Is there a way to protect against "Cold Boot Attack" without turning off ur computer?

Example: Cold boot attacks, can compromise your system/wde level encryption if someone had access to your computer while it is on. To protect yourself from this you would need to shut down your computer whenever you are away from it.

While this method of turning off your computer each time you are away from it is the most secure method, it can become inconvenient.


Are there alternative methods? Example....


Is there a way to "dismount your system drive" encryption and leave the computer on? And when you come back, you just re-mount your system drive quickly and conveniently?

Is there a way to do an encryption level security lock / freeze while your computer is still on? So the cold boot attacks or other forms of encryption attacks would not work?

Example: something like a "screen saver lock" with encryption level protection.

I've also read somewhere that laptops might have this option of protection without having to completely shut down, but I didn't look into it and it might have not been immune to the cold boot attack.


I am using Truecrypt system encryption and it appears they don't have a command to do this function... Is there another excellent system/wde encryption software that allows this?

 

If I remember correctly (I am no expert in any way), cold boot attack is theoretically possible in the first few minutes even after shutting down the computer. That kind of attack is based on retrieving keys from the RAM. So, I guess, as long as there is active memory (when the computer is on) the attack is possible.

Again, don't take my word for it.

 

The only way I can think of, other than turning off the PC, would be if there was some specialized, secure hardware that wasn't susceptible to this. But good luck finding anything like that in your local retail store (if it even exists at all).

 

So there is no other way to protect from this threat? I mean, there has to be a software that wipes the memory of any encrypted passwords or something equivalent to that.....


And if special hardware exists for this, does anyone know where to find this type of hardware?

 

Flash drives that utilize hardware encryption are not susceptible to the attack. Those drives encrypt/decrypt on a chip of their own and nothing is ever written to RAM or the hard drive. Examples would be the IronKey or Kingston's Vault Secure Privacy series.

Seagate released a line of external hard drives with hardware encryption using the Maxtor name (which they bought in 2006) and calling the line "BlackArmor." However, beware, they have since changed the entire "BlackArmor" line and now no longer include hardware encryption. The early drives released in the spring of '08 are much sought after and hard to come by.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Why not just hibernate? It's not just for bears anymore. I don't use it personally, but it should meet most of your criteria (except for the computer being on).

Aside from the cold boot attack, don't forget the DMA (direct memory access) attack. Any port (including firewire) that's capable of DMA can be used to extract the keys directly from memory. It's like the cold boot, only easier. All software system encryption is susceptible.

 

POS RAM Scrapers?

Is what is being discussed here similar to this over here at El Reg?

 

The obvious defense is to store your data in one or more encrypted volumes and dismount them whenever they're not in use. The key will be wiped from memory immediately. You can continue to use system encryption as well.

 

Consider using two factor authentication (“something you know” + “something you have”), requiring a physical token for encryption/decryption in addition to a passphrase. When the token is disconnected from the system, knowledge of the passphrase is insufficient to allow access to the encrypted information.

FYI -- PGP WDE supports the use of tokens.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

The problem is that these attacks extract the key from memory, so it doesn't matter what kind of authentication is done. All software WDE is susceptible, including PGP.

 

I don't believe your assessment is accurate. My understanding is that when using two-factor authentication with a hardware token (e.g., Aladdin eToken), the private key is encrypted and stored on the token -- not in memory. Stated differently, the private key never leaves the token and is never in memory.

To elaborate, the passphrase (or PIN) to the token is maintained in memory once it has been supplied by the user. However, if the token is physically disconnected from the PC, knowledge of that passphrase/PIN alone will not function as a substitute for the private key, and thus the encrypted information stored on the PC remains inaccessible. In this scenario, a cold boot attack that retrieves the passphrase to the token from memory -- in the absence of the attacker having the token itself -- will be unsuccessful in providing access to the encrypted information resident on the PC. The reason is that the private key only exists on the token and the private key (not the passphrase to the token) is required for decryption.

Perhaps another member of the forum community can further clarify (or correct) this explanation....

