FrozenCache Mitigating Cold-Boot-Attacks For ... - CCC Event Blog
Recommend Documents
authentication. GSM backend network. Attack vectors. â« Access to private user data. Focus of this talk ... signal proc
enigma of woman and the other recent psychological seers. What dominated over truth was clothing, an impermeable layer b
Ever more applications are building up on mobile data networks, thereby amplifying the exposed ... GPRS interception onl
Reasons for Vehicular Communications. 1. Research Grants and PhD titles;-). 2. Sell more cars ;-). â« 80% of innovation in new cars is electronics, mostly software.
analysis is needed for software protected by smart cards. 3. This talk describes a method for extracting smart card soft
â«IMSI catching is detectable from phone, but no detect apps exists ! ... The iPhone that wouldnât quit ... Key requirement of code book generation is a fast.
C2C-CC. COMeSafety. EASIS. Prevent. CarTALK2000. COOPERS. GST. CVIS. eSafetySupport ..... Macroscopic tracing â e.g. over the country. â« Coarse-grain ...
Dec 28, 2010 - Node's goal is to provide an easy way to build scalable ... Google's V8 JavaScript engine (no DOM) .... s
Node.js. As a networking tool. 28.12.2010 ... socket.end();. }).listen(0x27C3);. $ node hello.js &. [1] 3591. $ nc l
The creator of the Perl programming language. Larry Wall - ... https://www.owasp.org/index.php/Testing_for_HTTP_Paramete
Dec 28, 2010 - Node's goal is to provide an easy way to build scalable ... Google's V8 JavaScript engine (no DOM) .... s
Dec 28, 2010 - âAndroid geolocation using GSM networkâ. Renaud Lifchitz. 10. Cell location resolution. â Every GSM cell (BTS) is identified by 4 numbers:.
This is what ISPs use to provision, monitor and configure your ... 50% Web Servers ... Apache. 15%. KTT-SOAP. 8% mini_ht
programs and static data) and 4 kB of RAM (with an additional 64 kB of RAM ... to building embedded software: rather tha
Even Apple got this problem right! .... ip link set mtu 1280 dev sixxs ip tunnel change sixxs ttl 64 ip -6 addr add [You
Dec 27, 2014 - Alexander Isakov. The programmer ... Perl Harbor. 010011011011101. Debunking SCADA hacking myths. Obtaining access != Obtaining ...
Dec 28, 2011 - Web application technologies. PHP. ASP.NET. Java. ColdFusion. Perl. Ruby. Python. JavaScript. 77.3 %. 21.
Microsoft. âWe consider this issue to be by design. *and will not fix this+â. Even Apple got this problem right! Pag
Dec 18, 2008 - Tor is an anonymizing network. It allows users to anonymously access Internet services. Its archi- tecture guarantees that the real IP of users ...
programs and static data) and 4 kB of RAM (with an additional 64 kB of RAM ... to building embedded software: rather tha
Beats âRFC users are not a threat because they cannot login via SAPGUIâ. â Time to .... âWhen admins/developers
http://stuffaroundyou.blogspot.de/2012/05/picture-of-python-in-car-engine.html ....
guy). Me! (still not having any source code). Someone selling via eBay ?
