FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 11-06-2010, 10:36 PM
Vaclav Mocek
 
Default Fedora - Cold Boot Attack

Hi all,

I have read some articles about the Cold Boot Attacks and I am
wondering whether my Fedora box is protected against such kinds of
attack, at least to some extent.

I work like an Embedded SW/HW Developer and my experience is that data
could remain in the dynamic memory for quite long time, even in the room
temperature. I have used it successfully for debugging, when a booting
routine after the cold reset copies some parts of memory to another
location which could be read lately.

It would be usefull to overwrite some parts of memory (keys etc.),
before the computer is switched off. So, my question is: Is there
already implemented and used some kind of protection?

Vaclav M.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-07-2010, 04:11 PM
Digimer
 
Default Fedora - Cold Boot Attack

On 10-11-06 07:36 PM, Vaclav Mocek wrote:
> Hi all,
>
> I have read some articles about the Cold Boot Attacks and I am
> wondering whether my Fedora box is protected against such kinds of
> attack, at least to some extent.
>
> I work like an Embedded SW/HW Developer and my experience is that data
> could remain in the dynamic memory for quite long time, even in the room
> temperature. I have used it successfully for debugging, when a booting
> routine after the cold reset copies some parts of memory to another
> location which could be read lately.
>
> It would be usefull to overwrite some parts of memory (keys etc.),
> before the computer is switched off. So, my question is: Is there
> already implemented and used some kind of protection?
>
> Vaclav M.

It's a bit of a tangent, but I think Xen's dom0 kernel does this on
boot. If so, perhaps it's code can be adapted? I think it would be a
nice (optional?) feature, to be honest. Of course, this doesn't help if
power is suddenly cut, but combined with encrypted storage, it would
help remove another vector.

--
Digimer
E-Mail: digimer@alteeve.com
AN!Whitepapers: http://alteeve.com
Node Assassin: http://nodeassassin.org
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-07-2010, 04:44 PM
Jan Kratochvil
 
Default Fedora - Cold Boot Attack

On Sun, 07 Nov 2010 00:36:58 +0100, Vaclav Mocek wrote:
> I have read some articles about the Cold Boot Attacks and I am
> wondering whether my Fedora box is protected against such kinds of
> attack, at least to some extent.

If you have physical access to the box there is no security left. Attacked
can install there a trojan to catch+store boot password, install backdoor into
the booted kernel, use SMM (System Management Hook) etc. Attacker can also
solder in a sniffer of memory accesses. Other variants also exist.


Regards,
Jan
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-07-2010, 05:15 PM
Bruno Wolff III
 
Default Fedora - Cold Boot Attack

On Sun, Nov 07, 2010 at 18:44:48 +0100,
Jan Kratochvil <jan.kratochvil@redhat.com> wrote:
> On Sun, 07 Nov 2010 00:36:58 +0100, Vaclav Mocek wrote:
> > I have read some articles about the Cold Boot Attacks and I am
> > wondering whether my Fedora box is protected against such kinds of
> > attack, at least to some extent.
>
> If you have physical access to the box there is no security left. Attacked
> can install there a trojan to catch+store boot password, install backdoor into
> the booted kernel, use SMM (System Management Hook) etc. Attacker can also
> solder in a sniffer of memory accesses. Other variants also exist.

Having the laptop stolen, modified, put back and then stolen again later,
may not be a threat he is concerned about.

His concern seems to be that shutting the machine down may not be good enough
to protect against the laptop simply being stolen.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-07-2010, 05:57 PM
Stephen John Smoogen
 
Default Fedora - Cold Boot Attack

On Sat, Nov 6, 2010 at 17:36, Vaclav Mocek <little.owl@email.cz> wrote:
> Hi all,
>
> I have read some articles about the Cold Boot Attacks and I am
> wondering *whether my Fedora box is protected against such kinds of
> attack, at least to some extent.

Ok there are several different "cold boot attacks". The one I think
you are talking about is the removing memory from the system and
reading its contents with a special board. The kernel does not
generally provide a defense against that would be encrypting all data
in memory. Not sure how feasible it would be... you would also need to
make sure the video ram and other somehow supported it.

In the end, if someone has physical access to your system, you are not
going to be able to completely defend against a cold boot attack.
Encrypting the drive and keeping it reasonably secure is about all you
can do without having hardware that helps. [Due to the fact that Intel
hardware is really still trying to boot an 8088? when it starts up and
then become a better computer leaves all kinds of ways for some sort
of cold boot attack.] In the end, one would need to a) design the
hardware to be more resistant, b) use a cpu/hardware boot sequence
that isn't so crufty, and c) still do a good job of keeping the
hardware away from the maid.


> I work like an Embedded SW/HW Developer and my experience is that data
> could remain in the dynamic memory for quite long time, even in the room
> temperature. I have used it successfully for debugging, when a booting
> routine after the cold reset copies some parts of memory to another
> location which could be read lately.
>
> It would be usefull to overwrite some parts of memory (keys etc.),
> before the computer is switched off. So, my question is: Is there
> already implemented and used some kind of protection?
>
> Vaclav M.
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>



--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-08-2010, 08:45 AM
Petr Pisar
 
Default Fedora - Cold Boot Attack

On 2010-11-06, Vaclav Mocek <little.owl@email.cz> wrote:
>
> It would be usefull to overwrite some parts of memory (keys etc.),
> before the computer is switched off. So, my question is: Is there
> already implemented and used some kind of protection?
>
There was a patch for Linux to scramble memory just before halt. However
it has not been pushed to developers nor incoroporated into the Linux.

