In a recent publication, the Princeton University described an attack, labeled as a ‘Cold Boot Attack’ against DRAM system memory. The attack completely transforms the traditional concepts of DRAM’s volatility and shows that the content of a supposedly ‘Volatile’ RAM can be accessed even when the power has been turned off.

Cold Boot attacks present an imminent threat to cryptographic key material that may be retained in the system memory and might later be used for both forensic and malicious applications.

Booting

Booting is the process of starting your computer and loading your Operating System. The term “boot” comes from “boot strapping”, a manual process, and long and involved with older computers. As an electronic device, computers are helpless without some sort of program running. The boot process that we see on modern PCs and MACs is carried out in combination with firmware called the “BIOS” and the master boot record for an operating system stored on a disk drive that the system looks for by wrote every time it is powered up. It does things like enumerate the peripherals, set up interrupt vector handlers and enable or disable the A20 line in some systems.

DRAM

DRAM stands for Dynamic Random Access Memory. DRAM employs a series of capacitors to store information by representing a single bit as a charge. Computers refresh their power every few milliseconds to retain the information. If power is Off from DRAM, the charge in the capacitor leak to ground state making the data unrecoverable. The ground state is either zero (0) or one (1).

Formal Definition

A cold boot attack (platform reset attack) is a type of side channel attack in which an attacker accesses a computer from a running operating system. After using cold reboot, he restarts the machine from an Off state and retrieves encryption keys.

An attacker makes the access time to 35 seconds or less. In some cases, this time is as low as 2.5 seconds. During this he must steal the computer, open it, access the DRAM and cool it. In this process, the owner of the PC remains unaware of the attack; however he should prevent the system by restricting physical access.

DRAM Attack (Cold Boot Attack)

It involves the use of cooling agents that slow the failure speed of DRAM so that the data could be reassembled. This data usually contains encryption keys such as the keys used for FDE products. The speed of attack is not related to data security as attacker has an uncontrollable access to the hacked machine. Instead, it is related to the time period between off state and failure of DRAM.

If the machine is stolen while powered on, it is useless to break the encryption when the data can be easily accessed. In case machine is in Standby mode, it is more likely to get attacked. During this time, sensitive data may remain in unencrypted form in memory. The time period for attackers can be as low as 2.5 seconds before complete memory loss or can be 35 seconds.  The attacker gradually drops the temperature of DRAM during this time period allowing him to access the contents of memory. Latest memory technologies have shorter time to total decay than older memory technologies.

Password strings retrieved from dump file

Users Web browsing history present in memory dump

Launching an Attack

Step 1: Powering Off the Machine

The simplest attack is to reboot the machine and configure the BIOS to boot a memory imaging tool. A cold boot will result in little or no decay depending on the memory’s retention time. Restarting the system in this way denies the operating system and applications any chance to scrub memory before shutting down.

Step 2: Fetching the Contents of the RAM

Place the RAM in other machine and start the system, or keep the RAM in the same machine, attach a bootable USB flash drive in the USB PORT, and reboot the system. Boot priority of the system must be set to ‘External USB Drive’ and not to ‘Internal hard Drive’. Otherwise the system will reboot again into its native Operating System. The memory-imaging tool or scrapper present on USB Drive starts executing. It fetches the memory dump present on the RAM into the USB Drive.

Step 3: Making the Memory Dump Readable

After taking the memory dump of the RAM in a USB drive. It can now be analyzed. Data can be read straight out of the dump either by dumping it to a flat-file using ‘dd’ or by examining it in-place.

Use of Memory Acquisition Hardware & Software

A cold boot attack against a suspect computer system should only be carried out in the event that no other methods of acquiring the system’s memory are possible.  Although cold boot attack is the best method possible for acquiring a suspect system’s memory, there are several issues left to be considered.  These issues are related to the use and exploitation of memory acquisition-specific hardware and software.

Defenses for Software-Based Full Disk Encryption

There are many possible solutions for this attack but most of them failed. However, some are considerable enough to discuss here.

1)      Change the location of keys during runtime. DRAM is totally frozen at the attack time. A key search algorithm represents the location of the key and their periodic movement. Encryption can be made difficult, but theoretically it is not valid.

