Executive Summary The Cold Boot Attack was presented February 21, 2008 by researchers from Princeton University, and the Electronic Frontier Foundation as well as others. The attack utilizes a vulnerability surrounding any computer’s memory. A computer’s memory, or RAM as it is more commonly called, does not immediately erase its contents upon turning off the power. In fact, the researchers cited research that techniques could be used to extend the time before the memory erases itself to a week.

With this memory image, encryption keys may be recovered, especially instances using whole disk encryption. The Cold Boot Attacks document specifically names Microsoft’s BitLocker and Apple’s FileVault as trivially susceptible to this attack. The Princeton researchers release tools automating attack on these two products.

In particular, ERUCES would not be vulnerable to the researchers’ examination of whole disk encryption, the system’s key granularity limits the extent of damage at any one time, and the elimination of key material with the data on the end workstation (also referred to as co-location) mitigates most compromise risks.

A combination of Tricryption’s features mitigate most of the risks associated with reading data through the Cold Boot Attack. The patented Hidden Link feature eliminates co-location of cryptographic key material with the end user’s data. The trusted insider threat protections built into the architecture also minimize most of the attack vectors delineated in the Cold Boot Attack paper. Several other defense-in-depth techniques protect ERUCES’ customers from key disclosure and thereby data corruption or compromise.

The breakthrough resides in ERUCES’s patented “Hidden Link”. Only a pointer to the decryption key exists on the end host with the data. The technology significantly reduces trusted insider threats, such as those associated with IT Administrators pilfering company secrets. This same protection extends to the ERUCES’ Key Server, where the decryption keys are themselves encrypted, with no direct or unencrypted connection between the data and the keys.

The Princeton research presents ways to decipher key material found on memory, and detect and correct errors due to memory decay. They also included several new and novel methods for reducing the overall decryption time considerably versus a brute force attack, or the equivalent of trying every key on a huge key ring against a lock. The paper bluntly states:

"We find that a moderately skilled attacker can circumvent many widely used disk encryption products if a laptop is stolen while it is powered on or suspended," said the research team in the paper. "Actually imaging memory and locating keys took only a few minutes and were almost fully automated by our tools. We expect that most disk encryption systems are vulnerable to such attacks."

ERUCES is not completely immune to everything within the Cold Boot report. Accessing cryptographic material on a computer system requires a key must be stored somewhere on the machine. However, with ERUCES, only a handful of files may be in use, and therefore only a handful of keys stored locally on an end, compromisable system. The rest of the keys reside elsewhere on an encrypted Key Server and Key Database.

Due to the Tricryption architecture and best practices deployment, there is minimal risk of a catastrophic system disclosure through the Cold Boot Attack. There are significant impediments to the compromise of more than a few files on an end, in-use machine, such as a laptop or workstation. It is our assertion that the Tricryption architecture successfully mitigates the Cold Boot Attack.

Get the Full Report email sales at eruces.com