Unfortunatelly, I cannot find it now. It's few years old code. I rember
it had solved more problems than just this one and that the patch
touched halt(8) utility and kernel.

-- Petr

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-08-2010, 09:05 AM
Petr Pisar
 
Default Fedora - Cold Boot Attack

On 2010-11-06, Vaclav Mocek <little.owl@email.cz> wrote:
>
> I work like an Embedded SW/HW Developer and my experience is that data
> could remain in the dynamic memory for quite long time, even in the room
> temperature. I have used it successfully for debugging, when a booting
> routine after the cold reset copies some parts of memory to another
> location which could be read lately.
>
> It would be usefull to overwrite some parts of memory (keys etc.),
> before the computer is switched off. So, my question is: Is there
> already implemented and used some kind of protection?
>

Acctully there is better approach---to encrypt data destinated for
operating system/processes in CPU. This would prevent attacks by
unclean shutdown.

One of the problem is where to store the key. I found a thesis
<http://pi1.informatik.uni-mannheim.de/filepool/theses/diplomarbeit-2010-mueller.pdf>
right now which describes working implementation using SSE registers as
a permanent (untill power cycle) storage for the key. I have not read it
yet but it looks promissing.

-- Petr

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-08-2010, 09:18 AM
Petr Pisar
 
Default Fedora - Cold Boot Attack

On 2010-11-08, Petr Pisar <ppisar@redhat.com> wrote:
> One of the problem is where to store the key. I found a thesis
><http://pi1.informatik.uni-mannheim.de/filepool/theses/diplomarbeit-2010-mueller.pdf>
> right now which describes working implementation using SSE registers as
> a permanent (untill power cycle) storage for the key. I have not read it
> yet but it looks promissing.
>
So, after quick reading, this is not what I expected. This is just
another kernel block cypher used by dmcrypt to (de)crypt block device
data guartneeing encryption key does no leave CPU by storing the key in
SSE register. The drawback is nobody can use SSE instructions then.

-- Petr

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-08-2010, 01:12 PM
Gregory Maxwell
 
Default Fedora - Cold Boot Attack

On Sun, Nov 7, 2010 at 1:57 PM, Stephen John Smoogen <smooge@gmail.com> wrote:
> Ok there are several different "cold boot attacks". The one *I think
> you are talking about is the removing memory from the system and
> reading its contents with a special board. The kernel does not
[snip]

Not even with a special board, ...

> In the end, if someone has physical access to your system, you are not
> going to be able to completely defend against a cold boot attack.
> Encrypting the drive and keeping it reasonably secure is about all you
> can do without having hardware that helps.

Here is the attack: Your system is running with nice secure encrypted
drives, no console access (or a locked screen on a laptop). The
attacker inserts a bootable USB key and hits the power switch. System
reboots into the USB key, it retrieves the cryptographic keys for
reading your disk from memory, then copies whatever information it
likes.

This works even when a fairly high percentage of the key bits are
corrupted because the bits of the AES key schedule have simple linear
relationships with the key, so it functions as an excellent error
correcting code.

For some common situations like protecting your laptop with disk
encryption this attack completely invalidates the protection, at least
against a moderately savvy attacker.

The software for performing this attack is available from here:
http://citp.princeton.edu/memory/code/

This is not merely a theoretical weakness. It is easily executable by
anyone without the need for special hardware.

Without special hardware (like support for CPU-internal key
management, CPU support for encrypted ram) this attack is impossible
to close completely but small improvement could easily be made which
dramatically increased the difficulty of the attack.

* The kernel could avoid leaving confidentiality critical data laying
around for long spans of time, long term keying could be stored in
areas of memory more reliably overwritten at reboot

* Bioses could be modified to zero-ize memory at start

* Ciphers with linear key-schedules could be avoided (unfortunately
everything from the AES contest is bad at this, because the contest
pressure to work on low memory devices and small message sizes made
everyone use very cheap initialization; blowfish is an example of
something which I think is mostly free of that particular weakness)

* Userspace could freeze all access to encrypted volumes when the
screen is locked and toss the keys. (This is most reasonable when the
volume password and the user's login password are the same)


There were patches posted to the Linux kernel to reduce the exposure
from this kind of attack: http://lwn.net/Articles/334747/ but
unfortunately the author and the LKML didn't get along and the patches
were never merged.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-11-2010, 06:55 PM
Roman Rakus
 
Default Fedora - Cold Boot Attack

On 11/08/2010 03:12 PM, Gregory Maxwell wrote:
> Here is the attack: Your system is running with nice secure encrypted
> drives, no console access (or a locked screen on a laptop). The
> attacker inserts a bootable USB key and hits the power switch. System
> reboots into the USB key, it retrieves the cryptographic keys for
> reading your disk from memory, then copies whatever information it
> likes.
Only if the laptop is configured to boot from the USB. But I know,
everything here is theoretical.

RR
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 05:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org