Cold Boot Attack Defeats Disk Encryption Software - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance
05:32 PM
Connect Directly

Cold Boot Attack Defeats Disk Encryption Software

If the chips are kept at low temperatures, residual data can easily be recovered, researchers found.

Researchers from three groups on Thursday published research showing that disk-based encryption schemes across multiple operating systems can be circumvented to reveal protected data.

In the paper, "Lest We Remember: Cold Boot Attacks on Encryption Keys," the researchers from Princeton University, the Electronic Frontier Foundation, and Wind River Systems revealed that computer memory, contrary to popular belief, retains data for a brief period after a computer is turned off and that cooling memory chips can prolong the persistence of data in memory.

As a consequence, disc-based encryption products that store decryption keys in memory, like Apple's FileVault, Linux's dm-crypt, Microsoft's BitLocker, are vulnerable to attack.

"Most experts assume that a computer's memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment," the paper says. "We show that these assumptions are incorrect. Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard operating temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures. Residual data can be recovered using simple, nondestructive techniques that require only momentary physical access to the machine."

In his blog post, Princeton computer science professor Edward W. Felten, one of the authors of the report, explains that cooling DRAM chips by spraying them with inverted cans of compressed air has the effect of freezing the data in memory for 10 minutes or more. If liquid nitrogen is used, the data can be preserved for hours without any power. During this period, a knowledgeable attacker could conduct a "cold boot" attack to access any encryption keys.

The findings raise serious questions about the ability of software-based disk encryption to protect against data theft. A FAQ document posted by the Center for Technology Policy at Princeton advises that computer users fully shut down their machines "several minutes before any situation in which the computers' physical security could be compromised."

In addition, the research paper warns that other data protection techniques, including DRM schemes and SSL sessions, could be vulnerable to this form of attack.

"There seems to be no easy fix for these problems," Felten said. "Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today's Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module."

"We're seeing that software-based protection isn't great, and that isn't a surprise to anyone," said Steven Sprague, CEO of Wave Systems, a maker software for hardware-based encryption systems. He said that TPM, while it may be vulnerable in bulk-encryption scenarios, should still be safe for authentication.

In the long term, Sprague expects Intel's Trusted Execution Technology will prevent this sort of attack. But in the meantime, he recommends Seagate hard drives that include hardware-based full disk encryption.

A video elaborating on techniques discussed in the paper is available on YouTube.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll