DMA attack

DMA attack

In cryptography, a DMA attack is a type of side channel attack whereby cryptographic keys can be stolen by an attacker who has physical access to an operating system.

Contents

Description

In modern operating systems, applications are obfuscated from the underlying physical memory, instead using virtual memory for their operations. In addition to allowing more efficient use of limited physical memory resources, this architecture forms an integral part of the security of an operating system.

The OHCI 1394 specification allows for devices for performance reasons to bypass the operating system and access physical memory directly without any security restrictions.[1][2] SBP2 devices can be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory.[3]

In addition to the nefarious uses mentioned above, there are some beneficial uses too as the DMA features can be used for kernel debugging purposes.[4]

Systems may be vulnerable to a DMA attack by an external device if they have a FireWire port, or if they have a PCMCIA or ExpressCard port that allows an expansion card with a FireWire port to be installed where the operating system supports plug and play. Systems with a Thunderbolt port may also be vulnerable.[citation needed][5]

IOMMU and VT-d can be used to secure device and allow it using only part of memory and use virtual memory. It was developed mainly for using in virtualization, but can be also used from preventing DMA attack and other device malfunctions. This technique however isn't used in any systems for preventing DMA attack.

See also

References

  1. ^ Freddie Witherden (2010-09-07). Memory Forensics Over the IEEE 1394 Interface. https://freddie.witherden.org/pages/ieee-1394-forensics.pdf. Retrieved 2011-04-02. 
  2. ^ Piegdon, David Rasmus (2006-02-21). "Hacking in Physically Addressable Memory - A Proof of Concept". Seminar of Advanced Exploitation Techniques, WS 2006/2007. http://eh2008.koeln.ccc.de/fahrplan/attachments/1068_SEAT1394-svn-r432-slides.pdf. 
  3. ^ "Blocking the SBP-2 Driver to Reduce 1394 DMA Threats to BitLocker". Microsoft. 2011-03-04. http://support.microsoft.com/kb/2516445. Retrieved 2011-03-15. 
  4. ^ Tom Green. "1394 Kernel Debugging: Tips And Tricks". Microsoft. http://download.microsoft.com/download/1/8/f/18f8cee2-0b64-41f2-893d-a6f2295b40c8/dw04001_winhec2004.ppt. Retrieved 2011-04-02. 
  5. ^ http://erratasec.blogspot.com/2011/02/thunderbolt-introducing-new-way-to-hack.html

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Cold boot attack — In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system… …   Wikipedia

  • Cold boot attack — (platform reset attack, атака методом холодной перезагрузки)  в криптографии  класс атак по сторонним каналам, при которых злоумышленник, имеющий физический доступ к компьютеру может извлечь из него ключи шифрования или ценные данные.… …   Википедия

  • Amazons Attack! — Supercbbox title = Amazons Attack! caption = Art by Pete Woods schedule = Monthly format = limited=y publisher = DC Comics date= March August 2007 issues = 6 main char team =Wonder Woman, Queen Hippolyta, Nemesis, Sarge Steel, Cassie Sandsmark,… …   Wikipedia

  • Direct memory access — (DMA) is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit (CPU). Without DMA, the CPU using programmed input/output is typically fully… …   Wikipedia

  • IEEE 1394 — Firewire redirects here. For other uses, see Firewire (disambiguation). IEEE 1394 Interface Type Serial Production history Designer …   Wikipedia

  • United States Army Air Service — Infobox Military Unit unit name=United States Army Air Service caption= dates=1918 05 24 to 1926 07 02 country= United States of America allegiance= branch=United States Army type= role= size= 195,024 men, 7,900 aircraft (1918) 9,954 men, 1,451… …   Wikipedia

  • Body Harvest — Infobox VG| title = Body Harvest developer = DMA Design publisher = Midway Home Entertainment (USA), Gremlin Interactive (Europe) designer = engine = released = October 20, 1998 genre = Action Adventure, Third person shooter modes = Single player …   Wikipedia

  • Rockstar North — Ltd. Type Subsidiary of Rockstar Games Industry Interactive entertainment Computer and video games …   Wikipedia

  • 1991 in spaceflight — |8 January, 00:53:01 GMT |Delta II 7925 |LC 17B, Cape Canaveral |McDonnell Douglas |NATO 4A |NATO |GEO |Comsat |Still in orbit |Successful so far |14 January, 14:50:27 GMT |Soyuz U2 |LC 1, Baikonur |RVSN |Progress M 6 |MOM |LEO, docked to Mir… …   Wikipedia

  • Rockstar North — Limited Тип …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”