or DRAM to develop ways to solve the issue. This is an attack on the hardware itself, and consequently, a complete solution must include hardware vendors..."

Going back to software solutions:

I don't think any of these are secure as shutting off the computer but I'll post the links any how:

Here on Wikipedia they list some potential software solutions:
http://en.wikipedia.org/wiki/Cold_boot_attack

BitArmor's "Prevent Cold Boot Attacks page:"
http://www.bitarmor.com/prevent-cold-boot-attacks/

TriCryption's method:
http://www.eruces.com/index.php/readaboutmenu/87-cold-boot-attacks-tricryption-mitigations-to-dram-encryption-key-vulnerabilities



Now going back to finding a current solution against Cold Boot Attack / Memory attacks:



We've established that there are no true software solutions to prevent this type of attack.

What about hardware solutions? I am still wondering if there are any hardware solutions that currently exist...

What about hardware encryption? How does Cold Boot stack up against hardware encryption?


I am just wondering how a large multimillion dollar corporation would secure their data with encryption besides physical security. There HAS to be a way....

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I think everyone agrees that hardware encryption thwarts the CBA. With hardware encryption everything takes place on the co-processing chip. Period.

See my post very early in this thread:
https://www.wilderssecurity.com/showpost.php?p=1588918&postcount=5

There are many enterprise solutions utilizing hardware encryption.

 

Some intriguing ideas to consider...

 

And a warning about hardware encryption on disk drives...

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Another quote from Jon Callas (same link I provided earlier):

If hardware encryption is properly implemented it should be immune to the attack, but I personally wouldn't switch to hardware encryption because of this. You're potentially opening up a whole new set of problems regarding implementation flaws, backdoors, and/or all-around incompetence (as some of Pleonasm's posts demonstrate). Plus you can't use hidden volumes with hardware encryption.

Also, keep in mind that hardware encryption may protect the key but all data from your encrypted drive that's still in RAM can be obtained using the cold boot. So, you're protecting the key but some of the data can still be obtained. It's the same problem as with dismounting volumes. Up to several gigabytes of data may be vulnerable, depending on how much RAM you have.