HackingTheUniverse

Cold boot attacks involve a cold reboot of a computer into an environment designed to retrieve information from memory even after the ram chips have not been refreshed by current for several minutes. It seems that ram chips hold memory content much longer than the specifications call for. If a computer system is not gracefully powered down, giving the operating system time to close files, but instead the power cord is just pulled out, a lot of information is left in the ram that may be of interest to an attacker. If within a few minutes, the system is rebooted into another operating environment that is designed to maximize information retrieval from memory, searches can be run to locate things like encryption keys and passwords. While cooling down the ram chips involved can extend the length of time they can hold information, it is not necessary.

Cold-boot attacks change the data leakage landscape

Cold-boot attacks represent a new vulnerability. The most significant aspect of this vulnerability is that no effective countermeasure exists; Halderman et al. write, “Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.” Thus, other actions must be implemented in order to address the associated risk.

In theory, it would be a trivial and effective solution to always power off the computer system any time it is about to be potentially exposed to unauthorized physical access. However, practical implications render this approach unfeasible: Nobody is going to power down their workstation every time they leave the room or even the building – and most servers are up as much as possible.

LestWe Remember: Cold Boot Attacks on Encryption Keys

Contrary to popular belief, DRAMs hold their values for surprisingly long intervals without power or refresh. Our experiments show that this fact enables a variety of security attacks that can extract sensitive information such as cryptographic keys from memory, despite the operating system’s efforts to protect memory contents. The attacks we describe are practical—for xample, we have used them to defeat several popular disk encryption systems.

Cold Boot Attack Tools for Linux

Cold Boot Attack Tools Released
In the paper, the researchers not only outlined the cold boot attack, they also described tools they had created to take advantage of this flaw. On July 16, 2008, the complete source code for these tools was released to the public at citp.princeton.edu/memory/code. In true UNIX style, each of the tools are small and single-purpose:

Resources
Official Page for the Cold Boot Attack: citp.princeton.edu/memory
Direct Link to the Research Paper: citp.princeton.edu/pub/coldboot.pdf
Source Code for Cold Boot Attack Tools: citp.princeton.edu/memory/code