When pressed, Powel did not address the specific claims of the cold boot attack.
|
|
Using this "cold boot attack," it's possible to steal funds even when a Bitfi wallet is switched off.
|
|
But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.
|
|
The new exploit is built on the foundations of a traditional cold boot attack, a technique that is well known in the hacking community.
|
|
Correction: An incorrect statement about cold boot attacks was changed in the fourth paragraph.. 'Five Eyes' governments call on tech giants to build encryption backdoors — or else
|
|
Operating systems and chipmakers added mitigations against cold boot attacks 10 years ago, but the F-Secure researchers found a way to bring them back from the dead.
|
|
A cold boot takes a similar amount of time as an Intel computer, but I never felt the need to shut down the computer entirely, so I rarely encountered that.
|
|
Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with "Home" licenses are out of luck.
|
|
To get the keys, the attack uses a well-known approach called a "cold boot," in which a hacker shuts down a computer improperly—say, by pulling the plug on it—restarts it, and then uses a tool like malicious code on a USB drive to quickly grab data that was stored in the computer's memory before the power outage.
|
|
So cold-boot attacks are prevented. Mimosa defeats against attacks that attempt to read sensitive data from memory (including cold-boot attacks, DMA attacks, and other software attacks), and it only introduces a small performance overhead.
|
|
In certain cases, a cold boot attack is used in the discipline of digital forensics to forensically preserve data contained within memory as criminal evidence. For example, when it is not practical to preserve data in memory through other means, a cold boot attack may be used to perform a dump of the data contained in random access memory. For example, a cold boot attack is used in situations where a system is secured and it is not possible to access the computer. A cold boot attack may also be necessary when a hard disk is encrypted with full disk encryption and the disk potentially contains evidence of criminal activity.
|
|
Cold boot attacks can therefore be a means of unauthorized data theft, loss or access. Such attacks can be nullified if the encryption keys are not accessible at a hardware level to an intruder–i.e., the devices in which the keys are stored when in use are not amenable to cold boot attacks–but this is not the usual case.
|
|
A cold boot attack may be used by attackers to gain access to encrypted information such as financial information or trade secrets for malicious intent.
|
|
Consequently, an attacker can perform a memory dump of its contents by executing a cold boot attack. The ability to execute the cold boot attack successfully varies considerably across different systems, types of memory, memory manufacturers and motherboard properties, and may be more difficult to carry out than software-based methods or a DMA attack. While the focus of current research is on disk encryption, any sensitive data held in memory is vulnerable to the attack. Attackers execute cold boot attacks by forcefully and abruptly rebooting a target machine and then booting a pre-installed operating system from a USB flash drive (Video ), CD-ROM or over the network.
|
|
Apple's Macintosh computers also perform a POST after a cold boot. In the event of a fatal error, the Mac will not make its startup chime.
|
|
Configuring an operating system to shut down or hibernate when unused, instead of using sleep mode, can help mitigate the risk of a successful cold boot attack.
|
|
The cold boot attack can be adapted and carried out in a similar manner on Android smartphones. Since smartphones lack a reset button, a cold boot can be performed by disconnecting the phone's battery to force a hard reset. The smartphone is then flashed with an operating system image that can perform a memory dump. Typically, the smartphone is connected to an attacker's machine using a USB port.
|
|
A cold boot attack provides access to the memory, which can provide information about the state of the system at the time such as what programs are running.
|
|
Technical sources describe two contrasting forms of reboot known as a cold reboot (also a cold boot, hard reboot or hard boot) and warm reboot (also soft reboot, or soft boot), although the definition of these forms can vary slightly between sources. According to Jones, Landes, and Tittel (2002), Cooper (2002), Tulloch (2002) and Soper (2004), on IBM PC compatible platform, a cold boot is a boot process in which the computer starts from a powerless state. All except Tulloch (2002) also mention that in cold boot, the system performs a power-on self-test (POST). In addition to the power switch, Cooper (2002) and Soper (2004) also state that the reset button, if present, may commence a cold reboot.
