Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cold Reboot Attacks on Disk Encryption

Posted by CmdrTaco on from the wont-someone-please-think-of-the-bits dept.

jcrouthamel writes "Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them."

8 of 398 comments (clear)

  1. Re:Clear the DRAM? by spun · · Score: 4, Insightful

    So, that would stop me from physically turning off the computer and popping out the RAM, how exactly? What we need is a battery backed up hardware module that scrambles the RAM when the system loses power.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  2. Use capacitors by StCredZero · · Score: 4, Insightful

    You could use a capacitor to power this mechanism instead of a battery. It wouldn't need to last very long -- just long enough to scramble the RAM on power-down. It would be more reliable than a battery.

  3. from an attacker with physical access by wiredog · · Score: 4, Insightful

    If the attacker has physical access to your system, it's not your system.

    --

    Best Slashdot Co
  4. Re:Physical Access by mypalmike · · Score: 4, Insightful

    on your personal machine they'd have to physically take it off you

    Like when your laptop is stolen while it's in sleep mode. This is rather a common situation.

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  5. Re:Clear the DRAM? by orclevegam · · Score: 5, Insightful

    As the4thdimension already pointed out, it's a common tenant in systems security that anyone with physical access and sufficient time can disable or otherwise bypass any security system. The fact is, if they're in a position to swipe the RAM out of your computer, they can just as easily take the HD to a secure location to try to brute force it, and/or attach some probes to the RAM and just read the bits straight off it, wouldn't even need to power the system down. Hardware security is just that, hardware, so there will never be an adequate software solution to a hardware security problem. Likewise, software security means nothing if the hardware is vulnerable. It's like building a safe with the most complex and impenetrable locking mechanism ever designed, and then using 1/4" aluminum for the body of the safe, sure no one's going to crack the locking mechanism, but all it takes is 5 minutes with a power drill to bypass it.

    That being said, some sort of physical security mechanism probably wouldn't be out of the question for scenarios that actually called for it. For instance, on systems that contain highly sensitive data such as nuclear launch codes or some such, I could envision a tripwire type system on the computer case that detonates shaped charges on the HD and RAM when the case is cracked. This does open up a possible DOS attack vector, but the alternative seems to justify it.

    --
    Curiosity was framed, Ignorance killed the cat.
  6. DRM attack vector by crow · · Score: 5, Insightful

    While an issue for whole-disk encryption, this is also an issue for DRM. Just flick the power while the interesting media is being decrypted, and even if the OS had been protecting the key in some "safe" location, you can now find it. It might be little more tricky, but if you can pull the RAM on a video game console, you can do the same thing.

  7. This is pretty epic... by ComputerPhreak · · Score: 4, Insightful

    To everyone saying 'if someone has physical access you're hosed anyway'... that simply isn't true. If you have a laptop and encrypt your data correctly, it was thought that it was mathematically infeasible to recover the data if your laptop was stolen. But with this (new?) technique, if it works well enough to be reliable, you could still be fucked even if you took the precaution of encrypting everything.

  8. Re:Clear the DRAM? by CountBrass · · Score: 5, Insightful

    I think you've missed the point. Hard drive encryption *is* supposed to protect against someone having physical access to your machine.

    --
    Bad analogies are like waxing a monkey with a rainbow.