Use the CPU cache to prevent cold boot? No.


Frozen Cache is a blog dedicated to a novel way to prevent cold boot attacks. Last year the cold boot team demonstrated that they could extract encryption keys from a machine’s RAM by placing it in another system (or the same machine by doing a quick reboot). Frozen Cache aims to prevent this by storing the encryption key in the CPU’s cache. It copies the key out of RAM into the CPU’s registers and then zeroes it in RAM. It then freezes the cache and attempts to write the key back to RAM. The key is pushed into the cache, but isn’t written back to RAM.

The first major issue with this is the performance hit. You end up kneecapping the processor when you freeze the cache and the author suggests that you’d only do this when the screen is locked. We asked cold boot team member [Jacob Appelbaum] what he thought of the approach. He pointed out that the current cold boot attack reconstructs the key from the full keyschedule, which according to the Frozen Cache blog, still remains in RAM. They aren’t grabbing the specific key bits, but recreating it from all this redundant information in memory. At best, Frozen Cache is attempting to build a ‘ghetto crypto co-processor’.

We stand by our initial response to the cold boot attacks: It’s going to take a fundamental redesign of RAM before this is solved.

[via Slashdot]

21 thoughts on “Use the CPU cache to prevent cold boot? No.

  1. If someone can open your computer and take out the RAM and walk away then you are already bogged down by much more serious security issues and there’s little to protect from keeping your encryption keys secure I expect.
    Also I recall an issue that was discovered where they could spy the keys in a multi user system by looking at the cache of the CPU, and they they created fixes for that, so to use this method you’d have to un-fix that fix I guess? And then you’d have the old issue back and you re-created a security issue, so this would not be suitable for multi-user systems.

  2. But isn’t the memristor or whatever they’ve dubbed it supposed to do away with ram degrading when the electricity is no longer applied? It’s thought that this would replace traditional ram as a way to save your computer from power outages or allowing you to turn it off and back on without reboots of the operating system.

    Seems to me that we need a fundamental redesign of both the hardware and software for crypto in order to safeguard against key stealing. I thought of crypto chips, but then, who’s to say you can’t probe one of those for the data it contains?

    It seems to keep coming back to physical access owning the system regardless of measures. Doesn’t the real question then become how many people you really need to stop, not how many can you stop?

    I guess the real question I’m asking is why should I be worried about this? I really don’t see myself or my company as a target for this sort of thing given our size. Some day perhaps, but hopefully smarter people than I will have solved this by then.

  3. Why not just make trivial changes to RAM so that external logic allows clearing on shutdown or on power loss? Most PCs have a permanent standby power which the clearing logic can use right after the shutdown was initiated. One could even use super caps to keep the clearing circuits alive long enough on power loss.

  4. Yes, but how does that prevent the case when you pull the plug? The “cold boot” attack would work by refrigerating the RAM and then “pull” the plug, connect it to a reader and dumping the data.

    The only way to prevent this was designing a RAM which decays it’s energy much faster, even with low temperatures. I think the CPU cache does this, but using the same memory system for the RAM would be super expensive.

  5. > Yes, but how does that prevent the case when you pull the plug?

    super caps = super capacitors that store a fair bit of electrical charge. These can be used to momentarily power circuits once the power is lost. In this case, it could power a circuit that clears RAM.

  6. If someone has physical access to your computer then your security is compromised. Period. Having a fully secure computer requires far more than a redesign of RAM–it requires a fundumental redesign of how a PC is designed. So you redesigned your RAM, but I still have access to your PC–so instead of cold booting, I’ll start probing your motherboard with very very high speed logic probes (because I’m a big corporation spying on your, government, crazy hacker, whatever) and sniffing out the traffic.

    Point is, the PC as it is right now is not a physically secure design. There is obviously no such thing as a completely physically secure design, but there are plenty of things that come close–some things that come to mind are certain types of very high security microcontrollers (probably used in ATM machines)–these guys often have SRAM on chip and on-chip sensors which will immediately wipe clean the encryption keys in an instant (on a digital signals timescale, of course). So you wouldn’t even be able to decap these guys and read off signals or really get anything off of them, at least in any easy manner. Many of them also have temperature sensors and everything else to twart most standard attacks.