|
|
Memory scrambling may be used to minimize undesirable parasitic effects of semiconductors as a feature of modern Intel Core processors. However, because the scrambling is only used to decorrelate any patterns within the memory contents, the memory can be descrambled via a descrambling attack. Hence, memory scrambling is not a viable mitigation against cold boot attacks. Sleep mode provides no additional protection against a cold boot attack because data typically still resides in memory while in this state.
|
|
Software-Based Encryption on USB Flash Drives, SanDisk (June 2008) In reality however, "cold boot" attacks pose little (if any) threat, assuming basic, rudimentary, security precautions are taken with software-based systems.
|
|
Once they have obtained that encryption key, they can decrypt encrypted data at rest. Threats to data in use can come in the form of cold boot attacks, malicious hardware devices, rootkits and bootkits.
|
|
A cold boot additionally discards storage memory (also known as the "object store"), while a clean boot erases all forms of memory storage from the device. However, since these areas do not exist on all Windows CE devices, users are only concerned with two forms of reboot: one that resets the volatile memory and one that wipes the device clean and restores factory settings. For example, for a Windows Mobile 5.0 device, the former is a cold boot and the latter is a clean boot.
|
|
In February 2008, Felten and his students were part of the team that discovered the cold boot attack, which allows someone with physical access to a computer to bypass operating system protections and extract the contents of its memory.
|
|
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used to retrieve encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes after power has been removed. An attacker with physical access to a running computer typically executes a cold boot attack by cold-booting the machine and booting a lightweight operating system from a removable disk to dump the contents of pre-boot physical memory to a file.
|
|
Such an attack was demonstrated to circumvent popular disk encryption systems, such as the open source TrueCrypt, Microsoft's BitLocker Drive Encryption, and Apple's FileVault. 080222 citp.princeton.edu This type of attack against a computer is often called a cold boot attack.
|
|
Typically, Android smartphones securely erase encryption keys from random access memory when the phone is locked. This reduces the risk of an attacker being able to retrieve the keys from memory, even if they succeeded in executing a cold boot attack against the phone.
|
|
Jones, Landes, and Tittel (2002) contradicts this assertion and states that a reset button may commence either a cold or warm reboot, depending on the system. Microsoft Support article 102228 states that although the reset button is designed to perform a cold reboot, it may not disconnect the power to the motherboard – a state that does not correspond to the cold boot definition given above. According to Jones, Landes, and Tittel (2002), both the operating system and third-party software can initiate a cold boot; the restart command in Windows 9x initiates a cold reboot, unless Shift key is held. Finding a definition for warm boot, however, is more of a challenge.
|
|
A common purpose of cold boot attacks is to circumvent software- based disk encryption. Cold boot attacks when used in conjunction with key finding attacks have been demonstrated to be an effective means of circumventing full disk encryption schemes of various vendors and operating systems, even where a Trusted Platform Module (TPM) secure cryptoprocessor is used. In the case of disk encryption applications that can be configured to allow the operating system to boot without a pre-boot PIN being entered or a hardware key being present (e.g. BitLocker in a simple configuration that uses a TPM without a two-factor authentication PIN or USB key), the time frame for the attack is not limiting at all.
|
|
Best practice recommends dismounting any encrypted, non-system disks when not in use, since most disk encryption softwares are designed to securely erase keys cached in memory after use. This reduces the risk of an attacker being able to salvage encryption keys from memory by executing a cold boot attack. To minimize access to encrypted information on the operating system hard disk, the machine should be completely shut down when not in use to reduce the likelihood of a successful cold boot attack. However, data may remain readable from tens of seconds to several minutes depending upon the physical RAM device in the machine, potentially allowing some data to be retrieved from memory by an attacker.
|
|
TRESOR is a software approach that seeks to resolve this insecurity by storing and manipulating encryption keys almost exclusively on the CPU alone, and in registers accessible at ring 0 (the highest privilege level) only—the exception being the brief period of initial calculation at the start of a session. This ensures that encryption keys are almost never available via user space or following a cold boot attack. TRESOR is written as a kernel patch that stores encryption keys in the x86 debug registers, and uses on-the-fly round key generation, atomicity, and blocking of usual access to the debug registers for security. TRESOR was foreshadowed by a 2010 thesis by Tilo Muller which analyzed the cold boot attack issue.
