Is there a way to protect against "Cold Boot Attack" without turning off ur computer?

Discussion in 'privacy technology' started by connect4, Dec 10, 2009.

Thread Status:
Not open for further replies.
  1. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    Example: Cold boot attacks, can compromise your system/wde level encryption if someone had access to your computer while it is on. To protect yourself from this you would need to shut down your computer whenever you are away from it.

    While this method of turning off your computer each time you are away from it is the most secure method, it can become inconvenient.


    Are there alternative methods? Example....


    Is there a way to "dismount your system drive" encryption and leave the computer on? And when you come back, you just re-mount your system drive quickly and conveniently?

    Is there a way to do an encryption level security lock / freeze while your computer is still on? So the cold boot attacks or other forms of encryption attacks would not work?

    Example: something like a "screen saver lock" with encryption level protection.

    I've also read somewhere that laptops might have this option of protection without having to completely shut down, but I didn't look into it and it might have not been immune to the cold boot attack.


    I am using Truecrypt system encryption and it appears they don't have a command to do this function... Is there another excellent system/wde encryption software that allows this?
     
  2. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    If I remember correctly (I am no expert in any way), cold boot attack is theoretically possible in the first few minutes even after shutting down the computer. That kind of attack is based on retrieving keys from the RAM. So, I guess, as long as there is active memory (when the computer is on) the attack is possible.

    Again, don't take my word for it.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    The only way I can think of, other than turning off the PC, would be if there was some specialized, secure hardware that wasn't susceptible to this. But good luck finding anything like that in your local retail store (if it even exists at all).
     
  4. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101


    So there is no other way to protect from this threat? I mean, there has to be a software that wipes the memory of any encrypted passwords or something equivalent to that.....


    And if special hardware exists for this, does anyone know where to find this type of hardware?
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Flash drives that utilize hardware encryption are not susceptible to the attack. Those drives encrypt/decrypt on a chip of their own and nothing is ever written to RAM or the hard drive. Examples would be the IronKey or Kingston's Vault Secure Privacy series.

    Seagate released a line of external hard drives with hardware encryption using the Maxtor name (which they bought in 2006) and calling the line "BlackArmor." However, beware, they have since changed the entire "BlackArmor" line and now no longer include hardware encryption. The early drives released in the spring of '08 are much sought after and hard to come by.
     
  6. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    Why not just hibernate? It's not just for bears anymore. I don't use it personally, but it should meet most of your criteria (except for the computer being on).

    Aside from the cold boot attack, don't forget the DMA (direct memory access) attack. Any port (including firewire) that's capable of DMA can be used to extract the keys directly from memory. It's like the cold boot, only easier. All software system encryption is susceptible.
     
  7. tsec

    tsec Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    181
  8. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    The obvious defense is to store your data in one or more encrypted volumes and dismount them whenever they're not in use. The key will be wiped from memory immediately. You can continue to use system encryption as well.
     
  9. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Consider using two factor authentication (“something you know” + “something you have”), requiring a physical token for encryption/decryption in addition to a passphrase. When the token is disconnected from the system, knowledge of the passphrase is insufficient to allow access to the encrypted information.

    FYI -- PGP WDE supports the use of tokens.
     
  10. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    The problem is that these attacks extract the key from memory, so it doesn't matter what kind of authentication is done. All software WDE is susceptible, including PGP.
     
  11. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I don't believe your assessment is accurate. My understanding is that when using two-factor authentication with a hardware token (e.g., Aladdin eToken), the private key is encrypted and stored on the token -- not in memory. Stated differently, the private key never leaves the token and is never in memory.

    To elaborate, the passphrase (or PIN) to the token is maintained in memory once it has been supplied by the user. However, if the token is physically disconnected from the PC, knowledge of that passphrase/PIN alone will not function as a substitute for the private key, and thus the encrypted information stored on the PC remains inaccessible. In this scenario, a cold boot attack that retrieves the passphrase to the token from memory -- in the absence of the attacker having the token itself -- will be unsuccessful in providing access to the encrypted information resident on the PC. The reason is that the private key only exists on the token and the private key (not the passphrase to the token) is required for decryption.

