Cutting-edge: New Technology for preventing cold start attacks

This week, a security expert will disclose the technical details of a method he invented on Black Hat USA, which can protect the encryptor from cold start attacks, this attack was recently discovered by Princeton University researchers.

This software-based technology can protect machines that have recently been shut down, in sleep state, or in screen lock state from cold start attacks. This technology is achieved through the protection of the encryption key itself. The basic principle of the cold start attack is to use the password key in the shutdown or sleep mode and still store it in the main window of DRAM to obtain the key again.

Patrick McGregor, CEO of BitArmor, said that by now, most preventive methods require users to shut down their machines after work, and then sit in front of the computer and observe for five minutes. Patrick McGregor also said he had found a way to prevent cold-start attacks.

McGregor said, "Some people think cold start is a small problem, but they do exist. You only need to use the USB interface on your laptop to launch such an attack ." McGregor also said, "This does not require any technology-you can easily find an automated tool to help you complete the attack ."

McGregor said that more and more recent Laptop Theft incidents have made this security vulnerability even more dangerous: last year, as many as 0.6 million laptops were lost at the airport. McGregor also said, "all the information on these machines may be under cold start attacks ."

McGregor and his team at BitArmor have developed technical methods to protect machines from such attacks. One way is to automatically clear the encryption key when the machine goes to sleep or shut down. "If someone steals this device, they cannot read any information," he said ."

The principle of this method is to rewrite the storage that saves the encryption key. He said, "This method uses advanced technology and the way it works in hardware ." He also said, "because of the cold start attack, you can start replacing the operating system, import the memory content into this system, and filter the key, we can ensure that the key is cleared before the operating system starts."

To verify this attack, Princeton researchers demonstrated the availability of the encrypted key in DRAM, McGregor and his team designed a tool, the tool uses machine temperature sensors to block such attacks. He said, "If someone tries to shut down the machine, we will know immediately, so we can prevent content leakage in the memory. when the machine is closed, this method can destroy the keys stored in the memory."

McGregor said BitArmor also created a virtualized security environment for the software's encryption key. McGregor said, "This is a virtualized and protected area where keys used in the system can be stored. Therefore, the cold start cannot obtain any encryption key ." He also said, "it's like we have created a virtual area in the hardware where keys can be stored and used ."

McGregor said BitArmor has integrated these technologies into its DataControl software, but this improvement has not yet been officially released. He will introduce this technology at the Black Hat conference in Las Vegas in August 7.