Researchers Find Way to Steal Encrypted Data (February 22, 2008)
Author: John Markoff, The New York Times
Excerpt: “A group lead by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks. The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.” (http://www.nytimes.com/2008/02/22/technology/22chip.html)
Lest We Remember: Cold Boot Attacks On Encryption Keys (April 2, 2008)
Authors: J. Alex Halderman, Princeton University, et al
Abstract: Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at room temperature and even if removed from a mother-board. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenonmenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them. (http://citp.princeton.edu/memory. A video summarizing their findings is also available at this site.)
WEBSITES & REPORTS
DoD Anti-Tamper Website
This website provides an introduction to Anti-Tamper, a glossary section containing definitions, acronyms and technology readiness levels, a policy section containing policy letters, DoD Directives and Instructions, Air Force Directives and Instructions and Army Policy Memorandum and a support section containing contacts and information. (http://at.dod.mil)
Defense Science Board Task Force on High Performance Microchip Supply (February 2005)
Excerpt: “It is clear from recent trends in the microelectronics industry that a significant migration of critical microelectronics manufacturing from the United States to other foreign countries has and will continue to occur. The rate of this technology migration is alarming because of the strategic significance this technology has on the U.S. economy and the ability of the United States to maintain a technological advantage in the Department of Defense (DoD), government, commercial and industrial sectors. Our greatest concern lies in microelectronics supplies for defense, national infrastructure and intelligence applications. Our study has highlighted prior, current and projected microelectronics industry trends and proposes explanations and recommendations to address some of the current disconcerting issues.”
(http://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf)
Please contact acalis@cputech.com or call (925) 224-9920 for further information.
|
