Thursday, February 21, 2008

Cold Boot Attacks on Disk Encryption

Ed Felten (via Drew Thaler):

Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents.

Seems like the OS should secure-erase the RAM when the user isn’t around.

2 Comments RSS · Twitter


Erasing the key in memory isn't necessarily useful. It helps, of course, but with whole-disk encryption the key has to be in memory whenever the disk is mounted. Even if there's some other obstacle blocking the bad guys who've nabbed your computer (a password-protected screensaver, etc) this method would allow them to circumvent it by just extracting the key from RAM.

It might help to create a RAM with a hardware scrubber which forcibly wipes the state if the RAM loses power. But things like WiebeTech's HotPlug make me even wonder how long that would be useful.

I guess physical security is still your best bet in the end.


I was thinking of the shutdown case. I agree that the screensaver case is probably hopeless, unless it also unmounts the volume.

Leave a Comment