Cold Boot Attacks by Qiuchen Feng
Total Page:16
File Type:pdf, Size:1020Kb
COLD BOOT ATTACKS [email protected] Present by Qiuchen Feng DATA STORAGE ➤ Data is stored in the Dynamic Random Access Memory (DRAM) on a computer ➤ DRAM contains programs that are required for a computer to function ➤ Each bit of data is stored on a separate capacitor (like a big bucket) ➤ If the capacitor is periodically charged, the memory cannot be guaranteed to last ➤ This needs for regular refresh characteristics COLD BOOT ATTACK ➤ Performed on Dynamic Random Access Memory (DRAM) ➤ Belong to a volatile memory devices ➤ People been taught that all their data will be erased when power is removed ➤ Misconception, data remains there for a few seconds ➤ Typically data is lost gradually over a period of seconds ➤ Decaying stage begins when a computer has lost its power EFFECT OF COOLING ON ERROR RATES ➤ As expected, we observed a significantly lower rate of decay under these reduced temperatures WHAT HAPPEN… ➤ If we cutting power for varying lengths of time, what happen… HOW ARE ATTACK PERFORMED ➤ Access is required to the physical machine ➤ Non-destructive attack ➤ Copied to an external drive COOLING THE DRAM ➤ Change in temperatures have different effects on the number of bit decaying ➤ Cooling the DRAM decreases the number of bits decaying ➤ Use inverted can of caned air ➤ Below -50 degrees, found fewer than 1% of bits decayed ➤ Use liquid nitrogen after canned air ➤ Cooling to even lower temperature, found only 0.17% of bits decayed EXPLOITING DRAM REMANENCE ➤ Reboot the machine and launch the custom kernel ➤ Cut the power to the machine, then restores the power and boots a custom kernel via USB/external device ➤ This prevents the OS of any opportunity to scrub memory before shutting down ➤ Cuts the power and transplants the DRAM modules to an attacker’s machine ➤ This prevents the original BIOS and PC hardware of any chance to clear the memory EXAMPLE ➤ BitLocker (Windows Vista Versions) Windows Vista used a full disk encryption mechanism which is known to be BitLocker. This is designed to protect user data stored on the disk by providing encryption for the entire volume. 1. User logs in and then puts the computer in lock mode 2. Password to the computer is stored in DRAM 3. Attacker had access to the physical device and attach external device with attack software 4. Power computer down, remove the battery, add the battery and power on 5. Booted by external device, data starts to be dumped to external device including login key 6. Now all the keys will decrypt the computers hard disk and access to all files RECONSTRUCTION OF KEYS ➤ Experiment showed that keys normally go to ground state ➤ Very few bits go the opposite way ➤ Speed reconstruction was used to re-create keys to its original state which Is more efficient ➤ Can correct errors more efficiently with lower bit rate, can correct even if there is high bit error ➤ From 5% to 50% RECONSTRUCTING / IDENTIFYING KEY ➤ Data Encryption Standard (DES) keys ➤ Advanced Encryption Standard (AES) keys ➤ Tweak keys ➤ RSA private keys ➤ Identifying keys in memory ➤ Identifying AES keys ➤ Identifying RSA keys MITIGATE TECHNIQUES ➤ Best countermeasure is suggested to discard or obscuring encryption keys before an adversary gains physical access. ➤ Prevents memory dumping software from been executed ➤ Make contents of the memory decay more readily ➤ Adding passwords to boot from external device MITIGATION METHODS ➤ Scrubbing memory ➤ Software which overwrite keys in memory which is no longer needed ➤ Runtime libraries and OS should clear memory more proactively ➤ Systems can clear memory on boot time before loading OS ➤ Suspending a system safely ➤ Users can protect themselves by completely powering down the computer and waiting for a moment for all keys to be removed. MITIGATION METHODS [CONT…] ➤ Avoidance of pre-computation encryption keys ➤ Physically protecting the memory ➤ Locked and encase DRAM in material which frustrates on the attempt of removal ➤ Architectural changes ➤ Making them lose their state quickly ➤ Key-store hardware that erases its state on power-up, reset and shutdown ➤ Will work long as encryption keys are destroyed on reset or power loss SUMMARY ➤ What is cool boot attack and how they are performed ➤ Ways that data bits keys can last longer in DRAM ➤ Exploiting DRAM remanence and key methods for reconstruction ➤ Ways that cool boot attack can be mitigated CRITICISMS ➤ There still is no proper defences against cold boot ➤ Scrubbing memory still doesn't protect against important keys which are required to be kept in memory ➤ Attacker can swap out the hard drive, bypass the sanity check of password and boot the computer ➤ Users wait for their computer to power down then reboot it, rather then machine in sleep mode (trade off security vs usability) QUESTION?.