Cold Reboot Attacks on Disk Encryption

jcrouthamel writes "Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them."

Physical Access

[MosesJones]

So lets thing what physical access means in these cases.

1) They have your desktop computer
2) It is on
3) You've entered your crypto keys

Is it me or is this just a little tenuous? In a data centre they'd have to drag the thing off the rack and on your personal machine they'd have to physically take it off you, because waiting for you to shutdown and then walk-away would be too long. So the solution is to shutdown the machine and THEN put your coat on and pack your bag.

I can also get people's Crypto keys by threatening them with a knife or putting a CCTV camera over their workstation. There are "easier" ways to get the keys if you have physical access to the environment that are much simpler and reliable.

Re:Clear the DRAM?

[spun]

So, that would stop me from physically turning off the computer and popping out the RAM, how exactly? What we need is a battery backed up hardware module that scrambles the RAM when the system loses power.

Re:only useful if you start off unencrypted

[Hatta]

Right, so if you have a desktop computer that's on all the time and a warrant is issued for that computer, that truecrypt partition you set up for just such an event becomes useless. There's ample reason to worry.

Use capacitors

[StCredZero]

You could use a capacitor to power this mechanism instead of a battery. It wouldn't need to last very long -- just long enough to scramble the RAM on power-down. It would be more reliable than a battery.

from an attacker with physical access

[wiredog]

If the attacker has physical access to your system, it's not your system.

Re:Clear the DRAM?

[spun]

I was envisioning a hardware module that detected a power failure and wiped the RAM. The only way around that would be to pop the RAM out of a running system, which might work, or it might fry the RAM. But if the hardware module were incorporated into the DIMM, that would work.

Really, though, who would this affect? Top secret government stuff. I bet they've just got vials of acid or explosives or something. Tamper with the case and the contents (and maybe you) go bye-bye.

Re:only useful if you start off unencrypted

[KublaiKhan]

Hrm, especially if they were in hibernate mode to start with....

Re:Physical Access

[mypalmike]

on your personal machine they'd have to physically take it off you

Like when your laptop is stolen while it's in sleep mode. This is rather a common situation.

I can't believe this hasn't been mentioned...

[gillbates]

we know of no simple remedy that would eliminate them...

As part of a secure programming course I recently took, we were instructed to overwrite keys with zeros when done using them. It's that simple - you don't leave the key in memory for any longer than you need it.

When the machine is powered down, your application's exit routine zeros all of the memory, and then free()s it. Nothing that good programming practices can't address.

Generally speaking, it's the keys on the disk(!) that are the problem. Without two factor authentication, you need merely to scan disk sectors...

Dirty fix

[Anonymous Coward]

Solder RAM to board.
Password the BIOS, boot only from local disk.

Re:Clear the DRAM?

[orclevegam]

As the4thdimension already pointed out, it's a common tenant in systems security that anyone with physical access and sufficient time can disable or otherwise bypass any security system. The fact is, if they're in a position to swipe the RAM out of your computer, they can just as easily take the HD to a secure location to try to brute force it, and/or attach some probes to the RAM and just read the bits straight off it, wouldn't even need to power the system down. Hardware security is just that, hardware, so there will never be an adequate software solution to a hardware security problem. Likewise, software security means nothing if the hardware is vulnerable. It's like building a safe with the most complex and impenetrable locking mechanism ever designed, and then using 1/4" aluminum for the body of the safe, sure no one's going to crack the locking mechanism, but all it takes is 5 minutes with a power drill to bypass it.

That being said, some sort of physical security mechanism probably wouldn't be out of the question for scenarios that actually called for it. For instance, on systems that contain highly sensitive data such as nuclear launch codes or some such, I could envision a tripwire type system on the computer case that detonates shaped charges on the HD and RAM when the case is cracked. This does open up a possible DOS attack vector, but the alternative seems to justify it.

Re:Physical Access

[Anonymous Coward]

Those are all the normal common conditions when trying to crack DRM.

Re:Hardly the problem

[orclevegam]

You kind of missed the point. The argument is that even with full disk encryption it's possible to reboot the system to a special OS that reads the encryption keys out of the RAM before it decays allowing the contents of the disk to then be decrypted. Of course, this overlooks the obvious problem that first you need to get your hands on the running system that already has the password entered and the disks decrypted, and then further allows you to reboot it using an alternative boot mechanism. Most often you run whole disk encryption on things like laptops so that in the event it gets stolen the data on it can't be recovered. Lets imagine how you would pull this attack off in this scenario. First, you need to find a laptop thats powered on, and decrypted, so most likely someone is using it. Next, that person needs to somehow leave the laptop sitting someplace (with sensitive information) powered on, and to be gone long enough for you to swipe it. Also, when you do swipe it, you must ensure that it stays powered on until you get it to wherever you have your forensics setup at. Next, you need to have a floppy, cdrom, or USB stick with your specially crafted OS on it and somehow get the system to reboot into that special OS (mind you at this point you probably don't know for sure if the laptop is using full disk encryption, or even what brand). lastly, you have to be lucky enough to get the specific data you want off the memory before it degrades and you lose it forever. Now, is this possible? Yes. Is it likely? Not even in the slightest. This is an interesting academic exorcise, but means exactly jack in real world security.