FrozenCache Mitigating Cold-Boot-Attacks For ... - CCC Event Blog
FrozenCache Mitigating Cold-Boot-Attacks For Software-Based Full-Disk-Encryption
Jürgen Pabel
Introduction ●
●
IT-Security Consultant ●
Akkaya Consulting GmbH in Köln
●
CISSP since 2002
Internet ●
http://blog.akkaya.de/jpabel
●
http://juergen.pabel.net/blog (soon)
FrozenCache by Jürgen Pabel
Agenda ●
The attack
●
The mitigation
●
The demo
●
The messy details
●
The questions (that's your part) FrozenCache by Jürgen Pabel
Cold-Boot-Attacks ●
●
Key insights ●
RAM retains data up to minutes after power loss
●
Cryptographic software requires key to be in RAM
Research ●
Published in Febuary 2008
●
Princeton, EFF and Wind River Systems
●
http://citp.princeton.edu/memory/
FrozenCache by Jürgen Pabel
Solution ●
Use the CPU cache instead of RAM for cryptographic key storage ●
●
Known as „no-fill“ mode and Cache-As-RAM Mentioned at 25c3 by Peter Stuge during his coreboot presentation FrozenCache by Jürgen Pabel
First off... ●
●
...think about caching as two disjoint tasks ly! n o e s ion o 1. Updating data in cache p t r a u t p en e 2. Updating data in RAM th pres r Fo this of ...we'll consider a single CPU for now ●
●
Level 1 & Level 2 caches (level 2 is „inclusive“)
...we'll ignore lots of messy details for now
FrozenCache by Jürgen Pabel
X86 cache primer ●
●
●
CPU control register CR0 indicates cache mode ●
CD:
Cache Disable
●
NW: Not Write-Trough
Fine-grained cacheability ●
MTRR for physical address ranges
●
PAT for linear address ranges
Memory type designates cacheability ●
From entirely uncacheable to fully cacheable FrozenCache by Jürgen Pabel
X86 cache setup ●
Activation of no-fill mode is trivial ●
CR0.CD = 1, CR0.NW = 0 mov or and mov
●
●
$cr0, $cr0, $cr0, $eax,
$eax 0x40000000 ~0x20000000 $cr0
Officially documented in Intel SDM 11.5.1 ●
Standard cache mode upon reset
●
CR0.CD = 1, CR0.NW = 1 is no longer supported
Caveats ●
X86 CPUs are crazily different with respect to caching FrozenCache by Jürgen Pabel
FrozenCache mode ●
●
Setup (abbreviated) ●
Read data into registers
●
Wipe data in RAM
●
Freeze CPU cache
●
Write data from registers to CPU cache
Adds some constraints to the mix ●
Cache contents must be correct („target set“)
●
Cache contents must remain in cache only
FrozenCache by Jürgen Pabel
Target set ●
●
Cryptographic data ●
FIPS 197: derived encryption & decryption key
●
Key schedule
●
Intermediary data on stack
Cache pollution (bootstraping overhead) ●
Initialization function __enable_car()
●
Array of pointers to cryptographic data
FrozenCache by Jürgen Pabel
Activation ●
L2 Cache emulator ●
●
●
Verifies that the „target set“ will fit into L2
Initialization function __enable_car() ●
Carefully crafted C & ASM (compiled with -O0)
●
Interrupts disabled
●
Everything inlined
●
No stack or heap access (except for „target set“)
Measure correctness of FrozenCache mode FrozenCache by Jürgen Pabel
Performance
? !
●
CPUs without „working“ cache are sloooow ●
●
●
Cache configuration applies to all levels
Activate only if „neccessary“ ●
Locked screen
●
Standby
Optimizations ●
Adding time critical working to target set FrozenCache by Jürgen Pabel
Live demo
No safety net
FrozenCache by Jürgen Pabel
Implementation ●
FrozenCache kernel module ●
●
●
Embedds a copy of dm-crypt with some hooks
Moving data into the cache ●
One cache line at a time
●
Bootstrap code, pointer array and cryptographic data
D-BUS Signal receiver for org.gnome.screensaver
FrozenCache by Jürgen Pabel
Where're my bits?
? !
●
●
Cryptographic data is scattered in RAM ●
Encryption key, key schedule and maybe IV
●
Intermediary data resides on stack
Implement hooks to register relevant data ●
API level: register memory addresses
●
Runtime: add stack frame pages
FrozenCache by Jürgen Pabel
Where're my bits?
? !?
●
Keeping data in cache exclusively is hard ●
Explicit cache flushing still possible
●
Measure data access performance
●
Access CPU cache statistics (MSR)
●
Other ideas ●
Use non-existing physical addresses
●
Use device-backed physical addresses FrozenCache by Jürgen Pabel
![Cracking GSM Ecnryption - CCC Event Blog [PDF]](https://m.moam.info/img/260x300/cracking-gsm-ecnryption-ccc-event-blog-pdf_6479f441098a9e41788b45d2.jpg)
![Android geolocation using GSM network - CCC Event Blog [PDF]](https://m.moam.info/img/260x300/android-geolocation-using-gsm-network-ccc-event-bl_648cbf7a098a9ea56f8b459f.jpg)
![Mobile self-âdefense - CCC Event Blog [PDF]](https://m.moam.info/img/260x300/mobile-self-adefense-ccc-event-blog-pdf_64937471098a9ede7e8b461d.jpg)
