BHDC11 - De-anonymizing Live CDs through Physical Memory Analysis

coderman coderman at gmail.com
Wed Jan 12 12:06:05 UTC 2011


On Wed, Jan 12, 2011 at 3:11 AM, intrigeri <intrigeri at boum.org> wrote:
> ...
>> (do Tor Live CDs need a new kexec target for memtest sweeps / ram
>> zeroisation? :)
>
> As far as I understand, this seems like enhancements over the cold
> boot attack, and one more reason why Tor Live CDs should wipe the
> system memory on shutdown. Am I misunderstood?

likely so. however, more than just wipe at shutdown is useful.

explicit ordered zeroisation is handy. (starting with keys and key
schedules, working cipher state, then on to user data, before
completing a full pass or three. this takes a smart kexec or other ham
fisted - still worth the effort.)

synchronous wipe on shutdown in foreground with progress indication. i
argue this necessity on usability basis.

experimental methods like key and state storage in CPU cache lines may
hold promise.

physical rendition of your solid state memory via self-powered
capacitive discharge initiated by big red panic button! (ok, not
really. you get the picture :)


> Most Tor Live CDs (e.g. the good old, now obsolete, Incognito, and its
> spiritual successor T(A)ILS) have been doing this for ages.

yes, i've seen the sleep 10 magic smem trick, and this is one reason
why pre-empting the entire runtime to execute a wipe is useful - there
are no locked devices or blocking operations contending for resources
with the wipe procedure itself.

in any case, this begs the question of best practice in solid state
remanence avoidance.  it would make a good FAQ entry, perhaps...

best regards,
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list