2)      Multiple keys should be used for different parts of disk. It prevents all contents of disk during a single attack. Multiple keys need more authentications to prevent in the same attack instance. Although it is a suitable preventive measure, but it is not sure that most sensitive data would not be present on the exposed part. Additional layer of encryption should be used for top secret data.

3)      Fragment keys into discontinuous pieces. It will increase the difficulty of encryption. This may delay an attack, but it wouldn’t prevent one. Moreover, this will delay the decryption time too. Among all problems, performance degradation is termed as number one complaint. This means that application of this technique is not useful.

4)      Multiple Keys used in sequence for decryption. An additional layer of difficulty would delay an attack but all the keys would be accessible to attacker. Search algorithms do not depend on decrypted plain text to check integrity of key which allows the attacker to have a number of keys to correctly decrypt data. It might slow the process but that doesn’t mean that it is being prevented from attack. Largest available key lengths should be applied.

5)      Longer encryption keys should be used. As time period passes, DRAM loses more of its data making the searchable key space larger and so attacker would build the correct key with more difficulty. Longer decryption key makes larger searchable key space. This way degradation of key will take same time period and will make a shorter key still recoverable.

6)      Trusted Platform Module (TPM) combined with Full Disk Encryption (FDE) is used for additional protection in alternative attack scenarios. Usually it does nothing as TPM doesn’t perform the drive decryption. Key must be copied in memory for decryption.

7)      Clear Memory at boot time before loading any operating system. It will prevent an attacker to use stolen machine. However, an attacker might move the DRAM to another machine.

8)      All accessible ports should be blocked. Though its influence is same as of clearing memory at boot time but it is recommended by many software vendors.

Eliminate DRAM Attacks with Hardware-Based Full Disk Encryption

Hardware based full disk encryption is nowadays embedded in hard drives to eliminate DRAM attacks. This technology has more influence than software based encryption. The data encryption keys never enter into computer memory and are not easily accessed for this kind of attack.

1)      Location of the data encryption keys.

In hardware based encryption, the encryption keys are located in self contained computing environment and never enter into DRAM. This ways DRAM itself do not get attacked. A separate key, Key Encryption Key (KEK), is used to access and decrypt the Data Encryption Key (DEK). This key is encrypted using a hash value of username/ password or certificate depending upon the authentication.

The KEK is only decrypted. It is used to unlock disk drive and is not available in DRAM.

An attacker should have the capability to shut down power to drive immediately after the drive is unlocked and KEK is wiped off from memory. All this process has to be done in milliseconds after software authentication with the computer owner being present and willing.

2)      Physical Challenges

The attack could be modified to hit directly on the chipset or HDD against the Data Encryption Key. It increases physical complexity, because more time will be required to access the chipset or hard disk drive.

If chipset based full disk encryption is removed and chips ingresses in liquid nitrogen, it would become a challenge for an attacker to either detach the chipset or keeping liquid nitrogen that could be enough to submerge the whole motherboard or computer/ laptop. However, both of the above options are difficult to manage. It is impractical to detach full disk encrypted hard drive in a short period of time. Whereas, if the entire motherboard or hard drive is submerged in liquid nitrogen data might get harm such that it won’t get repair.

Frozen Cache

It is another way to counter the cold boot attack. Store the keys in the computer cache, instead of RAM. In contrast to the RAM which is a separate device connected to the computers motherboard, the Cache resides on the CPU die, and cannot easily be extracted or read-out. However, caches are difficult to control and one needs to make sure that keys are really frozen in the cache and are never written to the RAM.

Conclusion

DRAMs hold their values for long intervals without power or refresh. It enables a variety of security attacks that can be used to access sensitive information such as cryptographic keys from memory.

There is no easy solution to overcome these attacks. Software changes have benefits and drawbacks too; hardware changes are possible but require time and expense. Latest trusted computing technologies can’t protect keys present in memory. Laptops have more probability of these attacks. Disk encryption on laptops does not give perfect protection.

Therefore, it is necessary to treat DRAM as insecure so that sensitive data from SSL, FDE, and other sensitive applications needs to processed with greater consideration. In the end, without significant architecture changes in the current computers, we are all fairly vulnerable.