Talk:Cold boot attack

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Cryptography / Computer science  (Rated C-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the quality scale.
 Low  This article has been rated as Low-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science (marked as Low-importance).
 
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

I think there should be a criticisms section. I know a lot of debate has been going on about this in the crypto community. Especially the TrueCrypt forums. —Preceding unsigned comment added by 65.65.222.162 (talk) 08:57, 9 May 2008 (UTC)

False information?[edit]

Coreect me if I'm wrong - but doesn't TPM use hardware? However, this article claims that this is a problem with hardware, therefore TPM is weak. Does this imply that TPM is not hardware? It seems to me that this is inaccurate information.  —CobraA1 05:08, 19 March 2008 (UTC)

No, the hardware that the problem is with is the memory, not the TPM. Socrates2008 (Talk) 06:02, 19 March 2008 (UTC)
Forgive me for being dense - but if the key is stored on the TPM rather than in memory, then how do they find the key?  —CobraA1 20:55, 19 March 2008 (UTC)
Unfortunately, you've got to retrieve the key from the TPM at some point and use it. (Decryption/encryption occurs in memory) Socrates2008 (Talk) 21:04, 19 March 2008 (UTC)
Okay, thanks for the clarification.  —CobraA1 21:25, 19 March 2008 (UTC)

Cold boot attack[edit]

Opening sentence states:

In cryptography, a cold boot attack, platform reset attack, cold ghosting attack or iceman attack[1] is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system by cold booting the machine.

It fails to explain what 'cold booting' is, just repeating the term 'cold booting' in the hope that readers already know what it is. It may need rewriting by an expert. I may try to re-word it myself - my understanding of cold booting is that it is a boot from off, or a boot from no power such as a hard reset. mmj (talk) 03:19, 19 November 2008 (UTC)

In this context, I think a cold boot refers to rebooting the machine while it is running by cycling power (without shutting down the operating system the normal way). The attack is not likely to work if the machine has been off for more than a few seconds to a few minutes. The only exception is when a TPM is used, because it can load keys in RAM even if the machine has been turned off indefinitely. --IO Device (talk) 18:13, 3 March 2009 (UTC)

Mitigations: Use advanced encryption[edit]

The mitigations section contained a paragraph describing a feature of the BitLocker Drive Encryption product, however this paragraph does not relate specifically to cold-boot attacks. A cold-boot attack relies on the ability for RAM to retain its data for a few seconds after a cold reboot which is performed while the computer is on (or immediately after it is turned off). The paragraph below describes security methods which, while definitely notable, do not relate to cold boot attacks, because the key is still stored in RAM while in use. Use of hibernation and off modes to clear the RAM are already covered in other sections. This information could perhaps be relocated to an article on whole disk encryption security.

Use two-factor authentication, such as a pre-boot PIN and/or a removable USB device containing a startup key together with a TPM.[1][2] In this mode, a PIN or startup key is required when turning the machine on or when waking from hibernation mode (a power off mode). The result is that once the computer has been turned off for a few minutes, the data in RAM will no longer be accessible without a secret; the attack can only be completed if the device is obtained while still powered on. No additional protection is offered during sleep mode (a low power mode) as the key typically remains in memory with full disk encryption products and does not have to be re-entered when the machine is resumed. mmj (talk) 03:17, 8 January 2009 (UTC)