|
|
Early Intel processors started at physical address 000FFFF0h. Systems with later processors provide logic to start running the BIOS from the system ROM. See Intel 64 and IA-32 Architectures Software Developer’s Manual , volume 3, section 9.1.2 If the system has just been powered up or the reset button was pressed ("cold boot"), the full power-on self-test (POST) is run.
|
|
Unexpected loss of power for any reason (including power outage, power supply failure or depletion of battery on a mobile device) forces the system user to perform a cold boot once the power is restored. Some BIOSes have an option to automatically boot the system after a power failure. An uninterruptible power supply (UPS), backup battery or redundant power supply can prevent such circumstances.
|
|
UltraBac Virtual Disk Utility – A stand-alone utility that can create a native VMware ESX Virtual Machine Disk (VMDK) file or Microsoft Virtual Hard Disk (VHD) file. Hyper-V Agent and vSphere Agent – Perform centralized virtual machine backups without the need to run backup tasks from inside each VM. UltraBac Ux Image Agent – Can cold boot a Linux machine and perform an image based backup. Can restore to an unbootable machine.
|
|
Since a memory dump can be easily performed by executing a cold boot attack, storage of sensitive data in RAM, like encryption keys for full disk encryption is unsafe. Several solutions have been proposed for storing encryption keys in areas, other than random access memory. While these solutions may reduce the chance of breaking full disk encryption, they provide no protection of other sensitive data stored in memory.
|
|
Memory controllers integrated into certain Intel Core processors also provide memory scrambling as a feature that turns user data written to the main memory into pseudo- random patterns. Memory Scrambling (in Cryptographic Theory) is supposed to prevent forensic and reverse-engineering analysis based on DRAM data remanence by effectively rendering various types of cold boot attacks ineffective. In current practice this has not been achieved. However Memory Scrambling has only been designed to address DRAM-related electrical problems.
|
|
Key Finding Attacks are attacks on computer systems that make use of cryptography in which computer memory or non-volatile storage is searched for private cryptographic keys that can be used to decrypt or sign data. The term is generally used in the context of attacks which search memory much more efficiently than simply testing each sequence of bytes to determine if it provides the correct answer. They are often used in combination with cold boot attacks to extract key material from computers.
|
|
Operating system kernel patches such as TRESOR and Loop-Amnesia modify the operating system so that CPU registers can be used to store encryption keys and avoid holding encryption keys in RAM. While this approach is not general purpose and does not protect all data in use, it does protect against cold boot attacks. Encryption keys are held inside the CPU rather than in RAM so that data at rest encryption keys are protected against attacks that might compromise encryption keys in memory.
|
|
Zen added support for AMD's Secure Memory Encryption (SME) and AMD's Secure Encrypted Virtualization (SEV). Secure Memory Encryption is real-time memory encryption done per page table entry. Encryption occurs on a hardware AES engine and keys are managed by the onboard "Security" Processor (ARM Cortex-A5) at boot time to encrypt each page, allowing any DDR4 memory (including non-volatile varieties) to be encrypted. AMD SME also makes the contents of the memory more resistant to memory snooping and cold boot attacks.
|
|
This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant. As the encryption keys used in hardware encryption are typically never stored in the computer's memory, technically hardware solutions are less subject to "cold boot" attacks than software-based systems.White Paper: Hardware-Based vs.
|
|
TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.
|
|
Mimosa in IEEE S&P; 2015 presented a more practical solution for public-key cryptographic computations against cold-boot attacks and DMA attacks. It employs hardware transactional memory (HTM) which was originally proposed as a speculative memory access mechanism to boost the performance of multi-threaded applications. The strong atomicity guarantee provided by HTM, is utilized to defeat illegal concurrent accesses to the memory space that contains sensitive data. The RSA private key is encrypted in memory by an AES key that is protected by TRESOR.
|
|
During the shutdown process, Tails will overwrite most of the used RAM to avoid a cold boot attack. An emergency shutdown can be triggered by physically removing the medium where Tails is installed: a watchdog monitors the status of the boot medium, and if removed the memory erasing process begins immediately; this might break the file system of the persistence volume, if set up. Tails tracks Debian stable for robust security updates support and uses the latest kernel from Backports for supporting newer hardware.
