[LBo] More on Cold Boot Attack Defenses plus SAN's Webcast
Sam Morgan
s.morgan at linuxbasics.org
Fri Feb 29 23:51:06 CET 2008
--Experts Weigh in on Cold Boot Attack Defenses
(February 22, 2008)
In response to the recently published research paper describing how
encryption key algorithms can be extracted from DRAM chips for a period
even after PCs have been powered off, encryption experts have come
forward to say that the attack can be thwarted by holding keys in
hardware instead of software and fully deploying the Trusted Platform
Module (TPM) authentication specification.
Internet Storm Center Entries:
http://isc.sans.org/diary.html?storyid=4043 (read this before you talk with your
full disk encryption vendor)
http://isc.sans.org/diary.html?storyid=4024
http://isc.sans.org/diary.html?storyid=4006
http://www.scmagazineus.com/Hard-encryption-keys-TPM-thwart-cold-boot-theft-Experts/PrintArticle/107192/
[Editor's Note (Frantzen): Any cryptographic software can lose control
of its keys in this manner, not just full disk encryption.
(Cole): The cold boot attack has a cool factor to it, but remember that
full disk encryption will protect a system only if it has a strong
password (two factor recommended) and if the system is completely turned
off. Use of a USB token stops the attack. If you turn your system
completely off (and hold on to it for more than 5 seconds) the attack
is not successful. If you do not follow either of these rules, than
full disk encryption can potentially be broken even without this
attack.]
Cold Boot Attack Response
The following vendors have responded with URLs to their position papers
on the Cold Boot crypto attack. If you see a vendor position paper on
this topic, please forward the URL to stephen at sans.edu:
http://www.guardianedge.com/news/in-the-news/february-25-2008.php
https://www.trustedcomputinggroup.org/news/press/TCG_statement_on_Princeton_Feb_paper_Feb_26.pdf
http://www.utimaco.de/C12570CF0030C00A/vwContentByKey/W26K9MQA301OBELEN
http://www.pgp.com/newsroom/cold_boot_attack_response.html
(it has been updated since last week)
http://www.mobilearmor.com/coldboot.php
http://www.mobilearmor.com/press_022508.php
http://www.winmagic.com/support/Cooled_RAM_Attack_20080222.pdf
http://blogs.msdn.com/windowsvistasecurity/archive/2008/02/22/disk-encryption-balancing-security-usability-and-risk-assessment.aspx
http://blogs.msdn.com/si_team/archive/2008/02/25/protecting-bitLocker-from-cold-attacks-and-other-threats.aspx
http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx
https://forums.checkpoint.com/forums/servlet/JiveServlet/download/32-5443-14636-567/cold_boot_attack%20doc.pdf
http://www.bitarmor.com/prevent-cold-boot-attacks/
http://www.bitarmor.com/news/BitArmor_Defeats_Cold_Boot_Attacks.php
http://www.jetico.com/bestcrypt_faq.htm#2_6
=================
SANS Special Webcast: A Response to the "Cold Boot Attack" Announcement
WHEN: Thursday, March 6, 2008 at 1:00 PM EST (1800 UTC/GMT)
https://www.sans.org/webcasts/show.php?webcastid=91884
A certified SANS instructor will host this webcast and provide attendees
with actionable advice on how to reduce their organization's risk
against the Cold Boot Attack using encryption tools and real-world best
practices. Hear responses from leading providers in the encryption
market to gain better understanding of how these solutions can help
mitigate or avoid the vulnerabilities associated with the Cold Boot
Attack. Attendees will walk away with actionable advice on how this
vulnerability can impact their organization and which encryption
solutions can provide best-in-class protection from this and other
security risks.
--
God Bless,
Sam Morgan
http://linuxbasics.org
Linux, the lifetime learning experience
More information about the QnA
mailing list