cold boot attacks on hard drive encryption
TRANSCRIPT
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
1/22
Cold Boot Attacks on
Hard Drive Encryption
Seth Schoen
Electronic Frontier Foundation
LinuxWorld Conference and Expo 2008
San Francisco, California
http://citp.princeton.edu/memory/
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
2/22
Our team and academic paper
J. Alex Halderman (Princeton)
Seth D. Schoen (Electronic Frontier Foundation)
Nadia Heninger (Princeton)
William Clarkson (Princeton)
William Paul (Wind River Systems) Joseph A. Calandrino (Princeton)
Ariel J. Feldman (Princeton)
Jacob Appelbaum
Edward W. Felten (Princeton)
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
3/22
Our team and academic paper
Lest We Remember: Cold Boot Attacks onEncryption Keys (in Proceedings of the 17thUSENIX Security Symposium, San Jose, CA,2008)
Home page: http://citp.princeton.edu/memory/(including PDF of paper, video, images, andsource code)
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
4/22
Misperceptions of RAM volatility
DRAM is supposed to be refreshed in order tobe reliable
DRAM under refresh has extremely lowprobability of uncommanded bit flips...
DRAM without refresh has a noticeableprobability of experiencing uncommanded bitflips over time but probability of such flips after
many seconds is nowhere nearcertainty Yet we sometimes wrongly speak as though
RAM were designedto clear itself on power loss
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
5/22
DRAMs and SRAMs
SRAMs are like flip-flops
DRAMs are like capacitors SRAMs are faster, DRAMs are cheaper
Both retain some data without power at roomtemperature; both retain more data longer atlower temperatures (cf. Skorobogatov)
DRAMs typically used for PC main memory There are also long-term burn-in effects (cf.
Gutmann); this research is not about those
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
6/22
Shredding Your Garbage
Chow et al. Shredding Your Garbage:Reducing Data Lifetime Through SecureDeallocation (in Proc. 14th USENIX SecuritySymposium, Baltimore)
Tried to measure how long disused datastructures typically persisted in memory
Accidentally found intact data structures in RAM
from previous system boots (!?!?) Torbjrn Pettersson: this could be a means of
acquiring forensic memory images
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
7/22
Hardware people know this...
E.g., Link & May (1979) (early commercialDRAM availability) does low-temperature (LN
2
)
tests with no power, finds week-long retention!
Typically considered a feature (low
temperatures increase reliability, hightemperatures decrease it) common to manylogic devices, not a security problem
Software people are often unaware of thephysical characteristics of devices they use!
They don't break the abstractions
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
8/22
Cold boot attack
Deliberately crash a PC with interesting data inRAM; then restore power to RAM and dump itscontents to a permanent storage medium
Orwake upsleeping/hibernated laptop (to apassword prompt), then crash it and dump RAM
Operating system memory protection policiesare bypassed because operating system is no
longer running (nor can OS clear RAM!) Nearly complete state of previously-running
system is available; passwords not required
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
9/22
Our attacks
Tools to dumpmemory after a reboot
USB stick (or externalhard drive or iPod)
Network boot (e.g.PXE)
Very tiny dumpingapplication (< 10K)
Dump onto samemedium
USB key photo 2007 User:AIMare CC-BY-SA
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
10/22
Our attacks
Optional cooling withcanned air spray(tetrafluoroethane) orliquid nitrogen
Canned air mayachievetemperaturesaround 50 C
Invert can whendischarging(caution!)
