Comments on: Chilled Memory Attacks

By: datenritter blog

datenritter blog — Thu, 06 Mar 2008 12:17:50 +0000

Kryoattacke - spreading the *word*…

Es funktioniert: Das Wort “Kryoattacke” erzielt mittlerweile zwei Treffer bei Google und einen bei Yahoo. Bei Google ist mein Blogeintrag der erste Treffer, die anderen beiden führen zu etbe. In den Kommentaren greift etbe den Begriff auf und fragt,…

By: etbe

etbe — Wed, 27 Feb 2008 05:39:38 +0000

http://blog.datenritter.de/archives/10-Kryoattacke.html

A German guy has coined the term kryoattacke (cryo-attack) for this. It seems like a good term, the only question is whether we should translate it to English spelling.

By: Hamish Moffatt

Hamish Moffatt — Tue, 26 Feb 2008 23:42:52 +0000

Most processors will have JTAG, which is a diagnostic port which allows you to access all their pins for testing the motherboard, and probably to access internal registers and memory for debugging purposes - perhaps the cache too.

It’s likely that the JTAG would be connected on the motherboard. The actual connector is probably not loaded on the motherboard but you could connect to the pins. So I wouldn’t assume that inside the processor means inaccessible.

By: Thomas

Thomas — Tue, 26 Feb 2008 11:05:09 +0000

etbe: If you wanted to do a DIY self-destruct, it would be quite feasible to plug a 555 sine generator into a little transformer attached to the DIMMs for not much money. I don’t imagine it would take too much current to destroy the RAM. I might even test it sometime. ;) *puts it on the list*. You could do a “the broken”, and use thermite, but that’s probably too expensive.

As for purging the RAM, I was thinking more of an IC on board near the RAM which would hijack the bus and stick a pile of data into the memory. This is beyond the realm of DIY though, obviously, requiring some cooperation from the motherboard manufacturer.

If the only kind of people we’re worrying about here are the people who only have the resources to nick some DIMMs, then I think well-covered self-destructive RAM should solve the issue nicely. Unless that’s just an initial attempt before they step up to torture, which could be a problem. If you’re lucky, all they want is your uid 0 password. :P

By: etbe

etbe — Tue, 26 Feb 2008 10:42:33 +0000

Thomas: The problem is that purging the memory contents is quite difficult. Unless you have a device that will destroy the RAM with high voltage (rumoured to be used by the military but unreasonably expensive for most civilian use) a quick permanent erasure is difficult to guarantee.

My point is not that people who have the resources to steal data from RAM have other methods, in fact it’s the exact opposite - people who don’t have the resources to implement other methods (such as torture) can steal data from RAM.

By: Thomas

Thomas — Tue, 26 Feb 2008 05:17:47 +0000

I can’t help but note the similarity between using encrypted memory to stop people sticking your RAM in an esky and TCPA’s approach to hardware security. It’s a huge logistical issue in itself — how long before someone’s wearing the Intel decryption key on a T-shirt?

Really, the simplest way would be a box over the RAM with a few switches or even a sensitive accelerometer that will cut power and/or purge the RAM (using a small backup battery if necessary) as soon as it is tampered with. Sure, it sounds complicated but I daresay it’s going to be easier than an encrypted mechanism.

Regardless, it’s something of a minority case where somebody gets physical access to a locked down computer and wants to steal data from its memory. As you point out, the people who have the resources to do that sort of thing probably have other methods in their toolbox such as sniffing the bus.

Cool hack though.

By: Jaime

Jaime — Tue, 26 Feb 2008 02:27:24 +0000

Sorry Russell,

I love your blog posts, and I genuinely and greatly appreciate your contribution to FOSS, but I’m an apostrophobic:

“to make it keep it’s data after a power cycle”
should be:
“to make it keep its data after a power cycle”

(possessive “its” has no apostrophe, neither does possessive “his”, nor “hers”, nor “theirs” etc.)

Likewise:
“that can operate on it’s own”
should be:
“that can operate on its own”.

You might find the following page from “A survey of English spelling” interesting:
http://books.google.com/books?id=sceZ5XcqSfIC&pg=PA50&lpg=PA50&ots=TZnOc6rdFA&sig=4-M4je0o7V0fh0PzU6gqjCBI2Ro

Please take this reply as it is intended - _constructively_.

Kind regards, Jaime.

By: Mike

Mike — Tue, 26 Feb 2008 01:07:12 +0000

Some of the crazy overclockers use liquid Nitrogen to run their chips at hundreds below zero, so I’d expect a cpu to run just fine at -60C, if it’s not chilled too quickly(thermal contraction, bad solder joints, etc)