Simple fix, no?

[rickb928]

Make the BIOS clear RAM on power-up.

Wait, doesn't it already?

Wait, did the researchers bypass BIOS?

Well, if they did, then adding some crap to DRAM to kill it on power loss is the only way. Probably.

It was once an axiom of system security, that if you gained physical access, all was lost. This evolved from keyboard and console attacks to floppy- and CD-boot attacks, USB keys, stealing the hard drive, you know the drill.

Ultimately, if you can cart away pieces of the machine, your last line of defense is gone.

The only other variable to control is time. Make the DRAM die quicker, or is it time for a 'better' memory technology?

And this is such great stuff, the TEMPEST guys will now have to re-write their procedures, with both a power-off and wait 30 seconds, and a re-power-on and wait for login prompt, then shutdown again.

Sometimes I hate h@xrs, and sometimes I realize they do me a service, albeit while they intend to just do me.

How ironic. My captcha is 'honest'. This cannot be coincidence.

DRM attack vector

[crow]

While an issue for whole-disk encryption, this is also an issue for DRM. Just flick the power while the interesting media is being decrypted, and even if the OS had been protecting the key in some "safe" location, you can now find it. It might be little more tricky, but if you can pull the RAM on a video game console, you can do the same thing.

Re:I can't believe this hasn't been mentioned...

[vux984]

When the machine is powered down, your application's exit routine zeros all of the memory, and then free()s it. Nothing that good programming practices can't address.

Unless of course the machine is, you know, simply "powered down".

Pulling the plug isn't going to let your application do squat.

This is pretty epic...

[ComputerPhreak]

To everyone saying 'if someone has physical access you're hosed anyway'... that simply isn't true. If you have a laptop and encrypt your data correctly, it was thought that it was mathematically infeasible to recover the data if your laptop was stolen. But with this (new?) technique, if it works well enough to be reliable, you could still be fucked even if you took the precaution of encrypting everything.

Re:I can't believe this hasn't been mentioned...

[swilver]

There are ways to turn off computers that bypass "Start > Shutdown"

Re:Physical Access

[CastrTroy]

Which is why you should alway unmount your encrypted volumes before you powerdown/hibernate/standby which would ideally clear the contents of memory which contained the key. This would only work in a surprise attack where the user had enough time to poweroff the machine.

Re:Clear the DRAM?

[CountBrass]

I think you've missed the point. Hard drive encryption *is* supposed to protect against someone having physical access to your machine.

Re:Very real concern

[Anonymous Coward]

Maybe you are finding the contents of your browser's history and other crap from the VFS cache?

Epoxy

[Bender0x7D1]

It seems like the best defense would be applying epoxy to the memory so it couldn't be removed from the slot. If you make sure all the connections are covered as well, they wouldn't be able to place a tap, either. (At least without a lot of time being spent slowly drilling through the epoxy.)

It would make it impossible to replace your memory, but you could always move the HD to another system. If you care that much, then you should be willing to pay for a new system if someone tries to compromise your data.

this seems must useful as a way to crack DRM

[mikeabbott420]

This seems most useful as a way to help crack DRM and bypassing OS level 'trusted computing' type measures. Since it requires a machine operating with the key active it isn't much use for things like decrypting a stolen laptop.

Re:Clear the DRAM?

[SL Baur]

For this to work, somebody has to be able to steal my laptop

You didn't even bother to read the summary, let alone the article. The main point is that nothing is secure with physical access to the machine. That's kind of always been the point. Restated, if an attacker is sufficiently interested in the data on your machine, he will be able to take it from your cold dead hands and get it.

I feel secure.

So no, you shouldn't feel secure if you have important data on that machine.

BTW, since you claim to be using (presumably US) government security software, you know that disk formatting or dd if=/dev/zero of=/dev/whatever is not sufficient to unclassify a disk that formerly contained classified material.

Re:Already Screwed

[LiENUS]

Hmm I'm done working with this sensitive data I think I'll put my laptop into suspend mode and leave this coffee shop to go home. But first let me go order one more for the road... Oh no I'm back with my drink and my laptop's gone. Good thing I encrypted my hard drive, my work will just buy me a new one and since all of the sensitive data was encrypted no problem I'll just pull the latest copy from the server and resume my work, none of the customers need to know that that all 1.5 million social security numbers, birth dates and addresses were stolen because it's impossible to decrypt the data on the drive.

Re:Clear the DRAM?

[ScrewMaster]

So no, you shouldn't feel secure if you have important data on that machine.

And any way you slice it, feeling secure has little to do with being secure (TSA, are you listening?) although I have noticed that people who feel secure are generally at the most risk. Mainly, I suppose, because they don't have the knowledge to properly assess the risks they are accepting. Because if they did ... they wouldn't feel so secure.

If you want to be as secure as you possibly can, start with the assumption that you're not.