research-article

Free access

Lest we remember: cold-boot attacks on encryption keys

Authors:

J. Alex Halderman,

Seth D. Schoen,

Nadia Heninger,

William Clarkson,

Joseph A. Calandrino,

Ariel J. Feldman,

Jacob Appelbaum,

Edward W. FeltenAuthors Info & Claims

Communications of the ACM, Volume 52, Issue 5

Pages 91 - 98

https://doi.org/10.1145/1506409.1506429

Published: 01 May 2009 Publication History

All formats PDF

Abstract

Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAM becomes less reliable when it is not refreshed, it is not immediately erased, and its contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine. It poses a particular threat to laptop users who rely on disk encryption: we demonstrate that it could be used to compromise several popular disk encryption products without the need for any special devices or materials. We experimentally characterize the extent and predictability of memory retention and report that remanence times can be increased dramatically with simple cooling techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for mitigating these risks, we know of no simple remedy that would eliminate them.

References

[1]

Arbaugh, W., Farber, D., Smith, J. A secure and reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Security and Privacy (May 1997), 65--71.

Digital Library

[2]

Boyen, X. Halting password puzzles: Hard-to-break encryption from human-memorable keys. In Proceedings of the 16th USENIX Security Symposium (August 2008).

Digital Library

[3]

Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A. Exposure-resilient functions and all-or-nothing transforms. In EUROCRYPT2000, volume 1807/2000 (2000), 453--469.

Digital Library

[4]

Chan, E.M., Carlyle, J.C., David, F.M., Farivar, R., Campbell, R.H. Bootjacker: Compromising computers using forced restarts. In Proceedings of the 15th ACM Conference on Computer and Communications Security (October 2008), 555--564.

Digital Library

[5]

Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M. Shredding your garbage: Reducing data lifetime through secure deallocation. In Proceedings of the 14th USENIX Security Symposium (August 2005). 331--346.

Digital Library

[6]

Dwoskin, J., Lee, R.B. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the 14th ACM Conference on Computer and Communications Security (October 2007), 389--400.

Digital Library

[7]

Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L, Smith, S.W., Weingart, S. Building the IBM 4758 secure coprocessor. Computer 34 (Oct. 2001), 57--66.

Digital Library

[8]

Ferguson, N.AES-CBC +Elephant diffuser: A disk encryption algorithm for Windows Vista, (August 2006).

[9]

Gutmann, P. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the 6th USENIX Security Symposium (July 1996), 77--90.

Digital Library

[10]

Gutmann, P. Data remanence in semiconductor devices. In Proceedings of the 10th USENIX Security Symposium (August 2001). 39--54.

Digital Library

[11]

Heninger, N., Shacham, H. Improved RSA private key reconstruction for cold boot attacks. Cryptology ePrint Archive, Report 2008/510, December 2008.

[12]

Lie, D., Thekkath, C.A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M. Architectural support for copy and tamper resistant software. In Symposium on Architectural Support for Programming Languages and Operating Systems (2000).

Digital Library

[13]

Link, W., May, H. Eigenschaften von MOS-Ein-Transistorspeicherzellen bei tiefen Temperaturen. Archiv für Etektronik und Übertragungstechnik 33 (June 1979), 229--235.

[14]

MacIver, D. Penetration testing Windows Vista BitLocker drive encryption. Presentation, Hack In The Box (September 2006).

[15]

Pettersson, T. Cryptographic key recovery from Linux memory dumps. Presentation, Chaos Communication Camp (August 2007).

[16]

Shamir, A., van Someren, N. Playing "hide and seek" with stored keys. LNCS 1648 (1999), 118--124.

Digital Library

[17]

Skorobogatov, S. Low-temperature data remanence in static RAM. University of Cambridge Computer Laborary Technical Report 536, June 2002.

[18]

Weinmann, R.-R, Appelbaum, J. Unlocking FileVault. Presentation, 23rd Chaos Communication Congress, December 2006.

