Data at rest (DAR) keeps data in one place, such as on a file system, databases, the cloud, big data lakes, computer and storage devices. Data at rest is usually affluent in information compared to data packets that are moved across the network, thereby making DAR very lucrative targets for cybercriminals. Though we use computers to manage and store data, many users do not realize that leaving a computer unattended, even if it has full disk encryption could lead to serious security issues and attacks like cold boot attacks. A cold boot attack is a known process of obtaining unauthorized access to encryption keys, and other information from a device left physically unattended (Joo Guan & Kok Horng, 2009). When a cold boot attack occurs, attackers have access to encryption keys and other digital content, including passwords, login credentials, and any data stored on the machine’s volatile memory.

When and How Does a Cold Boot Attack Occur?

According to Princeton University researchers, cold boot attacks are possible because dynamic random-access memory (DRAM) chips on computer devices retain data for several seconds to minutes even after a computer is turned off (Sachdeva & Mishra, 2015). The time DRAM retains data could significantly increase with cold temperatures; thus, the content of the DRAM remains restorable for a duration of time, thereby giving an attacker the opportunity to detach, move and reattach the stolen DRAM to their system and extract data (Halderman et al., 2009). Computer data memory remanence is the phenomenon that facilitates cold boot attacks because data can be recovered from a computer’s system memory even after the device is powered off. Computer data memory remanence occurs because computer memory chips use and store electrical charges, which takes some time for the charges to dissipate after the system is powered off and return to a precharged state where all memory is wiped out. A cold boot attack is conducted in three steps; 1) Reducing the temperature of the victim’s DRAM by freezing. 2) Detaching, moving, and installing the DRAM on the attacker’s systems. 3) Restoring data obtained from the DRAM.

How to Prevent a Cold-Boot Attack

A couple of preventive measures could be taken to reduce the occurrence of a cold boot attack. This includes using CPU-bound cryptography solutions that uses the processor cache to store sensitive data (Seol et al., 2021). This solution protects selected data such as cryptographic keys; however, it does not protect other information on the DRAM like recent emails and sites visited and requires modification of the protected software.

Another preventive measure is using full memory encryption schemes that encrypt all the data in DRAM, thereby protecting digital content and software stored in untrusted system memory (Seol et al., 2021). However, encrypting all the data may result in significant performance and energy overheads as encryption and decryption consume a significant amount of computing resources. However, these two solutions do not directly address the remanence effect which is the root cause of cold boot attacks.

The Amnesiac DRAM is another practical defense mechanism against a cold boot attack. Amnesiac DRAM is a software-based solution that protects data inside the DRAM. It has the ability to sense physical separation or reconnection events such as power off and power on and proactively delete all data contained in the DRAM while locking the attacker from assessing data in the volatile memory (Seol et al., 2021). This solution aims to eliminate the root cause of cold boot attacks, which is the remanence effect and has little or no effect on system performance and energy overhead. Despite all the defensive technology solutions provided to fight against cold boot attacks, enforcing strong physical security measures is critical in preventing the attack all together.

References

Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., . . . Felten, E. W. (2009). Lest we remember: cold-boot attacks on encryption keys. Commun. Acm, 52(5), 91–98. https://doi.org/10.1145/1506409.1506429    

Joo Guan, O., & Kok Horng, K. (2009, 15-16 July 2009). A Proof of concept on defending cold boot attack. 2009 1st Asia Symposium on Quality Electronic Design,    

Sachdeva, E., & Mishra, S. P. (2015, 5-7 March 2015). Improving method of correcting AES Keys obtained from coldboot attack. 2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT),    

Seol, H., Kim, M., Kim, T., Kim, Y., & Kim, L. S. (2021). Amnesiac DRAM: A Proactive Defense Mechanism Against Cold Boot Attacks. IEEE Transactions on Computers, 70(4), 539-551. https://doi.org/10.1109/TC.2019.2946365    

Website | + posts