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
11/22
Our attacks
New cryptographic techniques to detect keyschedules automatically and correct bit errors
Previous techniques for finding private key materialin memory didn't work well for us, especially in thepresence of bit errors
Source code for this and associated memorydumpers is now available at
http://citp.princeton.edu/memory/code/ Implementations of decryption for particular disk
encryption systems
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
12/22
More on memory dumpers
Small programs that run with no OS
Memory footprint just a few KB Bill Paul implemented them in assembly and C
Can be booted from USB or network (e.g. PXE)
Save entire contents of RAM to same medium
Leave no trace behind on target machine
A proof of concept; other vectors are possible
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
13/22
More on cooling
Typically not requiredon most hardware
Most relevant if RAM must be removed: if targetmachine has a policy preventing booting fromexternal media without a password or if BIOS clearsRAM on boot (e.g. ECC)
Cooling with canned air produces extremely lowtemperatures and good retention times
RAM could be unpowered, even when removedfrom the computer, for over a minute withminimal loss of data sufficient time to transfer
to another machine
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
14/22
When is cooling necessary?
In our experience, cooling was never necessaryexcept when RAM chips had to be physically
removed from a PC
Just restarting laptops at room temperature
never caused enough data loss to preventreconstruction of keys in our experiments
Chips can be removed if BIOS is unfriendly
If BIOS clears RAM or prevents memory dumping
In our experiments, canned air was alwayssufficient for this; liquid nitrogen was never needed
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
15/22
More on correcting bit errors
Cryptographic keys are intended to be random;even a few bit errors could make them useless
But in practice, keys actively being used arestored in memory in usefully redundant ways
These redundancies can be used to find keys Often without prior knowledge of software
And also to correct bit errors A variety of powerful, practical mathematical
techniques developed by Nadia Heninger
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
16/22
Successful attacks against...
Hardware attacks work on all operating systems
BitLocker in basic mode Even fully at rest with computer powered off!
FileVault, dm-crypt, TrueCrypt, Loop-AES
In typical scenarios where computer was running,sleeping, or hibernating
Other systems probably vulnerable too In particular, attackers can bypass locked screen or
login prompt
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
17/22
Our attacks are practical
Fully automated attack on BitLocker basicmode via live CD (because of BitLocker basic
mode's trust in the TPM, this attack does noteven require that laptop was powered on)
Automated RAM dumpers run via USB stick ornetwork boot; we even demonstrated using aninnocuous-looking iPod as an attack vector
Some laptops will not require any cooling; forcooling, canned air spray was always sufficient(liquid nitrogen never required)
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
18/22
Threat models
Some people suggest that our attack doesn'tcount because hard drive encryption isn't
supposed to protect against attackers withphysical access to laptops
Microsoft suggests attack is already documented But why do users encrypt laptop hard drives?
If RAM were really volatile users with
suspended/hibernated laptops and full-diskencryption would be safe: and they probablybelieve they are safe
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
19/22
Countermeasures
Inconvenient but helpful:
Turn laptops all the way off when they could be outof your control (left unattended in public, whiletraveling)
Require a password to boot external media (butsimply moving chips into another machine stillworks unless your DRAMs are non-removable)
Destroy all key material at screen lock orscreensaver activation, suspend, hibernate
This could require significant software changes;
also, user would have to re-authenticate on return
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
20/22
Countermeasures
ECC RAM is cleared at boot time
Harder to attack with off-the-shelf PCs, but probablyeasier to attack with specialized hardware or BIOS
There is also room for research on different
representations of key material in RAM (e.g.exposure-resistant functions, modified keyschedules)
Not a countermeasure: locating keys in lowmemory can't protect against removing RAM; cf.http://www.coreboot.org/Coreinfo BIOS image
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
21/22
Conclusions
Many recent security attacks exploit physicalhardware properties that users and developers
may be unaware of to break abstractions
Emanations security examples: CRTs (and all
digital hardware) are radio transmitters on (atleast) the refresh/clock frequencies they useinternally; recent attacks on light and sound
emitted by CRTs, LCDs, and keyboards(perhaps akin to research in natural sciences)
Security and privacy are pretty hard!
-
7/31/2019 Cold Boot Attacks on Hard Drive Encryption
22/22
Thanks
Seth Schoen
9B36 BCFA 4DE0 8ADE 8A17 D091 56B0 315F 0167 CA38
Please support EFF!http://www.eff.org/
http://citp.princeton.edu/memory/