I've reverted your edit, because this paragraph covers Microsoft's "official" answer to the Cold Boot Attack. A disk encryption application such as Bitlocker can be configured to work in a "transparent" mode where no user interaction (PIN) or external key is required to obtain the keys from the TPM and decrypt the disk. This default mode is susceptible to the Cold Boot attack (because the machine automatically retrieves keys from the TPM into RAM when powered on) unless Bitlocker is also configured to use a PIN and/or external key in addition to the TPM key. Socrates2008 (Talk) 04:40, 8 January 2009 (UTC)
I'm sorry, but I still do not understand how this is relevant to a Cold Boot attack, given how a cold boot attack works. I cannot see how requiring additional PINs or keys at bootup is relevant to preventing cold boot attacks, because a cold boot attack is not performed on a computer which has been off and when that computer requires a key from the user is irrelevant. It is performed on a computer while it is running and has encryption keys in RAM. The attack you describe appears to not be a cold boot attack but a "attack exploiting the system's behaviour of keeping the key in the TPM while powered off". Perhaps this is an indication that your paragraph needs to be rewritten so as to better explain how this applies to a cold boot attack. mmj (talk) 01:00, 9 January 2009 (UTC)
I've looked into it some more and suggested some edits - see article page. I've placed the section underneath the power management section as it provides further information on the safety of hibernate and power off modes for systems using a TPM security device. Feel free to modify or expand. mmj (talk) 01:17, 9 January 2009 (UTC)
I think this is a relevant mitigation to cold-boot attacks, because the attack it mitigates is a two-step one: first, take the powered-off device and power it on, loading the keys into RAM; second, perform a cold-boot attack to obtain the keys without having to overcome TPM defenses. An alternative attack would be to access the persistent storage where the keys are stored directly; this attack is also mitigated, but is irrelevant to this article. Dcoetzee 04:41, 9 January 2009 (UTC)
Kindly stop deleting this section because you don't understand it - discuss and clarify here. To explain further: If a machine running Vista is stolen while completely powered off, then in a default Bitlocker configuration that uses the TPM it can simply be turned on and booted to the point of the CNL-ALT-DEL screen before the Cold Boot Attack is executed. i.e. Contrary to common logic, the TPM with Bitlocker offers NO PROTECTION in a default configuration against a cold boot attack when the machine is powered off (no keys in memory) when stolen. A TPM is designed specifically to protect keys when a machine is off - which it does correcly - however as soon as the keys are retrieved from the TPM into memory during the boot process, they are immediately vulnerable to the Cold Boot Attack. So, to FULLY protect a machine against a Cold Boot Attack, a boot PIN or external key needs to be configured together with the TPM key so that an attacker cannot simply turn a TPM-protected machine on then hack it. More questions, then ask here, but kindly do not delete this content again. Thank you. Socrates2008 (Talk) 10:31, 9 January 2009 (UTC)
My previous edit did not delete it, but modified it in an attempt to make it clearer how it related to cold boot attacks, and moved it below the section on power management. Your most recent modifications seem to explain it even better than mine did, which is good. I still have a feeling that the heading would be better located below the section on power management rather than above. I feel as the section on power management explains more basic and general concepts which this information on Bitlocker with TPM expand upon. mmj (talk) 04:40, 14 January 2009 (UTC)
Thanks for the clarification - feel free to re-order the items as I didn't put them in any specific order. Socrates2008 (Talk) 07:00, 14 January 2009 (UTC)

Automatic memory wiping[edit]

Would it not make cold boot attacks harder if a memory device was equipped with circuitry that would wipe the section of memory which contains keys in case of unclean shutdown? this could be powered by a capacitor. of course the components needed for this would have to be included on the device itself. --Edgjerp (talk) 09:49, 22 May 2009 (UTC)

The simplest solution would be to make a change to the Power On Self Test (POST) procedure so that the first action after pressing the power button is a memory test that starts with writing a burst of random data to all the RAM. That wouldn't work against pulling the plug then chilling the RAM and installing it into another computer without such protection. There would also have to be a "dying gasp" system using a small amount of stored power (or simply use the CMOS battery to power it) to scramble the RAM upon a sudden power loss. To block attempts to defeat it by removing the CMOS battery with the system running, tie in a zero battery voltage to scramble the RAM using power from the normal power supply. These systems could also be hard wired to a chassis intrusion detection switch. Open the case and *pop*, the RAM gets scrambled. If the computer is running, it'd crash due to memory errors. The protections built into the motherboard would defeat cutting a hole in the case to bypass the intrusion switch. Any chip connections to the protection systems should be inner contacts on surface mounted packages, connected to traces buried inside the circuit board layers, and come to the surface nowhere before connecting to another chip. That would be to completely block any electrical connection to block or inject signals to interfere with the protection. Bizzybody (talk) 11:25, 7 March 2014 (UTC)

Liquid nitrogen[edit]

What's the significance of liquid nitrogen, as mentioned in the "In Popular Media" section? Is it just a construct of TV or does it help preserve data in the memory? Brammers (talk) 09:53, 25 May 2009 (UTC)

Well, In theory Liquid Nitrogen (Or another sub-zero medium) Would help prevent degradation of the data stored on the RAM module(s) though I believe RAM taken HOT from a computer (E.G. when it still HAS it's memory), and dumped into Liquid Nitrogen would cause Thermal Fissures in the casing and PCB, thereby destroying any chance our Would Be Hollywood Hacker had... A more interesting approach I find lacking is Multiple RAM Modules, and also Hardwired RAM (As in the Early Asus EEEpcs) The first, would make a Cold Boot attack less likely too succeed as Multiple Modules tend too fall out of sync the moment Power is disrupted, Also the Modules would have to be in the same order, and enumerated in the same order as the Host they were taken from. The Latter is a Physical form of protection, as applying heat too the contacts too lift the module is both time consuming and risky, As one could easily short the memory, making an Attack impossible, and Heat will cause an increased degradation of data. the one way you wouldn't need too worry so much is if you're computer had a SIMM (Single Input Memory Module) RAM module instead of the standard DIMM (Dual Input Memory Module). But the SIMM modules are becoming increasingly Rare. Gartral (talk) 22:18, 7 February 2011 (UTC)