  7. why not simply make the processor on it’s last throwes just before power dies to zero ram.

    there are at least 40 clock cycles from power loss until the cpu and ram lose power. More than enough to wipe the ram cells.

  8. As for encrypting RAM, that’s what the TMP chip and vista was designed around wasn’t it? To encrypt and scramble stuff even in RAM, the scrambling so that even if you manage to access the RAM it would be damn hard to actually determine where the key actually is, as I understand it, I don’t have a TMP chip system. (they supposedly also make USB dongles with TMP chips but I’ve never seen one advertised anywhere)

  9. @wwhat: afaik the encryption of a TPM is just one part. Another major function is authentication. For trusted applications for example (in combination with processor security features). But I wonder if that prevents using memory attack to inject own non-trusted code. But probably you can’t just easily halt the CPU without noticing. And you could perhaps copy the whole state to a non-trusted platform. Oh well.

  10. @darkfader and @wwhat: again, I ask, what does this all mean when I can simply probe a crypto chip or other form of security chip for it’s data? The basic fact is that in attempting to mass produce anything of this sort, is that somehow there is going to be a way I can get the info out of the chip (or break into the company and get the documentation of how their chip works – hypothetically). It just seems like it comes back to physical access owning the box again. And if I’m not in a hurry, why do I need to get the keys in the first place? Can’t I just brute force it with enough time?

    Cold booting is a cool way to get the info easily, though.

  11. Its not so much clearing the keys from RAM, this is easy to implement as Truecrypt has shown, it clears it on suspend and shutdown. But what if I lock my computer and walk away, well then someone doesn’t need to “cold” boot it, they could just use a windows skelleton key or some other firewire fu to steal my keys out of memory.
    Cold boot at present is really useful on Vista bitlockered pc’s where the key isn’t properly cleared from memory on shutdown (they rely on the misconception that ram clears on powerloss) and it isn’t even touched on suspend. Really though this attack is very limited in scope. But it does remind me of memory resident viruses back in my Amiga days that could jump disk by hiding in the memory and on soft reboot/insufficient power outage would copy themselves to a write enabled disk.
    Really physical access does trump all, but I would say next version of truecrypt we see will have an option to store the keys in cache on lock pc.

  12. Of course on the next the level, the other thing to consider is the use of keys on corporate servers. The physical security can be circuvented via an internal threat(disgrutled employees, personal gain from corporate information, etc.), or even social engineering. For example, if the keys stored in the server’s RAM were stolen from a web server (using SSL to encrypt traffic), a rogue server could be set up with the use of the keys. Therefore it could effectively sit in between the connection legitimately, without either party knowing its there. Extremely dangerous and difficult to detect. That is why securing the keys is a key (pardon the pun) concern, and usually achieved through tamper-proof, dedicated hardware (nCipher springs to mind). The keys never leave their hardware and can only be accessed by administrators, with a KofN approach (multiple user authentication). This mitigates the risk considerably, and helps regulatory compliance in a lot of cases. It’s quite an interesting threat and one that not many are protecting against. The difficulty to access the keys is high, but so is the damage that could be caused by not storing them away from the RAM in case it were to happen.

  13. Using the cache isn’t totally crazy, but I don’t think the outlined method is the right approach. If one bank were set to a cache-as-RAM mode and the MTRRs are programmed correctly, you could have a small address space treated as RAM, but not on any of the memory modules.
    I don’t know if this can be set up at run time though. I have only seen it done at the CPU’s reset vector.

  14. How about modifying a home safe and using it as a tower? That should at least keep the attacker away from the ram long enough, unless they are brave enough to drill(or however else you break into a safe) into the safe while its plugged in. Maybe use water-cooling… weekend paranoid project here I come

  15. I am using SATA encryption hardware for my HD´s and they are safe from cold boot attack.

    Recommend it!

    Right now not many use cold boot attack and that includes law enforcement(FBI).

    I know about a case in US where cold boot attack can be used or from what I have learned could be used but the FBI haven´t used it yet.

  16. It reminds me of a design i saw for a secure computer i saw floating around which had internal hardware wired to 3lb of C4 so that if you opened the case without pressing the right combination of buttons on the case or you pressed the wrong one then it would blow you all to kingdom come. It would make all of this a non-issue, it could also be activated by motion sensors and a timer to press the right buttons.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s