Cited By

Wang JHuang TWu SLiu Z(2024)Twinkle: A family of Low-latency Schemes for Authenticated Encryption and Pointer AuthenticationIACR Communications in Cryptology10.62056/a3n59qgxqOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a3n59qgxq
Benelhaouare AMellal IOumlaz MLakhssassi A(2024)Mitigating Thermal Side-Channel Vulnerabilities in FPGA-Based SiP Systems Through Advanced Thermal Management and Security Integration Using Thermal Digital Twin (TDT) TechnologyElectronics10.3390/electronics1321417613:21(4176)Online publication date: 24-Oct-2024
https://doi.org/10.3390/electronics13214176
Chiang YChang WLi STu J(2024)Securing a Multiprocessor KVM Hypervisor with RustProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698562(650-667)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698562
Show More Cited By

Index Terms

Lest we remember: cold-boot attacks on encryption keys

Recommendations

Lest we remember: cold boot attacks on encryption keys
SS'08: Proceedings of the 17th conference on Security symposium

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAMs become less reliable when they are not ...
Lest we forget

As hard disk encryption, RAM disks, persistent data avoidance technology and memory-only malware become more widespread, memory analysis becomes more important. Cold-boot attacks are a software-independent method for such memory acquisition. However, on ...
Shit i Can't Remember: Password Logbook internet password logbook address logbook Brown Password Journal & Notebook,internet password logbook,internet address logbook

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 52, Issue 5

Security in the Browser

May 2009

132 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1506409

Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2009

Published in CACM Volume 52, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

656
Total Citations
View Citations
9,721
Total Downloads

Downloads (Last 12 months)1,280
Downloads (Last 6 weeks)213

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang JHuang TWu SLiu Z(2024)Twinkle: A family of Low-latency Schemes for Authenticated Encryption and Pointer AuthenticationIACR Communications in Cryptology10.62056/a3n59qgxqOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a3n59qgxq
Benelhaouare AMellal IOumlaz MLakhssassi A(2024)Mitigating Thermal Side-Channel Vulnerabilities in FPGA-Based SiP Systems Through Advanced Thermal Management and Security Integration Using Thermal Digital Twin (TDT) TechnologyElectronics10.3390/electronics1321417613:21(4176)Online publication date: 24-Oct-2024
https://doi.org/10.3390/electronics13214176
Chiang YChang WLi STu J(2024)Securing a Multiprocessor KVM Hypervisor with RustProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698562(650-667)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698562
Xu SZhou QZhang ZJia XLiu DHuang HDu HSong Z(2024)ConMonitor: Lightweight Container Protection with Virtualization and VM FunctionsProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698520(755-773)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698520
Zhao LShuang HXu SHuang WCui RBettadpur PLie D(2024)A Survey of Hardware Improvements to Secure Program ExecutionACM Computing Surveys10.1145/367239256:12(1-37)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3672392
Ajani YBright C(2024)SAT and Lattice Reduction for Integer FactorizationProceedings of the 2024 International Symposium on Symbolic and Algebraic Computation10.1145/3666000.3669712(391-399)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3666000.3669712
Zhu WLuo BLiao XXu JKirda ELie D(2024)Leveraging Storage Semantics to Enhance Data Security and PrivacyProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690864(5116-5118)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690864
Ueno RHaneda HHomma NInoue AMinematsu KLuo BLiao XXu JKirda ELie D(2024)Crystalor: Recoverable Memory Encryption Mechanism with Optimized Metadata StructureProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670273(228-242)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670273
Hasan MKashinath AChen CMohan S(2024)SoK: Security in Real-Time SystemsACM Computing Surveys10.1145/364949956:9(1-31)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3649499
Yin ZDatta AVijayakumar SJacob AJaiswal A(2024)A 9 Transistor SRAM Featuring Array-level XOR Parallelism with Secure Data Toggling OperationProceedings of the Great Lakes Symposium on VLSI 202410.1145/3649476.3658789(277-281)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3649476.3658789
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents