Tuesday, July 22, 2008

The Cold Boot Attack

In February, a team led by researchers at Princeton announced how to recover laptop encryption keys directly from the DRAM (dynamic RAM) of the device. This attack, dubbed "Cold Boot", began a flurry of posts and articles stating dismay, seeking clarification and listing defences. The contents of DRAM takes several minutes to be cleared after power is shut off, and an attacker with physical access to the machine has an opportunity to recover the contents of memory over those few minutes. Contrary to popular belief, dynamic RAM is only somewhat dynamic.

Reproduced below are a series of images from the Princeton team depicting the DRAM decay of a Mona Lisa image over a period of 5 minutes. The striped image on the far right shows the ground states for the DRAM, which are the 0 or 1 states that the memory elements will eventually return to after power is removed. By the time DRAM reaches the striped ground state all information on encryption keys (and any other parameters) in memory is lost.

Picture1

A common reaction from experienced security professionals was to state that Cold Boot attacks are well-known to exist in principle, and that the Princeton work has filled in the practical details. “[The cold boot attack has] been in the toolbox of forensics examiners for some time,” said Murugiah Souppaya, a researcher at the National Institute of Standards and Technology. The attack is more of a wake-up call than a bolt of lightening.

Hard-disk encryption vendors were also quick to point out that Cold Boot attacks exploit hardware vulnerabilities and not encryption weaknesses. The true risk comes from software that relies on power loss to purge keys from memory rather than the software explicitly clearing memory itself. The lesson for users is to ensure that power is shut off to DRAM when they not are using their laptops (either by shutting down the laptop or by putting it into hibernate mode).

When the keys bit are extracted from memory some will already have false values due to ground state decay. Pictured left is a decayed Mona Lisa image which contains sufficient information to recognize the original image. The Princeton researchers have devised algorithms for detecting and recovering key bits corrupted by ground state decay, which, after stripping away all the fanfare of the attack, is the most significant contribution of the work. How do we recover the true key from a corrupted copy?

Coding theory is the study of exactly this problem, in the context of sending and receiving messages where messages bits can be corrupted (flipped) during transmission. Additional information, known as redundancy, must be added to each message so that errors can be detected and corrected. Without some redundancy there is little hope to find a handle on what errors have occurred.

Luckily the keys do in fact come with their own redundancy in DRAM. A user-supplied key to a block cipher is converted into an internal format that matches the operation of the cipher. For example, in the case of DES the user-supplied 56-bit key is converted into an 768-bit extended key, corresponding to the 48-bit sub-keys used in each of the 16 rounds in DES. Now the sub-keys themselves consist of bits that are just copies of bits from the user-supplied key. Each bit of the user-supplied key is guaranteed to occur at least 14 times in the extended key.

For efficiency reasons, the extended key is stored in DRAM rather than the user-supplied key. So for DES, and its triple-DES variants, each key bit will be stored at least 14 times in DRAM. Thus there will be (at least) 14 copies of each key bit to work with, which we can think of as 13 bits of redundancy for each key bit. PGP CTO, John Callas, likened this key decoding process to completing the remaining squares of a Sudoku game. While the analogy is not perfect, it is suggestive of the type of work that must be performed to decode partially decayed keys from memory.

For me, the Cold Boot incident is reminiscent of Richard Feynman's involvement in the 1986 Challenger disaster inquiry. There was long debate on whether the O-rings would or would not expand under cold conditions, and Feynman demonstrably settled the question by placing a clamped O-ring into a glass of ice water and showing that it did not expand when removed. At the time Freeman Dyson noted that this was an example of Nature providing a simple answer when asked a simple question.

The Princeton team asked Nature the simple question of whether DRAM is cleared on power loss, and the simple answer is no.

You can find the research used to produce this post as a FreeMind mindmap rendered into Flash here.


13 comments:

TechnoSnack's said...

Hello,

I'm Susan, of the TechnoSnack's team and I wish to inform you that we are opening a new blog aggregator about Computers & Internet news.
We put it on-line some hours ago and the link is: http://www.technosnack.com.

