Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cold Reboot Attacks on Disk Encryption

Posted by CmdrTaco on from the wont-someone-please-think-of-the-bits dept.

jcrouthamel writes "Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them."

6 of 398 comments (clear)

  1. Re:Clear the DRAM? by tmalone · · Score: 5, Funny

    Or we could get rid of this easy to work with RAM that computers have now and go back to the olden days when you had to curse and scream and rip your hands to shreds on sharp metal corners to get at the RAM, which, once you got at was a pain in the ass to remove. Ah, the good old days.

  2. Macbook Air... by Wooky_linuxer · · Score: 4, Funny

    has the RAM soldered in the motherboard! I knew Apple was thinking of our security all along!!!

    /*ducks*/

    --
    Where is that guy who'd die defending what I had to say when I need him?
  3. Re:Clear the DRAM? by HTH+NE1 · · Score: 3, Funny

    I say leave lots of decoys around for them to try and guess at. Hiding in plain sight is incredibly effective if done correctly. "Three books? Wait a minute. Hold it. Nobody said anything about three books.... Like-- like what am I supposed to do? Take-take one book, or all books, or... or what?"
    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  4. Re:Use capacitors by Anonymous Coward · · Score: 2, Funny

    OK. I "pulled the power" but all I heard was KKKKKKKKKKKKCCCCCCCC--CLUNK. Powered up the drive and heard Click-Click-Click-Click. Must be a bad capacitor.

    Oh, and I cannot get my data anymore.

  5. Re:Clear the DRAM? by FuzzyDaddy · · Score: 5, Funny
    They always enjoyed torching a hole through the spindle and liquefying everything inside the case..

    Well, who wouldn't?

    --
    It's not wasting time, I'm educating myself.
  6. That's it I am not using DRAM anymore on my comput by Pepebuho · · Score: 2, Funny

    I 'll compute on my head