Cold boot attack:

In cryptography, a cold boot attack, platform reset attack, cold ghosting attack or iceman attack^[1] is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a complete "off" state.^[2] The attack relies on the data remanence property of DRAM^[2] and SRAM^[3] to retrieve memory contents which remain readable in the seconds to minutes after power has been removed.

Description

To execute the attack, the machine is cold booted (power is cycled "off" then "on" without letting the computer shut down cleanly); a light-weight operating system is then immediately booted (e.g. from a removable drive), and the contents of pre-boot memory dumped to a file. Alternatively, the memory modules are removed from the original system and quickly placed in another machine under the attacker's control, which is then booted to access the memory. Further analysis can then be performed against the information that was retrieved from memory to find the sensitive keys contained in it.

The attack has been demonstrated to be effective against full disk encryption schemes of various vendors and operating systems, even where a Trusted Platform Module (TPM) secure cryptoprocessor is used.^[2] This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. While the focus of current research is on disk encryption, any sensitive data held in memory are vulnerable to the attack.^[2]

The time window for an attack can be extended to hours by cooling the memory modules. Furthermore, as the bits disappear in memory over time, they can be reconstructed, as they fade away in a predictable manner.^[2] In the case of disk encryption applications that can be configured to allow the operating system to boot without a pre-boot PIN being entered or a hardware key being present (e.g. Bitlocker in a simple configuration that uses a TPM without a two-factor authentication PIN or USB key), the time frame for the attack is not limited at all:^[2]

Mitigations

Use advanced encryption modes

Use two-factor authentication, (e.g. a pre-boot PIN and/or a removable USB device containing a startup key together with a TPM)^[4]^[5]; in this mode, a PIN or startup key is required when turning the machine on or when waking from hibernation mode (a power off mode), thereby foiling the attack. No additional protection is offered during sleep mode (a low power mode) as the key typically remains in memory with full disk encryption products and does not have to be re-entered when the machine is resumed.

Power management

Shutting down a computer will usually discard the encryption keys from memory; in some cases, so will the hibernate feature. Therefore, ensuring that the computer is shut down or hibernating whenever it is in a position where it may be stolen can mitigate this risk.^[2]^[6]^[7]

By contrast sleep mode is generally considered unsafe, as encryption keys will remain in the computer's memory, allowing the computer to read encrypted data after waking up or after reading back the memory contents. Configuring an operating system to shut down or hibernate when unused, instead of using sleep mode, can help mitigate this risk.

Use TCG compliant systems

Another is to use hardware and an operating system that both conform to the "TCG Platform Reset Attack Mitigation Specification",^[8] an industry response to this specific attack. The specification forces the BIOS to overwrite memory during POST if the operating system was not shut down cleanly. Unfortunately, this does not prevent the memory module from being removed from the system and read back on an alternative system that does not support these measures^{[citation needed]}.

Booting

Limit the boot device options in the BIOS to prevent another operating system from being booted.^[5]. Again, this cannot prevent the memory module from being removed from the system and read back on an alternative system that does not support this limitation. In addition, BIOS settings - even those locked in with a password - can usually be circumvented with a simple short across two terminals on the system's motherboard.

In popular media

In season one, episode two of My Own Worst Enemy called "The Hummingbird", the cold boot attack is used to copy secret data off a server. The portrayer in the series called "Boyscout" uses a can of liquid nitrogen, sprays it onto the memory module of the open server, takes the memory module out and puts it in a custom memory board, then proceeds to copy data from the memory.

References

^ Douglas MacIver (2006-09-21). "Penetration Testing Windows Vista BitLocker Drive Encryption"., HITBSecConf2006, Malaysia: Microsoft. Retrieved on 2008-09-23.
^ ^a ^b ^c ^d ^e ^f ^g J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (2008-02-21). "Lest We Remember: Cold Boot Attacks on Encryption Keys". Princeton University. Retrieved on 2008-02-22.
^ Sergei Skorobogatov (June 2002). "Low temperature data remanence in static RAM". University of Cambridge, Computer Laboratory. Retrieved on 2008-02-27.
^ "BitLocker Drive Encryption Technical Overview". Microsoft (2008). Retrieved on 2008-11-19.
^ ^a ^b Douglas MacIver (2008-02-25). "System Integrity Team Blog: Protecting BitLocker from Cold Attacks (and other threats)". Microsoft. Retrieved on 2008-09-23.
^ "Don't Panic - Cold Boot Reality Check", Secude (2008-02-21). Retrieved on 22 February 2008. (registration required)
^ "Encryption Still Good; Sleeping Mode Not So Much, PGP Says", Wired (2008-02-21). Retrieved on 22 February 2008.
^ "TCG Platform Reset Attack Mitigation Specification". Trusted Computing Group (2008-05-28). Retrieved on 2008-07-04.

Cold boot attack

Contents