 

There's no single correct answer. There are so many different kinds of authentication/security tokens in play that to say tokens do or don't do anything is impossible. Some tokens are so simple as to basically hold a text file and offers only the appearance of protection and two-factor authentication. On the other hand, there are tokens which have an onboard chip and are able to do any number of things, including, I would imagine, the ability to handle processing of decryption keys onboard the token. But do most of them have that? I don't believe but a small number have that ability and they're of the very expensive variety. The plethora of tokens makes any "yes" or "no" answer truly impossible. The Aladdin eTokens are definitely top-notch and handle decryption processing on the device; but they're one of few, and not ALL of their tokens are considered "strong authenticators."

Edit to include "eToken" brand name.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I know you asked for another forum member, but I'll put in my 2 cents anyway. I'm by no means an expert on WDE, PGP or hardware tokens. However, I think the eToken is only for authentication. The authentication step is only to get you booted up into your operating system. Once you've been authenticated, I believe it's irrelevant how many steps it took you to get authenticated.

I believe PGP and all other software WDE solutions store their key in memory, not the passphrase for the token and not the key produced by the token. My understanding is that the key for the token becomes irrelevant after you've been authenticated. So, you're not extracting the passphrase for the eToken from memory (or the key for the eToken). You're extracting the key that PGP uses to decrypt your hard drive. I believe all software WDE solutions store that key in memory, and that key alone is sufficient to decrypt the hard drive.

Edit: It's called on the fly encryption for a reason. The master key is needed to decrypt every piece of data in RAM on the fly.

 

Yes, I agree. I had in mind the “sophisticated” hardware tokens when I authored my comments. Based on your feedback, the use of such a token would appear to be a successful approach to preventing a “cold boot” attack.

 

Consider this explanation by Aladdin:

FYI -- PGP WDE supports the use of Aladdin tokens.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I'm going to start by offering the disclaimer that I'm only theorizing here. I'm not an expert in this.

My guess, again, is that they're talking about the decryption taking place on the device only for the purpose of pre-boot authentication. Again, just a guess. I don't think the device would be fast enough to handle true OTFE. I think it has to be handled in RAM. I think it's just more gibberish by a vendor trying to sell their product, rather than a true reflection of reality. Have you ever noticed how difficult it is to get a straight answer from an expert trying to sell their product? Everything is always framed in a way that makes their product look best.

Fortunately, this is something that's very easy to test. If, as you claim, all decryption is happening on this USB device, then the second you pull the device from it's USB port, the computer should crash. If it doesn't, you have your answer. In other words, this device would have to be plugged in as long as the computer is on.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I'm a big fan of TrueCrypt, and something that I've observed is that TrueCrypt doesn't skimp on security. A lot of times other products will distinguish themselves by incorporating security features of limited utility. But the day TrueCrypt misses something as big as preventing cold boot attacks is the day I stop using it.

In other words, if it's a security feature and it's not in TrueCrypt, the best place to start is to ask why it's not. That's what I do.

That's not to take anything away from PGP. It's definitely easier to use in enterprise situations (though not for the individual user). But I doubt it will ever be more secure than TrueCrypt (unless the current developers/programmers are replaced for some reason). In my opinion PGP offers nothing over TrueCrypt for an individual user at this time.

 

Thank you for all your responses. This is great information. If anyone can bring more ideas to the table, please do so.

I am going to check out and look into these solutions, and in particular look at the ETokens from Alladin, I'll post new material also if I find anything out...



I no more than U, about Hibernation:
So are you saying Hibernation => Same effectiveness as Shutting down the computer and thus rendering Cold Boot useless?...

Also what version of TC are you using? I've read that some people won't go upgrade from TC 5.1A or something like. Although it seems that TC has many new features / benefits from newer versions...

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

I've already given a compelling argument about why they won't protect you from cold boot attacks. They certainly serve a purpose, just not the one you want. If you still want to purchase one for this purpose, don't say I didn't warn you.

I don't use hibernation, but I believe that once you hibernate, you can shut off the computer and cut power from the RAM. You can even pull the plug if you want. Once the RAM is powered off, the attack won't work.

