Except that real "trusted computing" using a TPM chip doesn't store the key in the CPU or in RAM, it is stored in the TPM.
This is a dangerous belief. It is true that some keys remain inside the TPM, at least as long as the chip is being accessed only through its wire interface. However, the TPM ist not suitable for bulk encryption. Applications therefore typically use the TPM only to store keys, which are extracted to memory when needed.
The attack essentially depends on being able to shutdown the computer but keep the memory cold enough that the randomization time is slowed down tremendously, giving enough time to perform a dump of the contents onto another system for further analysis.
The attack is really extracting the encryption key from memory after gaining physical access to the machine. Cold boot, cool as it may be, is just one particular implementation of it. To effectively protect your system you should defend against the attack, not particular implementations.
I thought Slashdot was against the TPM chip? Last I read, it was supposed to be used for anti-piracy.
Further down (or up?) the thread, Slashdot still is. But a TPM is not going to help you much here. The TPM is not supposed to do bulk encryption so it is typically used to restrict the release of a key to certain conditions. Which means that even with a TPM one will end up having the actual key somewhere in the RAM.
so how often are these cold boot attacks actually performed in a hostile situation (as opposed to under controled conditions for demonstration, or to legitimately recover lost passwords or whatever)
This is a good and legitimate question. This question should not be used to thwart research, however. Threats may evolve and exploiting a vulnerability could become widespread over time. Perhaps deployment can wait until this really happens but research should not.
Isn't it possible to design "secure" memory chips that zero their contents when power is first applied?
Maybe, but this would solve only one portion of the problem. Cold boot attacks imply that the attacker has physical access to the computer and sufficient time to dig down to the wires without getting caught. The canonical implementation is stealing a running laptop. The attacker's objective is to get access to a key, which today usually resides in RAM. Cold boot attacks are one way of doing this but there is a wide range of other things that an attacker could do in this situation. The attacker might use interfaces like Firewire for instance, which has been mentioned elsewhere in this discussion. Or manipulate the running system in such a way that power suppply of the RAM chips is maintained while other components are being reset. "Secure" memory chips as you propose would therefore solve only part of the real problem.
The scenario is that someone steals a running, but locked laptop, and wants to read your encryption keys stored in RAM. If it's not running, then the encryption keys aren't in RAM.
This is, by the way, only the easier part of the threat landscape. If the computer is not running, nothing prevents an attacker from tampering with the hardware or software in such a way that a second visit to the system yields any password or key used.
The nice things about this are:A rights management system monitors and controls use of a computer program to prevent use that is not in compliance with acceptable terms.
Remember, UNIX spelled backwards is XINU. -- Mt.
