Quantcast
Channel: NIHIL VEL PERTINAX SUM
Viewing all articles
Browse latest Browse all 39

A Solution to the Cold Boot Attack

0
0
I've been working on the cold boot problem for a while. Read my glorious paper! Then, download aes-amnesia.S and come back here to figure out how to use it.

This is what you do to use it (works with AES128 on 64-bit Linux only):
1. Get Loop-AES here.
2. Configure your kernel for Loop-AES. While you're at it, disable hardware performance monitoring (oprofile) and multiple CPUs (we don't support SMP systems unless compiled without SMP support ... yeah, I know, that needs to be fixed, and it can and will be).
3. Copy aes-amnesia.S to aes-amd64.S.
4. Make sure you've configured Loop-AES to use its AMD64 assembly language implementation of AES, which we just copied over. Note that things like Via PadLock and AES-NI are not supported currently; configure them out.
5. Compile Loop-AES as normal.
6. Some tests will fail because Loop-Amnesia doesn't support AES-192 or AES-256 yet.
7. Set up an encrypted volume with Loop-AES using AES128. You're now immune to cold boot!

Caveat: DO NOT USE HARDWARE OR SOFTWARE SUSPEND WHILE THE LOOP.KO MODULE IS LOADED OR YOU RISK EXTREME DISK CORRUPTION UPON RESUME!

Other caveat: DO NOT USE ON A SYSTEM CONFIGURED WITH SMP SUPPORT OR YOU RISK DISK CORRUPTION!

In fact, you can do this to make sure it's working:
1. Unmount every encrypted volume except for a small loopback volume whose contents you don't care about.
2. Software or hardware suspend the disk.
3. Resume and verify that the loopback volume's filesystem is corrupted. If it's not, you've done something wrong and are using a non-cold-boot-immune Loop-AES implementation, not Loop-Amnesia!

Best of luck, and comment on this blog post if you have problems! Also comment if you want SMP support; I'd get to adding it faster if I know people are wanting to use it :)

UPDATE: The people who did AESSE (mentioned in my paper) have continued to work on the cold boot problem and have also released code. If you have a computer with AES-NI support, or a 32-bit CPU, you may want to have a look at TRESOR. TRESOR is a project similar to Loop-Amnesia but uses dm-crypt as its base rather than Loop-AES. TRESOR can also make use of the AES-NI registers to provide better performance than Loop-Amnesia on computers that have them (I will add AES-NI support to Loop-Amnesia if there is demand, however), and, unlike Loop-Amnesia, TRESOR also supports 32-bit versions of Linux (which Loop-Amnesia will never do). Unlike Loop-Amnesia, however, TRESOR does not support mounting multiple encrypted partitions. This means, for instance, that if you want cold-boot-immune data and swap partitions, you'll have to use Loop-Amnesia, not TRESOR.

Author of Loop-Amnesia,
---linuxrocks123

Viewing all articles
Browse latest Browse all 39

Latest Images

Trending Articles





Latest Images