Cold boot attack

In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons.[1][2][3] The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.[2][4][5]

An attacker with physical access to a running computer typically executes a cold boot attack by cold-booting the machine and booting a lightweight operating system from a removable disk to dump the contents of pre-boot physical memory to a file.[6][2] An attacker is then free to analyze the data dumped from memory to find sensitive data, such as the keys, using various forms of key finding attacks.[7][8] Since cold boot attacks target random-access memory, full disk encryption schemes, even with a trusted platform module installed are ineffective against this kind of attack.[2] This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. However, malicious access can be prevented by limiting physical access and using modern techniques to avoid storing sensitive data in random-access memory.

  1. ^ MacIver, Douglas (2006-09-21). Penetration Testing Windows Vista BitLocker Drive Encryption (PDF). HITBSecConf2006, Malaysia. Microsoft. Retrieved 2008-09-23.
  2. ^ a b c d Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W. (2009-05-01). "Lest we remember: cold-boot attacks on encryption keys" (PDF). Communications of the ACM. 52 (5): 91–98. doi:10.1145/1506409.1506429. ISSN 0001-0782. S2CID 7770695.
  3. ^ Carbone, Richard; Bean, C; Salois, M (January 2011). An in-depth analysis of the cold boot attack (PDF). Defence Research and Development Canada.
  4. ^ Skorobogatov, Sergei (June 2002). Low temperature data remanence in static RAM (PDF). University of Cambridge.
  5. ^ MacIver, Douglas (2008-02-25). "System Integrity Team Blog: Protecting BitLocker from Cold Attacks (and other threats)". Microsoft. Retrieved 2020-06-24.
  6. ^ "Memory Research Project Source Code". Center for Information Technology Policy. 2008-06-16. Archived from the original on 2013-06-05. Retrieved 2018-11-06.
  7. ^ "Passware Software Cracks BitLocker Encryption Open" (Press release). PR Newswire. 2009-12-01.
  8. ^ Hargreaves, C.; Chivers, H. (March 2008). "Recovery of Encryption Keys from Memory Using a Linear Scan". 2008 Third International Conference on Availability, Reliability and Security. 2008 Third International Conference on Availability, Reliability and Security. pp. 1369–1376. doi:10.1109/ARES.2008.109. ISBN 978-0-7695-3102-1.