Post Wed Jun 25, 2008 11:11 am

Princeton Encryption Attack Countermeasures

I was pondering this morning on the encryption attack from Princeton (http://citp.princeton.edu/memory/) and what could be done to prevent it. On the top of my list were the following:

1. BIOS passwords. If the machine can't be booted back up to start from the removable device in order to dump the ram out, there goes the attack. At the very least, the attacker would be forced stop and clear the password (if they can) or to move the ram to another machine. Meanwhile the clock is ticking on the contents of the ram.

2. Restrict access to boot devices. If the machine can't boot from a removable device, then we're done, with the same provisions as above.

3. Restrict physical access to the guts of the machine. Many machines today have a provision for a physical lock, this would at least slow the attacker down. In addition, it would likely not be too hard to rig up some sort of a shield for the ram inside the machine to keep it from being removed or directly cooled (though this might cause heat issues). This is starting to go to extreme measures.

For a truly determined attacker, there are ways around all of this. Additionally, it would actually be a much more simple attack to just plug a hardware keylogger into the back of the machine and get the passsword/phrase from there (presuming that it came in via the keyboard). I think this attack is interesting, but really overblown impact-wise.

Thoughts?