Cold Boot Attack and Countermeasures on Systems with Non-Volatile Caches THESIS Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University By Spencer Alan Rudolph Graduate Program in Computer Science and Engineering The Ohio State University 2016 Master's Examination Committee: Mircea-Radu Teodorescu, Advisor Yinqian Zhang Copyrighted by Spencer Alan Rudolph 2016 Abstract Non-Volatile Memory is an emerging technology that has already found its way to mainstream devices in the form of hard drive like devices (SSD’s, Flash Drives, etc.) but has recently been found to be effective replacements for traditionally volatile memory components of systems. While replacement devices for RAM memory are still too expensive to go to market, Non-Volatile Cache Memory is a viable candidate to emerge in consumer CPU’s. Factors such as storage amounts are far less than what are required from RAM, making the overall cost cheaper. In addition, Non-Volatile Cache Memory has higher density compared to today’s caches which is desirable for smaller CPU’s being manufactured today and it does not need a constant power supply to retain memory which can lead to less power usage, giving Non-Volatile Cache Memory many advantages to consumers. However, with using memory that retains information regardless of a power supply leaves devices open to Cold Boot Attacks. Cold Boot Attacks are used to steal information from the memory of a target device by freezing the state of the system and dumping its memory contents for examination. This is particularly effective for capturing the master key of encrypted hard drives, rendering the security of the hard drive compromised. In this paper we exam how such type of attacks are achieved, how vulnerable Non-Volatile Cache Memory systems are, and offer effective software solutions to counteract these type of attacks. ii Acknowledgments I would like to extend my sincerest gratitude to Xiang Pan, Anys Bacha, and Professor Radu Teodorescu for all of their help and combined efforts to advance this project. Their expertise and previous experience have been instrumental to the progress of the project as a whole and would not have been possible without them. I would also like to thank Yinqian Zhang for agreeing to participate on my committee as he has offered great feedback and viewpoints in my final examination to continue to review after the fact. iii Vita June 2012 .......................................................Mayfield High School May 2016 .......................................................B.S. Computer Science and Engineering, The Ohio State University December 2016 ..............................................M.S. Computer Science and Engineering, The Ohio State University Fields of Study Major Field: Computer Science and Engineering iv Table of Contents Abstract ............................................................................................................................... ii Acknowledgments.............................................................................................................. iii Vita ..................................................................................................................................... iv Fields of Study ................................................................................................................... iv Table of Contents ................................................................................................................ v List of Figures ................................................................................................................... vii Chapter 1: Introduction ...................................................................................................... 1 Chapter 2: Cold Boot Attack.............................................................................................. 4 Chapter 3: Disk Encryption ............................................................................................... 6 3.1 Types of Encryption .................................................................................................. 7 3.2 Disk Encryption Ciphers ........................................................................................... 8 3.3 Other Disk Encryption Related Devices ................................................................. 10 Chapter 4: Countermeasure.............................................................................................. 12 4.1 Software Based Countermeasure ............................................................................ 12 4.2 Design...................................................................................................................... 13 v 4.3 Implementation........................................................................................................ 15 Chapter 5: Experimental Setup and Methodology ........................................................... 17 5.1 Environment ............................................................................................................ 17 5.2 Simulation Strategy ................................................................................................. 18 5.3 Gem5 Simulation Issues .......................................................................................... 20 Chapter 6: Results ............................................................................................................ 22 References ......................................................................................................................... 26 vi List of Figures Figure 1. ECB Weakness .................................................................................................... 9 Figure 2. ECB Algorithm .................................................................................................... 9 Figure 3. XTS Algorithm .................................................................................................. 10 Figure 4. Poweroff Flags................................................................................................... 19 Figure 5. Key Found After Poweroff ................................................................................ 22 Figure 6. 2 MB Cache ....................................................................................................... 24 Figure 7. 4 MB Cache ....................................................................................................... 25 Figure 8. 8 MB Cache ....................................................................................................... 25 vii Chapter 1: Introduction In today’s world where security exploits are consistently emerging, some of the most damaging exploits are ones that have evolved from previous work. While there have been fixes for previously documented Cold Boot Attacks, the theory behind stealing a computer’s memory for access to secured information is still an open problem. The difference in many cases is how the concept is applied to the situation. Given that fast non-volatile memory chips are an emerging market in the computer industry, the investigation of cold boot like attacks on these devices needs to be documented and fixed. Personal information, corporate sensitive data, and government classified secrets are all at risk of Cold Boot Attacks given this new type of memory. Cold Boot Attacks are a classification of security exploits that steal information stored in the main memory of computers by ways of physical manipulation of the system. The end goal in most cases is to gain unfettered access to a systems main memory by either restarting a system or moving its RAM memory sticks to another device while also not losing their information. There have been variations on how this has been achieved from writing custom OS’s to freezing memory sticks, but the end results have been the same. Now with new non-volatile memory devices coming to consumers, this attack becomes easier to accomplish and its scope expands to cache memory. 1 Non-Volatile Cache Memory is a major improvement to an existing hardware component on almost every CPU today. CPU caches in general have largely gone unchanged since their launch in the 1960’s but given the technology of non-volatile chips, they are moving towards major enhancement. This is because non-volatile chips have the ability to retain information without the need for a constant power supply. This is dangerous however because previously discussed Cold Boot Attacks can take advantage of this feature and use it to steal information off the device (given they have physical access to it). The combination of this new technology and the existing Cold Boot Attack concept should allow for a new attack vector to target Non-Volatile Cache Memory. The goal for us to prove was that an attacker could steal the computer’s hard dive master key from the cache after it has been unlocked by the user. From there, the security of the hard drive is considered compromised and the attack is considered effective. In order to test this we needed a system that could simulate the effects of a Non-Volatile Cache Memory or a cache that could be examined by us at any time which would produce similar results. The solution was actually to use a simulator that we could control to examine the cache contents at will so we utilized the gem5 simulator for the project. Once setup, we installed a disk encryption application on the simulator and