If you really want to combat this, try being creative. If you really think about it, you can probably come up with some ideas. Don't wait for someone else's leftovers when you can cook something up yourself.

 

However, it does not appear to be described that way in this post on the PGP forum:

Also, consider these comments authored by Tom McCune (a PGP expert):

Thus, it seems to be the case that (1) the private key is stored exclusively on the eToken, and (2) decryption of all the information stored on the encrypted volume is performed on the eToken. If this is indeed the case, then the use of an eToken would presumably circumvent a “cold boot” attack, since the private key is never resident in the PC's memory.

This is a fascinating subject, and hopefully additional members of the forum community will contribute their insights.

 

It would be off-topic to digress into a PGP versus TrueCrypt comparison in this thread. However, in brief, while TrueCrypt does have some features lacking in PGP, it is also certainly the case that the reverse is true, too.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

This is fun.

Okay, Pleonasm. It looks like this is going to be a fight to the death. How about we draw at 20 paces?

In all seriousness, someone with PGP forum credentials should just ask the question there. If no one does it by the end of the day, I'll just sign up and post it myself. I don't think we'll resolve it any other way.

 

I’m glad we both approach this subject in the spirit of professional frivolity! It’s not about “winning/losing” -- it’s only about “learning”!

While I do occasionally use the PGP Forum, since it’s your solid suggestion, please proceed and post the question in the “PGP Whole Disk Encryption for Windows” section of that forum. I think the gist of the question is: "When using PGP WDE with an Aladdin eToken containing the private key, does PGP WDE at any time have that private key in memory when decrypting information stored on an encrypted disk?" (I suspect that the public key, used for encryption, is maintained in the PC's memory -- but, that's not a security risk at all.)

Let’s see what PGP says....

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Pleonasm, I don't think we're on the same page at all to be honest. The terms public and private key don't even apply to OTFE, as it's currently used. These terms apply to asymmetric cryptography, which is used for communications/e-mail.

Disk encryption uses symmetric key cryptography and a single 256-bit key (usually). That's not to say that asymmetric key cryptography couldn't be used for disk encryption, but it's just not.

Furthermore, all of these encryption programs, including TrueCrypt and PGP (I presume) generate their own 256 bit key using complex algorithms. So, yes storing THE key in memory most definitely is a security risk. Knowing what I know about these programs, it would almost be heresy to think that they would trust another program or a hardware device to produce THE key.

http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Symmetric_key_algorithm

Because we don't even agree on the basics and in the interests of simplicity, I propose asking a simple question such as "Does using the Aladdin eToken make one immune from the cold boot attack?" or "Is one still susceptible to the cold boot attack when using the Aladdin eToken?". Something along those lines.

Then post a link to this thread. Another thing is that I always use Tor, and I'm unable to access the forums today through Tor for some reason. I won't post without it, so someone else might have to do it.

 

Re: Is there a way to protect against "Cold Boot Attack" without turning off ur compu

Pleonasm, I re-read the quotes you provided.

The quote you provided already provided the answer to the question. There's not much more left to say. I didn't really look at this the first time I read your post, but I'm not sure how it could be interpreted any other way. To be honest, I'm not sure how we're interpreting it differently.

Unless these devices can produce a 256 bit key suitable for AES and unless PGP has totally lost their minds and entrusted this device to perform the encryption/decryption, I think the matter is resolved.

I think it simply comes down to having a thorough understanding of how disk encryption works and how it's applied specifically by PGP and TrueCrypt. Fortunately, I believe all WDE products work more or less the same.

I consider it resolved. If you want to pursue it further, then feel free to. I have no doubts that everything I've posted previously in this thread is entirely correct.

Edit: In case there's any doubt, here are the reasons:

1. The device isn't fast enough.

2. The device would have to be plugged in continuously. Unplugging it would crash the computer.

3. The device doesn't even produce 256 bit keys.

4. Why would PGP throw away all their work and trust this device to produce and store the key.

5. Depending on what cipher is used (AES, Twofish, Serpent, etc.), the encryption/decryption procedures would be entirely different.

6. It's just not how it works.