Cold Boot Attacks on Hard Drive Encryption

7/31/2019 Cold Boot Attacks on Hard Drive Encryption

1/22

Cold Boot Attacks on

Hard Drive Encryption

Seth Schoen

Electronic Frontier Foundation

LinuxWorld Conference and Expo 2008

San Francisco, California

http://citp.princeton.edu/memory/


2/22

Our team and academic paper

J. Alex Halderman (Princeton)

Seth D. Schoen (Electronic Frontier Foundation)

Nadia Heninger (Princeton)

William Clarkson (Princeton)

William Paul (Wind River Systems) Joseph A. Calandrino (Princeton)

Ariel J. Feldman (Princeton)

Jacob Appelbaum

Edward W. Felten (Princeton)


3/22

Our team and academic paper

Lest We Remember: Cold Boot Attacks onEncryption Keys (in Proceedings of the 17thUSENIX Security Symposium, San Jose, CA,2008)

Home page: http://citp.princeton.edu/memory/(including PDF of paper, video, images, andsource code)


4/22

Misperceptions of RAM volatility

DRAM is supposed to be refreshed in order tobe reliable

DRAM under refresh has extremely lowprobability of uncommanded bit flips...

DRAM without refresh has a noticeableprobability of experiencing uncommanded bitflips over time but probability of such flips after

many seconds is nowhere nearcertainty Yet we sometimes wrongly speak as though

RAM were designedto clear itself on power loss


5/22

DRAMs and SRAMs

SRAMs are like flip-flops

DRAMs are like capacitors SRAMs are faster, DRAMs are cheaper

Both retain some data without power at roomtemperature; both retain more data longer atlower temperatures (cf. Skorobogatov)

DRAMs typically used for PC main memory There are also long-term burn-in effects (cf.

Gutmann); this research is not about those


6/22

Shredding Your Garbage

Chow et al. Shredding Your Garbage:Reducing Data Lifetime Through SecureDeallocation (in Proc. 14th USENIX SecuritySymposium, Baltimore)

Tried to measure how long disused datastructures typically persisted in memory

Accidentally found intact data structures in RAM

from previous system boots (!?!?) Torbjrn Pettersson: this could be a means of

acquiring forensic memory images


7/22

Hardware people know this...

E.g., Link & May (1979) (early commercialDRAM availability) does low-temperature (LN

2

)

tests with no power, finds week-long retention!

Typically considered a feature (low

temperatures increase reliability, hightemperatures decrease it) common to manylogic devices, not a security problem

Software people are often unaware of thephysical characteristics of devices they use!

They don't break the abstractions


8/22

Cold boot attack

Deliberately crash a PC with interesting data inRAM; then restore power to RAM and dump itscontents to a permanent storage medium

Orwake upsleeping/hibernated laptop (to apassword prompt), then crash it and dump RAM

Operating system memory protection policiesare bypassed because operating system is no

longer running (nor can OS clear RAM!) Nearly complete state of previously-running

system is available; passwords not required


9/22

Our attacks

Tools to dumpmemory after a reboot

USB stick (or externalhard drive or iPod)

Network boot (e.g.PXE)

Very tiny dumpingapplication (< 10K)

Dump onto samemedium

USB key photo 2007 User:AIMare CC-BY-SA


10/22

Our attacks

Optional cooling withcanned air spray(tetrafluoroethane) orliquid nitrogen

Canned air mayachievetemperaturesaround 50 C

Invert can whendischarging(caution!)