|
|
Key finding attacks have been used in conjunction with cold boot attacks to extract keys from machines after they have been switched off. Heninger and Shacham showed that keys can be extracted even when the data in memory has been corrupted by having the power removed. Statistical key finding was used by Nicko van Someren to locate the signature verification keys used by Microsoft to validate the signatures on MS-CAPI plug-ins. One of these key was later discovered to be referred to as the NSAKEY by Microsoft, sparking some controversy.
|
|
The Windows NT family of operating systems also does the same and reserves the key combination for its own use. Soper (2004) asserts that the Windows "Restart" command initiates a warm boot, thus contradicting Jones, Landes, and Tittel (2002), who believe the very same action performs a cold boot. The Linux family of operating systems supports an alternative to warm boot; the Linux kernel has optional support for kexec, a system call which transfers execution to a new kernel and skips hardware or firmware reset. The entire process occurs independently of the system firmware.
|
|
One application of "live analysis" is to recover RAM data (for example, using Microsoft's COFEE tool, WinDD, WindowsSCOPE) prior to removing an exhibit. CaptureGUARD Gateway bypasses Windows login for locked computers, allowing for the analysis and acquisition of physical memory on a locked computer. RAM can be analyzed for prior content after power loss, because the electrical charge stored in the memory cells takes time to dissipate, an effect exploited by the cold boot attack. The length of time that data is recoverable is increased by low temperatures and higher cell voltages.
|
|
When the row address is supplied by a counter within the DRAM, the system relinquishes control over which row is refreshed and only provides the refresh command. Some modern DRAMs are capable of self-refresh; no external logic is required to instruct the DRAM to refresh or to provide a row address. Under some conditions, most of the data in DRAM can be recovered even if the DRAM has not been refreshed for several minutes.Lest We Remember: Cold Boot Attacks on Encryption Keys , Halderman et al, USENIX Security 2008.
|
|
FDE provides protection before the operating system starts up with pre-boot authentication, however precautions still need to be taken against cold boot attacks. There are a number of tools available, both commercial and open source that enable a user to circumvent passwords for Windows, Mac OS X, and Linux. One example is TrueCrypt which allows users to create a virtual encrypted disk on their computer. Passwords provide a basic security measure for files stored on a laptop, though combined with disk encryption software they can reliably protect data against unauthorized access.
|
|
An attacker is then free to analyze the data dumped from memory to find sensitive data, such as the keys, using various forms of key finding attacks. Since cold boot attacks target random access memory, full disk encryption schemes, even with a trusted platform module installed are ineffective against this kind of attack. This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. However, malicious access can be prevented by limiting physical access and using modern techniques to avoid storing sensitive data in random access memory.
|
|
The initial ROM, installed in machines produced during the first year and a half of production, was 16 KB in size. The only device which could be connected to the disk port was (one) external 5.25-inch floppy drive; software could be booted from this external drive by typing the command “PR#7.” The serial port did not mask incoming linefeed characters or support the XON/XOFF protocol, unlike all later firmware revisions to come. There was no self-test diagnostic present in this ROM; holding down the solid-Apple key during cold boot merely cycled unusual patterns on screen which served no useful purpose or indication of the machine's health.
|
|
Windows Mobile 6.5, Windows RT and core editions of Windows 8.1 include device encryption, a feature-limited version of BitLocker that encrypts the whole system. Logging in with a Microsoft account with administrative privileges automatically begins the encryption process. The recovery key is stored to either the Microsoft account or Active Directory, allowing it to be retrieved from any computer. While device encryption is offered on all versions of 8.1, unlike BitLocker, device encryption requires that the device meet the InstantGo (formerly Connected Standby) specifications, which requires solid- state drives, non-removable RAM (to protect against cold boot attacks) and a TPM 2.0 chip.
|
|
BitLocker in its default configuration uses a trusted platform module that neither requires a pin, nor an external key to decrypt the disk. When the operating system boots, BitLocker retrieves the key from the TPM, without any user interaction. Consequently, an attacker can simply power on the machine, wait for the operating system to begin booting and then execute a cold boot attack against the machine to retrieve the key. Due to this, two-factor authentication, such as a pre-boot PIN or a removable USB device containing a startup key together with a TPM should be used to work around this vulnerability in the default BitLocker implementation.
