Lec02b - COMP7370 Advanced Computer and Network Security...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP7370 Advanced Computer and Network Security Cold Boot Attacks on Encryption Keys (2) Topics: Imaging Residual Memory Key reconstruction Identifying keys in memory Topic 1: Imaging Residual Memory 1. Memory Wiping Can wiping memory at POST (Power-On Self Test) solve the memory attacking problem? Attackers can transfer memory data to a machine that does not wipe its memory on boot. 2. Imaging tools Challenging: booting a system can overwrite some portions of memory Load a full OS? Why not? Very destructive Solution: tiny special purpose program (trivial amounts of RAM) PXE Network boot Laptop --------------------> (PXE) target PC UDP(enthernet) <---- memory image ---- (30 sec. for 1GB RAM data) Boot from USB drives Flash device(10KB SYSLINUX bootloader) ----------------> (USB) target PC <----- memory image ---- EFI boot – Extensible firmware interface instead of BIOS iPods <---- imaging tools 3. Imaging attacks Approach 1: Simple reboot: change BIOS; boot the imaging tool
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

Lec02b - COMP7370 Advanced Computer and Network Security...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online