The main objective of this project is creation of a "virtual dashboard" of posts coming from many specialized blog and information about Computers & Internet world, with news about Linux, Windows, Mac, Open sources, Security, Graphics, Symbian and more on...

The key feature is that news come directly from blogosphere. We wish to show a preview of posts, with a link "Read more..." to signed blogs. If users are interested in news, they are redirected to your blog and can read entire post directly from your blog!

So, the different signed blogs can increase their visibility and reach more visitors, all over the world!

We think that in a little of time it can send more visitors to re gistered blogs, contributing to diffusion of know-how about Computer and Technology world.

I visited your blog and I think it has very interesting and useful posts!

So, are you interested in this idea, with your blog?
If yes, then you can register your blog, using the specific "Registration Form"!

REGISTRATION IS ABSOLUTELY FREE!

The only thing we ask to you is to insert TechnoSNACK banner in your blog to promote this project. Or, if you prefer, you can insert a link in your blogroll.

If you like (we whould be happy, but it is not mandatory :-), you can write a post regarding TechnoSNACK project in your blog, to promote this idea.

Bye!
Susan - TechnoSnack's Team

boy labyog said...

your post is really interesting that's why i entertain reading this.



Laby[mens suit]

Adeline Niesha said...

Exceilent blog you have here but I was curious abou t if you knew of any communi ty forums tha t cover the same topics talked about in this article? I’d really like to be a part of online community where I can get advice from other experienced individuaIs that share the same interest. If you have any suggestions, please let me know. Appreciate it....

Han Choe said...

canon printer driver canon driver download driver for canon free download driver support canon support & download printer driver free download canon driver Free download download printer driver download driver canon download for canon install driver canon canon Printer Driver windows canon Printer Driver Mac OS X canon Printer Driver Linux canon Printer Driver support

Han Choe said...

Excellent blog you have here but I was curious about if you knew of any community forums that cover the same topics talked about in this article? I’d really like to be a part of online community where I can get advice from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Appreciate it softtonice | canon support | drivers and software

Han Choe said...

Excellent blog you have here but I was curious about if you knew of any community forums that cover the same topics talked about in this article? I’d really like to be a part of online community where I can get advice from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Appreciate it softonice | canon support | drivers and software-

Rehane putrie said...

I know where I'm going and I know the truth, and I don't have to be what you want me to be. I'm free to be what I want.Thankyou i really love it

sharelink
filehippo
2016 free download latest version
acehfreesoft
umarka
offlineinstallerfilehippo
esoftpedia
filehorse
supportcanon
freedownloadlatetsversion
ccleaner 2016

Syka ika said...

I really liked this part of the article, with a nice and interesting topics have helped a lot of people who do not challenge things people should know... you need more publicize this so many people who know about it are rare for people to know this, Success for you. . . . . . . ....

El Taufan said...

Thanks for Sharing That... Sucses for You

findaunionprinter

findaunionprinter

getoifile

getdriversforpc

offlineinstallerfilehippo

theprinterdriver

esoftpedia

filehorse

thesoftpedia

caranddriver

smadav

Tahir Bahi said...

Hi there very cool site!! Man .. Excellent .. Amazing ..
I’ll bookmark your blog and take the feeds also? I’m glad to search out a lot of useful info
here in the publish, we’d like work out extra strategies in this regard...
T H A N K S F O R S H A R I N G

Tahir Bahi said...

Hello my friend! I want to say that this post is awesome, great written and include almost all
important infos.I really love this post I will visit again to read your post in a very short time and I hope you will make more posts like this.

T H A N K S
F O R
S H A R I N G

WinAVI Video Converter 11.5 Keygen
Trend Micro Antivirus
Movie Converter 7 Keygen
Neuratron Audio Score Ultimate Keygen

atifabushra said...

Great post. Keep writing such kind of info on your site.

software


dance video

Movies

Songs

Dramas

Blogger said...

I have just downloaded iStripper, so I can watch the sexiest virtual strippers on my desktop.