    Perhaps another member of the forum community can further clarify (or correct) this explanation....
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    There's no single correct answer. There are so many different kinds of authentication/security tokens in play that to say tokens do or don't do anything is impossible. Some tokens are so simple as to basically hold a text file and offers only the appearance of protection and two-factor authentication. On the other hand, there are tokens which have an onboard chip and are able to do any number of things, including, I would imagine, the ability to handle processing of decryption keys onboard the token. But do most of them have that? I don't believe but a small number have that ability and they're of the very expensive variety. The plethora of tokens makes any "yes" or "no" answer truly impossible. The Aladdin eTokens are definitely top-notch and handle decryption processing on the device; but they're one of few, and not ALL of their tokens are considered "strong authenticators."

    Edit to include "eToken" brand name.
     
    Last edited: Dec 12, 2009
  13. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    I know you asked for another forum member, but I'll put in my 2 cents anyway. I'm by no means an expert on WDE, PGP or hardware tokens. However, I think the eToken is only for authentication. The authentication step is only to get you booted up into your operating system. Once you've been authenticated, I believe it's irrelevant how many steps it took you to get authenticated.

    I believe PGP and all other software WDE solutions store their key in memory, not the passphrase for the token and not the key produced by the token. My understanding is that the key for the token becomes irrelevant after you've been authenticated. So, you're not extracting the passphrase for the eToken from memory (or the key for the eToken). You're extracting the key that PGP uses to decrypt your hard drive. I believe all software WDE solutions store that key in memory, and that key alone is sufficient to decrypt the hard drive.

    Edit: It's called on the fly encryption for a reason. The master key is needed to decrypt every piece of data in RAM on the fly.
     
  14. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Yes, I agree. I had in mind the “sophisticated” hardware tokens when I authored my comments. Based on your feedback, the use of such a token would appear to be a successful approach to preventing a “cold boot” attack.
     
  15. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Consider this explanation by Aladdin:

    FYI -- PGP WDE supports the use of Aladdin tokens.
     
  16. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu


    I'm going to start by offering the disclaimer that I'm only theorizing here. I'm not an expert in this.

    My guess, again, is that they're talking about the decryption taking place on the device only for the purpose of pre-boot authentication. Again, just a guess. I don't think the device would be fast enough to handle true OTFE. I think it has to be handled in RAM. I think it's just more gibberish by a vendor trying to sell their product, rather than a true reflection of reality. Have you ever noticed how difficult it is to get a straight answer from an expert trying to sell their product? Everything is always framed in a way that makes their product look best.

    Fortunately, this is something that's very easy to test. If, as you claim, all decryption is happening on this USB device, then the second you pull the device from it's USB port, the computer should crash. If it doesn't, you have your answer. In other words, this device would have to be plugged in as long as the computer is on.
     
  17. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    I'm a big fan of TrueCrypt, and something that I've observed is that TrueCrypt doesn't skimp on security. A lot of times other products will distinguish themselves by incorporating security features of limited utility. But the day TrueCrypt misses something as big as preventing cold boot attacks is the day I stop using it.

    In other words, if it's a security feature and it's not in TrueCrypt, the best place to start is to ask why it's not. That's what I do.

    That's not to take anything away from PGP. It's definitely easier to use in enterprise situations (though not for the individual user). But I doubt it will ever be more secure than TrueCrypt (unless the current developers/programmers are replaced for some reason). In my opinion PGP offers nothing over TrueCrypt for an individual user at this time.
     
  18. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    Thank you for all your responses. This is great information. If anyone can bring more ideas to the table, please do so.

    I am going to check out and look into these solutions, and in particular look at the ETokens from Alladin, I'll post new material also if I find anything out...



    I no more than U, about Hibernation:
    So are you saying Hibernation => Same effectiveness as Shutting down the computer and thus rendering Cold Boot useless?...

    Also what version of TC are you using? I've read that some people won't go upgrade from TC 5.1A or something like. Although it seems that TC has many new features / benefits from newer versions...
     
  19. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    I've already given a compelling argument about why they won't protect you from cold boot attacks. They certainly serve a purpose, just not the one you want. If you still want to purchase one for this purpose, don't say I didn't warn you.


    I don't use hibernation, but I believe that once you hibernate, you can shut off the computer and cut power from the RAM. You can even pull the plug if you want. Once the RAM is powered off, the attack won't work.