|
|
Encrypting random access memory (RAM) mitigates the possibility of an attacker being able to obtain encryption keys or other material from memory via a cold boot attack. This approach may require changes to the operating system, applications, or hardware. One example of hardware- based memory encryption was implemented in the Microsoft Xbox.B. Huang "Keeping Secrets in Hardware: The Microsoft Xbox Case Study", "CHES 2002 Lecture Notes in Notes in Computer Science Volume 2523", 2003 Software-based full memory encryption is similar to CPU-based key storage since key material is never exposed to memory, but is more comprehensive since all memory contents are encrypted.
|
|
PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exists between “data in motion” encryption (TLS, email encryption) and “data at rest” encryption (disk encryption, tape encryption) by protecting “data in use” (random access memory). PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders. PrivateCore was acquired by Facebook, a deal that was announced on 7 August 2014.
|
|
Most full disk encryption schemes are vulnerable to a cold boot attack, whereby encryption keys can be stolen by cold-booting a machine already running an operating system, then dumping the contents of memory before the data disappears. The attack relies on the data remanence property of computer memory, whereby data bits can take up to several minutes to degrade after power has been removed. Even a Trusted Platform Module (TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk. Full disk encryption is also vulnerable when a computer is stolen when suspended.
|
|
Fixing it requires hardware-specific firmware patches. An attacker abuses power interrupts and TPM state restores to trick TPM into thinking that it is running on non- tampered components. Main Trusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for measurement (DRTM) attack , which affects computers running on Intel's Trusted eXecution Technology (TXT) for the boot-up routine. In case of physical access, computers with TPM are vulnerable to cold boot attacks as long as the system is on or can be booted without a passphrase from shutdown or hibernation, which is the default setup for Windows computers with BitLocker full disk encryption.
|
|
The "Transparent operation mode" and "User authentication mode" of BitLocker use TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR. If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device. This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue. Nevertheless, in February 2008, a group of security researchers published details of a so-called "cold boot attack" that allows full disk encryption systems such as BitLocker to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.
|
|
In cases where it is not practical to hard reset the target machine, an attacker may alternatively physically remove the memory modules from the original system and quickly place them into a compatible machine under the attacker's control, which is then booted to access the memory. Further analysis can then be performed against the data dumped from RAM. A similar kind of attack can also be used to extract data from memory, such as a DMA attack that allows the physical memory to be accessed via a high-speed expansion port such as FireWire. A cold boot attack may be preferred in certain cases, such as when there is high risk of hardware damage.
|
|
Typically, a cold boot attack can be prevented by limiting an attacker's physical access to the computer or by making it increasingly difficult to carry out the attack. One method involves soldering or gluing in the memory modules onto the motherboard, so they cannot be easily removed from their sockets and inserted into another machine under an attacker's control. However, this does not prevent an attacker from booting the victim's machine and performing a memory dump using a removable USB flash drive. A mitigation such as UEFI Secure Boot or similar boot verification approaches can be effective in preventing an attacker from booting up a custom software environment to dump out the contents of soldered-on main memory.
|
|
In computer security, a common problem for data security is how an intruder can access encrypted data on a computer. Modern encryption algorithms, correctly implemented and with strong passwords, are often unbreakable with current technology, so emphasis has moved to techniques that bypass this requirement, by exploiting aspects of data security where the encryption can be "broken" with much less effort, or else bypassed completely. A cold boot attack is one such means by which an intruder can defeat encryption despite system security, if they can gain physical access to the running machine. It is premised on the physical properties of the circuitry within memory devices that are commonly used in computers.
|
|
Double boot (also known as cold double boot, double cold boot, double POST, power-on auto reboot, or fake boot) is a feature of the BIOS, and may occur after changes to the BIOS' settings or the system's configuration, or a power failure while the system was in one of certain sleep modes. Changing some parameters in the BIOS will cause this issue, even for items as simple as initializing the current CPU and memory clocks. At such times, a reboot will be required. If the computer did not have any power and had just been plugged in, the same parameters would need to be implemented again, and since these parameters require a reboot, the computer will do a quick reset to implement the parameters that are set in the BIOS.
