http://www.heise-online.co.uk/news/Frozen-cache-method-to-thwart-cold-boot-attacks--/112450"Frozen cache" method to thwart cold boot attacksACME Security has described
a way to neutralise cold boot attacks. Such attacks exploit the fact
that data in the DRAM are not immediately lost when power is removed,
but remain there for a period that may last from a few seconds to a
minute, or even longer if cooling is in use. This makes it possible for
a hacker to discover decryption keys, such as those used in Vista's
Bitlocker, dm-crypt in Linux, Apple's FileVault, or the open-source
TrueCrypt. The suggested remedy to ward off such cold boot attacks is to move
the key into the CPU cache and then prevent further changes to the
cache being copied into backing RAM. To do this, the cache has to be
switched into a special mode, which is why it's called the "frozen
cache" method. A cache-as-RAM method is not in fact new, for
LinuxBIOS/CoreBoot already use it Various items besides the key, however, have to be shifted into the cache in order to ensure that hackers aren't given any clues for reconstructing the key: a round key or key schedule, the initialization vector (IV) (and, in the case of dm-crypt under Linux, the Encrypted Salt-Sector Initialization Vector (ESSIV)), plus various buffers. ACME Security concedes that their method does have a disadvantage, in that freezing the cache impairs system performance. A software routine to implement the necessary steps is suggested in the "Frozen Cache" blog. See also:
|
in order to have memory space while the memory controller is being
initialised. Whatever the case, the method is supposed to prevent the
key being successfully extracted from RAM, while the CPU cache itself
is made inaccessible.