    If you really want to combat this, try being creative. If you really think about it, you can probably come up with some ideas. Don't wait for someone else's leftovers when you can cook something up yourself.
     
  20. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    However, it does not appear to be described that way in this post on the PGP forum:

    Also, consider these comments authored by Tom McCune (a PGP expert):

    Thus, it seems to be the case that (1) the private key is stored exclusively on the eToken, and (2) decryption of all the information stored on the encrypted volume is performed on the eToken. If this is indeed the case, then the use of an eToken would presumably circumvent a “cold boot” attack, since the private key is never resident in the PC's memory.

    This is a fascinating subject, and hopefully additional members of the forum community will contribute their insights.
     
  21. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It would be off-topic to digress into a PGP versus TrueCrypt comparison in this thread. However, in brief, while TrueCrypt does have some features lacking in PGP, it is also certainly the case that the reverse is true, too.
     
  22. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    This is fun.

    Okay, Pleonasm. It looks like this is going to be a fight to the death. How about we draw at 20 paces? :D

    In all seriousness, someone with PGP forum credentials should just ask the question there. If no one does it by the end of the day, I'll just sign up and post it myself. I don't think we'll resolve it any other way.
     
  23. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I’m glad we both approach this subject in the spirit of professional frivolity! It’s not about “winning/losing” -- it’s only about “learning”! :)

    While I do occasionally use the PGP Forum, since it’s your solid suggestion, please proceed and post the question in the “PGP Whole Disk Encryption for Windows” section of that forum. I think the gist of the question is: "When using PGP WDE with an Aladdin eToken containing the private key, does PGP WDE at any time have that private key in memory when decrypting information stored on an encrypted disk?" (I suspect that the public key, used for encryption, is maintained in the PC's memory -- but, that's not a security risk at all.)

    Let’s see what PGP says....
     
  24. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    Pleonasm, I don't think we're on the same page at all to be honest. The terms public and private key don't even apply to OTFE, as it's currently used. These terms apply to asymmetric cryptography, which is used for communications/e-mail.

    Disk encryption uses symmetric key cryptography and a single 256-bit key (usually). That's not to say that asymmetric key cryptography couldn't be used for disk encryption, but it's just not.

    Furthermore, all of these encryption programs, including TrueCrypt and PGP (I presume) generate their own 256 bit key using complex algorithms. So, yes storing THE key in memory most definitely is a security risk. Knowing what I know about these programs, it would almost be heresy to think that they would trust another program or a hardware device to produce THE key.

    http://en.wikipedia.org/wiki/Public-key_cryptography
    http://en.wikipedia.org/wiki/Symmetric_key_algorithm

    Because we don't even agree on the basics and in the interests of simplicity, I propose asking a simple question such as "Does using the Aladdin eToken make one immune from the cold boot attack?" or "Is one still susceptible to the cold boot attack when using the Aladdin eToken?". Something along those lines.

    Then post a link to this thread. Another thing is that I always use Tor, and I'm unable to access the forums today through Tor for some reason. I won't post without it, so someone else might have to do it. :doubt:
     
  25. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

    Pleonasm, I re-read the quotes you provided.

    The quote you provided already provided the answer to the question. There's not much more left to say. I didn't really look at this the first time I read your post, but I'm not sure how it could be interpreted any other way. To be honest, I'm not sure how we're interpreting it differently.

    Unless these devices can produce a 256 bit key suitable for AES and unless PGP has totally lost their minds and entrusted this device to perform the encryption/decryption, I think the matter is resolved.

    I think it simply comes down to having a thorough understanding of how disk encryption works and how it's applied specifically by PGP and TrueCrypt. Fortunately, I believe all WDE products work more or less the same.

    I consider it resolved. If you want to pursue it further, then feel free to. I have no doubts that everything I've posted previously in this thread is entirely correct.

    Edit: In case there's any doubt, here are the reasons:

    1. The device isn't fast enough.

    2. The device would have to be plugged in continuously. Unplugging it would crash the computer.

    3. The device doesn't even produce 256 bit keys.

    4. Why would PGP throw away all their work and trust this device to produce and store the key.

    5. Depending on what cipher is used (AES, Twofish, Serpent, etc.), the encryption/decryption procedures would be entirely different.

    6. It's just not how it works.
     
    Last edited: Dec 13, 2009
Loading...
Thread Status:
Not open for further replies.