|
|
A study published in 2008 found data remanence in dynamic random-access memory (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to use a cold boot attack to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control by the owner. Early versions of FileVault automatically stored the user's passphrase in the system keychain, requiring the user to notice and manually disable this security hole.
|
|
VeraCrypt stores its keys in RAM; on some personal computers DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms may be able to recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), was successfully used to attack a file system protected by TrueCrypt versions 4.3a and 5.0a in 2008. With version 1.24, VeraCrypt added the option of encrypting the in-RAM keys and passwords on 64-bit Windows systems, with a CPU overhead of less than 10%, and the option of erasing all encryption keys from memory when a new device is connected.
|
|
TRESOR (recursive acronym for "TRESOR Runs Encryption Securely Outside RAM", and also the German word for a safe) is a Linux kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual random-access memory (RAM). It is one of two proposed solutions for general-purpose computers (the other uses CPU cache for the same purposeThe other has been called frozen cache; the two are similar in using CPU based encryption key storage, but differs in that frozen cache uses CPU cache for the purpose rather than CPU registers. ), was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011. The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.
|
|
As a student at Princeton, Halderman played a significant role exposing flaws in Digital Rights Management software used on compact discs. In 2004, he discovered that a DRM system called MediaMax CD-3 could be bypassed simply by holding down the shift key while inserting a CD. The company behind the system briefly threatened him with a $10 million lawsuit, landing him on the front page of USA Today. Later, in 2005, he helped show that a DRM system called Extended Copy Protection functioned identically to a rootkit and weakened the security of computers in which audio CDs were played. The ensuing Sony BMG copy protection rootkit scandal led to the recall of millions of CDs, class action lawsuits, and enforcement action by the U.S. Federal Trade Commission. In 2008, Halderman led the team that discovered the cold boot attack against disk encryption, which allows an attacker with physical access to a computer device to extract encryption keys or other secrets from its memory.
|
|
Additionally, hardware backdoors can undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods. In the case of full disk encryption applications, especially when implemented without a boot PIN, a cryptoprocessor would not be secure against a cold boot attack if data remanence could be exploited to dump memory contents after the operating system has retrieved the cryptographic keys from its TPM. However, if all of the sensitive data is stored only in cryptoprocessor memory and not in external storage, and the cryptoprocessor is designed to be unable to reveal keys or decrypted or unencrypted data on chip bonding pads or solder bumps, then such protected data would be accessible only by probing the cryptoprocessor chip after removing any packaging and metal shielding layers from the cryptoprocessor chip. This would require both physical possession of the device as well as skills and equipment beyond that of most technical personnel.
|
|
This can be important if the system cannot be used to view, copy or access that data—for example the system is locked, or may have booby traps or other intrusion controls, or is needed in a guaranteed untouched form for forensic or evidentiary purposes. Since this is a physical property of the hardware itself, and based on physical properties of memory devices, it cannot be defeated easily by pure software techniques, since all software running in memory at the point of intervention becomes accessible. As a result, any encryption software whose keys could be accessed this way is vulnerable to such attacks. Usually a cold boot attack involves cooling memory chips or quickly restarting the computer, and exploiting the fact that data is not immediately lost (or not lost if power is very quickly restored) and the data that was held at the point of intervention will be left accessible to examination.
|
|
Heninger is known for her work on freezing powered- down security devices to slow their fading memories and allow their secrets to be recovered via a cold boot attack, for her discovery that weak keys for the RSA cryptosystem are in widespread use by internet routers and other embedded devices, for her research on how failures of forward secrecy in bad implementations of the Diffie–Hellman key exchange may have allowed the National Security Agency to decrypt large amounts of internet traffic via the Logjam vulnerability, and for the DROWN attack, which uses servers supporting old and weak cryptography to decrypt traffic from modern clients to modern servers. Heninger's other research contributions include a variant of the RSA cryptosystem that would be secure against quantum computers, an attack on implementations of the ANSI X9.31 cryptographically secure pseudorandom number generator that use hard-coded seed keys to initialize the generator, and the discovery of a side-channel attack against some versions of the libgcrypt cryptography library.
|
|