Cold boot attack

From Wikipedia, the free encyclopedia

In cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system by cold booting the machine.[1] The attack relies on the data remanence property of DRAM[1] and SRAM[2] to retrieve memory contents seconds to minutes after power has been removed.

[edit] Description

To execute the attack, power is removed from a running operating system without letting it shut down cleanly; an alternate operating system with a small kernel is then immediately booted off a removable drive, and the contents of pre-boot memory dumped to a file. Offline analysis can then be performed against the file to retrieve the sensitive keys contained in it.

The attack has been demonstrated to be effective against full disk encryption schemes of various vendors and operating systems, even where a Trusted Platform Module (TPM) secure cryptoprocessor is used.[1] This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. While the focus of current research is on disk encryption, any sensitive data held in memory are vulnerable to the attack.[1]

The time window for an attack can be extended to hours by cooling the memory modules. Furthermore, as the bits disappear in memory over time, they can be reconstructed, as they fade away in a predictable manner.[1] In the case of disk encryption applications that can be configured to allow the operating system to boot without a pre-boot PIN being entered or a hardware key being present (e.g. Bitlocker in a configuration that uses a TPM only without a PIN or USB key), the time frame for the attack is not limited at all:[1]

Notably, using BitLocker with a Trusted Platform Module (TPM) sometimes makes it less secure, allowing an attacker to gain access to the data even if the machine is stolen while it is completely powered off

One mitigation is not to use sleep mode and to shut down or hibernate a computer instead.[3][4] However a pre-boot PIN or password may also be required to prevent an attacker booting the normal operating system before launching the attack in the scenario where a machine is already turned off.

[edit] References

  1. ^ a b c d e f J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (February 21, 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys". . Princeton University Retrieved on 2008-02-22.
  2. ^ Sergei Skorobogatov (June 2002). "Low temperature data remanence in static RAM". . University of Cambridge, Computer Laboratory Retrieved on 2008-02-27.
  3. ^ "Don't Panic - Cold Boot Reality Check", Secude, February 21, 2008. Retrieved on 2008-02-22. (registration required)
  4. ^ "Encryption Still Good; Sleeping Mode Not So Much, PGP Says", Wired, February 21, 2008. Retrieved on 2008-02-22. 

[edit] External links