11/22

Our attacks

New cryptographic techniques to detect keyschedules automatically and correct bit errors

Previous techniques for finding private key materialin memory didn't work well for us, especially in thepresence of bit errors

Source code for this and associated memorydumpers is now available at

http://citp.princeton.edu/memory/code/ Implementations of decryption for particular disk

encryption systems


12/22

More on memory dumpers

Small programs that run with no OS

Memory footprint just a few KB Bill Paul implemented them in assembly and C

Can be booted from USB or network (e.g. PXE)

Save entire contents of RAM to same medium

Leave no trace behind on target machine

A proof of concept; other vectors are possible


13/22

More on cooling

Typically not requiredon most hardware

Most relevant if RAM must be removed: if targetmachine has a policy preventing booting fromexternal media without a password or if BIOS clearsRAM on boot (e.g. ECC)

Cooling with canned air produces extremely lowtemperatures and good retention times

RAM could be unpowered, even when removedfrom the computer, for over a minute withminimal loss of data sufficient time to transfer

to another machine


14/22

When is cooling necessary?

In our experience, cooling was never necessaryexcept when RAM chips had to be physically

removed from a PC

Just restarting laptops at room temperature

never caused enough data loss to preventreconstruction of keys in our experiments

Chips can be removed if BIOS is unfriendly

If BIOS clears RAM or prevents memory dumping

In our experiments, canned air was alwayssufficient for this; liquid nitrogen was never needed


15/22

More on correcting bit errors

Cryptographic keys are intended to be random;even a few bit errors could make them useless

But in practice, keys actively being used arestored in memory in usefully redundant ways

These redundancies can be used to find keys Often without prior knowledge of software

And also to correct bit errors A variety of powerful, practical mathematical

techniques developed by Nadia Heninger


16/22

Successful attacks against...

Hardware attacks work on all operating systems

BitLocker in basic mode Even fully at rest with computer powered off!

FileVault, dm-crypt, TrueCrypt, Loop-AES

In typical scenarios where computer was running,sleeping, or hibernating

Other systems probably vulnerable too In particular, attackers can bypass locked screen or

login prompt


17/22

Our attacks are practical

Fully automated attack on BitLocker basicmode via live CD (because of BitLocker basic

mode's trust in the TPM, this attack does noteven require that laptop was powered on)

Automated RAM dumpers run via USB stick ornetwork boot; we even demonstrated using aninnocuous-looking iPod as an attack vector

Some laptops will not require any cooling; forcooling, canned air spray was always sufficient(liquid nitrogen never required)


18/22

Threat models

Some people suggest that our attack doesn'tcount because hard drive encryption isn't

supposed to protect against attackers withphysical access to laptops

Microsoft suggests attack is already documented But why do users encrypt laptop hard drives?

If RAM were really volatile users with

suspended/hibernated laptops and full-diskencryption would be safe: and they probablybelieve they are safe


19/22

Countermeasures

Inconvenient but helpful:

Turn laptops all the way off when they could be outof your control (left unattended in public, whiletraveling)

Require a password to boot external media (butsimply moving chips into another machine stillworks unless your DRAMs are non-removable)

Destroy all key material at screen lock orscreensaver activation, suspend, hibernate

This could require significant software changes;

also, user would have to re-authenticate on return


20/22

Countermeasures

ECC RAM is cleared at boot time

Harder to attack with off-the-shelf PCs, but probablyeasier to attack with specialized hardware or BIOS

There is also room for research on different

representations of key material in RAM (e.g.exposure-resistant functions, modified keyschedules)

Not a countermeasure: locating keys in lowmemory can't protect against removing RAM; cf.http://www.coreboot.org/Coreinfo BIOS image


21/22

Conclusions

Many recent security attacks exploit physicalhardware properties that users and developers

may be unaware of to break abstractions

Emanations security examples: CRTs (and all

digital hardware) are radio transmitters on (atleast) the refresh/clock frequencies they useinternally; recent attacks on light and sound

emitted by CRTs, LCDs, and keyboards(perhaps akin to research in natural sciences)

Security and privacy are pretty hard!


22/22

Thanks

Seth Schoen

[email protected]

9B36 BCFA 4DE0 8ADE 8A17 D091 56B0 315F 0167 CA38

Please support EFF!http://www.eff.org/

http://citp.princeton.edu/memory/

Cold Boot Attacks on Hard Drive Encryption

Documents

Transcript of Cold Boot Attacks on Hard Drive Encryption