1

Protect Linux from cold boot attacks with TRESOR

view story
linux-howto

http://linuxaria.com – While reading an interesting Blog I discovered a new treasure: TRESOR, in short TRESOR is a secure implementation of AES which is resistant against cold boot attacks and other attacks on main memory. Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. This is a cold based attack. (HowTos)

linuxaria's picture
Submitted by linuxaria on 04/05/2012

Stories similar to Protect Linux from cold boot attacks with TRESOR

Did TRESOR get included in the mainline Linux kernel? Where would I look to find out? Is there any documentation describing its use? Reading about cold boot attacks on Wikipedia makes me think TRESOR would be essential to having reasonably secure dm-crypt+LUKS system.

I heard that storing AES encryption keys in the debug registers of the CPU (or something like that) would mitigate cold-boot attacks because they keys are never stored in RAM (my disks are encrypted with AES). If I'm right, the kernel patch is called TRESOR. Is there a way I can install something like this without downgrading to an older kernel?

Hi All,I hope you can help me out with this.I'm using Radeon HD7850 with ATI-Catalyst.The issue is, if I do a cold boot (physically turn off the power, turn back on) the system won't boot into X, only tty.At this point, a reboot works fine.Or if I don't turn off the power, just shutdown and reboot (warm boot), it works ok.Here's the Xorg log on cold boot:[ 2.226] X.Org X S

I have been hit with some SYN attacks alot recently and these kids do not get bored. If you know the person distributing the attack to you, what can you do about it? I have this persons address not only his name...

Anyway I am being hit with these attacks as him and his little friends decide to throw syn attacks at the site when ever they please, they are using scripts online such as penalty stre

Strange boot fail. 1 year 37 weeks ago

Some new info. Now when trying to get it to boot bad on purpose i discovered that the boot goes wrong at cold boot, that is when the machine has been powerless, if i just make a init 6 reboot from a good start it will reboot fine.uname -a from a bad boot says the same as above.I also discovered that the disks get mixed up. On cold (bad)boot sdb becomes sda and vs. on good boot.

So, my friend bought a new Acer Iconia 18.4" desktop replacement computer and he decided to purchase a Seagate Momentus XT 750 GB with 8 GB SLC NAND FLASH SSD hybrid hard disk drive. Naturally, I told him to download and install Ubuntu 12.04 64 bit Long Term Support which he did so bare metal.

Hi

currently there are so many forum threads even a more than 17pages on cpanel about ways and patches to secure the server against such type of attack I used cloud linux but it made my sever unstable and I had a lot of down time and high loads Please make an official patch to secure server against such type of attacks

Thanks

I'm running a private http server to power a private website. The IP of the server has gone public, thats fine. Nothing to hide anyway.

The problem is the server gets 3 to 8 attacks each day with more than 4000 connections each time. The server and the equipment are set up to handle max 600 connections at the same time. Therefore, the server jams.

What is Cold Fusion 3 years 11 weeks ago

I want to know about Cold Fusion, Is cold fusion can be alternative of ASP, JSP, PHP.

If answer is yes then

On which server Cold Fusion files executes.

I have not seen any website with this extion (.cfm).