"Frozen cache" method to thwart cold boot attacks
ACME Security has described a way to neutralise cold boot attacks. Such attacks exploit the fact that data in the DRAM are not immediately lost when power is removed, but remain there for a period that may last from a few seconds to a minute, or even longer if cooling is in use. This makes it possible for a hacker to discover decryption keys, such as those used in Vista's Bitlocker, dm-crypt in Linux, Apple's FileVault, or the open-source TrueCrypt.
The suggested remedy to ward off such cold boot attacks is to move the key into the CPU cache and then prevent further changes to the cache being copied into backing RAM. To do this, the cache has to be switched into a special mode, which is why it's called the "frozen cache" method. A cache-as-RAM method is not in fact new, for LinuxBIOS/CoreBoot already use it in order to have memory space while the memory controller is being initialised. Whatever the case, the method is supposed to prevent the key being successfully extracted from RAM, while the CPU cache itself is made inaccessible.
Various items besides the key, however, have to be shifted into the cache in order to ensure that hackers aren't given any clues for reconstructing the key: a round key or key schedule, the initialization vector (IV) (and, in the case of dm-crypt under Linux, the Encrypted Salt-Sector Initialization Vector (ESSIV)), plus various buffers. ACME Security concedes that their method does have a disadvantage, in that freezing the cache impairs system performance. A software routine to implement the necessary steps is suggested in the "Frozen Cache" blog.
- Princeton researchers crack encryption with liquid nitrogen, report by heise Security