We haven’t made a regular habit of watching BoingBoing TV, but lately they’ve been covering topics we’ve been interested in… not the dolphin pr0n. In yesterday’s episode they talked to Jacob Appelbaum and members of the EFF about the cold boot encryption attack. The attack involves dumping the contents of memory to a storage device by power cycling the system. Cooling the memory chip with compressed air helps preserve the integrity of the data. The attacker can then search the data to find encryption keys protecting the contents of the hard drive. A fool proof solution to mitigate this attack hasn’t been developed yet. You can read more about cold boot attacks at the Center for Information Technology Policy. The BoingBoing TV episode, bizarre editing and all, can be downloaded directly here.
18 thoughts on “Cold Boot Encryption Attack Video”
I’ve got a fool-proof fix for this attack, it is the #1 rule of system security.
Restrict physical access to all sensitive boxes.
Physical security does not work as well when dealing with a laptop. You carry it in the airport, someone manages to steal it. If you have good physical security you don’t have to worry about any file systemencryption.
I have a better solution. Remove all ram from your laptop before
shutting it down. *evil grin*
And store it in a closed bottle of warm water to help the data fade
Disclaimer- Do not try this at home, kids! ;)
I don’t know about RAM init procedures, but couldn’t one build chips that, when powered on, ensure they’re filled with all 0’s? so an attacker might freeze them, and build them into another machine in order to read them out etc, but once the machine powers on, data would be erased… (and if this feature is really *inside* the RAM chips, not just on the same board, there should be no way to get around this, as you can’t yet determine the state of every electron inside the chip^^)
or is it possible to freeze the RAM in a way that makes it “read-only”?
so you advocate keistering your RAM?
deja vu!…this was posted here back in February
Yeah, this is old news. I wrote about it, back when it was new fresh news full of life! http://www.webpulp.org/videos/breaking-disk-encryption-with-ram-dumps/
Yeah, I had the audacity of including a link to our February post in this new post. ;)
This video is interesting because it comes after several months of talking about the problem. In the first release they hadn’t perfected the ipod or network dump. Jake also mentions that DDR3 can report chip temperature so future bioses could scram if they thought they were being attacked.
what if a person designed an OS that required use of a USB stick that had the encryption key on it…so that all data on the RAM was encrypted…could everything be considered safe then? and if a person removed the stick which cleared RAM automatically?
are you safe then?
Yeah, you could encrypt the ram, and store the key in the processor cache, implementing custom ram that stores enough power to delete itself on power loss would also be an option.
Or you could just, you know, turn off your computer when your done using it…
I dunno about foolproof, but Maxim makes a chip that’s very good at dealing with this problem: check out the DS3600 series, as talked about in this article/advertisement.
Internal temp-detection mechanism that registers a change in temperature in 100ns and sets a tamper alarm (that’s much faster than the chip can actually be cooled to stop functioning) and once the alarm is set, it blanks all the crypto keys it has onboard. It also continually rewrites the crypto keys, xoring them each time, so they don’t build up a charge that can be recovered even after they’ve been wiped, and the chip itself is designed with its interface to the board practically unavailable by putting the data pins inside a perimeter of sense pins in a BGA.
Other companies have similar things — and this is stuff being sold on the open market. Captive fabs building just for the government probably have more interesting stuff yet.
I didn’t read the instructions: here’s the link to the ad/article:
Maybe not solved in said laptop, but ATM encryption cards have been potted, wrapped in 40AWG wire, and configured with X-ray sensors in addition to the temperature sensor to get around this problem. Good RAM can keep charge on the caps for a while even after the refresh goes away.
Removing the “super” ram and replacing it with regular ram would avoid this. Perhaps if you soldered the memory on…
Or if every ram manufacturer goes the route of replacing every ram module with “super” ram, then you can sure bet that someone will find a way to disable the process and still use the attack.
There are simple ways to defeat this, and although not 100% reliable they are pretty effective.
You have to consider what sort of situation this attack is likely to be used in. The attacker would have to get to the machine while it is powered on, but be unable to access it due to software security (passwords etc). So, they reboot the system and try to recover the encryption keys from RAM.
Why would you need to freeze the RAM if you could just hit the reset button? Well, the reset button might be disconnected, or the BIOS might be set up to do a full memory check which would overwrite every byte in RAM. The only way to be sure to avoid the BIOS wiping RAM would be to power the machine off, reset the BIOS and power it back on. Note that in laptops, even resetting the BIOS (which is typically very difficult as it involved opening the laptop up) often does not clear the power-on password.
So, the attacker wants to freeze the RAM and put it into their own machine for reading. It’s going to be hard to freeze it, transport it to the new machine and install it without data loss, but for arguments sake let’s say it’s possible.
Most machines have a case open switch, which could be used to trigger a memory wiping program. Assuming the program was intelligent things like encryption keys could be erased in nanoseconds, and the entire RAM in a few seconds. The attacker would have to power off before opening the case, increasing the time before they can freeze the RAM and thus increasing data loss.
Really, this kind of attack, assuming you are reasonably well prepared for it, is not particularly effective. For anyone worried about law enforcement, setting the BIOS to do a full memory test and setting a BIOS password is enough to prevent it in most cases. An improvement would be to make sure your BIOS does a full memory test by default (i.e. after being reset). Some mobos do that, if yours doesn’t a BIOS editor might fix that.
Heya Eliot! Thanks for the link and the nice words. Two minor corrections, one is that my last name is spelled with ‘el’ and not ‘le’: Appelbaum.
The other is that while I sure wish I worked for the EFF, I was simply in the EFF offices. This was unclear because the final cut of the video cut out Seth and Peter, they actually work at the EFF and I do not.
Interesting video but the comment the reporter lady said after the credits really made my day. it took me by surprise and I almost choked on my coffee :D
“If only I could unsee.. what Ive seen with these eyes….. Two girls one cup was just the start”
Why cant i see this video? All can see is the CC attribution message. Has someone stopped sharing?
Please be kind and respectful to help make the comments section excellent. (Comment Policy)