Talk:Cold boot attack
This is the talk page for discussing improvements to the Cold boot attack article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
Untitled
[edit]I think there should be a criticisms section. I know a lot of debate has been going on about this in the crypto community. Especially the TrueCrypt forums. —Preceding unsigned comment added by 65.65.222.162 (talk) 08:57, 9 May 2008 (UTC)
False information?
[edit]Coreect me if I'm wrong - but doesn't TPM use hardware? However, this article claims that this is a problem with hardware, therefore TPM is weak. Does this imply that TPM is not hardware? It seems to me that this is inaccurate information. —CobraA1 05:08, 19 March 2008 (UTC)
- No, the hardware that the problem is with is the memory, not the TPM. Socrates2008 (Talk) 06:02, 19 March 2008 (UTC)
- Forgive me for being dense - but if the key is stored on the TPM rather than in memory, then how do they find the key? —CobraA1 20:55, 19 March 2008 (UTC)
- Unfortunately, you've got to retrieve the key from the TPM at some point and use it. (Decryption/encryption occurs in memory) Socrates2008 (Talk) 21:04, 19 March 2008 (UTC)
- Okay, thanks for the clarification. —CobraA1 21:25, 19 March 2008 (UTC)
- Unfortunately, you've got to retrieve the key from the TPM at some point and use it. (Decryption/encryption occurs in memory) Socrates2008 (Talk) 21:04, 19 March 2008 (UTC)
- Forgive me for being dense - but if the key is stored on the TPM rather than in memory, then how do they find the key? —CobraA1 20:55, 19 March 2008 (UTC)
Cold boot attack
[edit]Opening sentence states:
- In cryptography, a cold boot attack, platform reset attack, cold ghosting attack or iceman attack[1] is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system by cold booting the machine.
It fails to explain what 'cold booting' is, just repeating the term 'cold booting' in the hope that readers already know what it is. It may need rewriting by an expert. I may try to re-word it myself - my understanding of cold booting is that it is a boot from off, or a boot from no power such as a hard reset. mmj (talk) 03:19, 19 November 2008 (UTC)
- In this context, I think a cold boot refers to rebooting the machine while it is running by cycling power (without shutting down the operating system the normal way). The attack is not likely to work if the machine has been off for more than a few seconds to a few minutes. The only exception is when a TPM is used, because it can load keys in RAM even if the machine has been turned off indefinitely. --IO Device (talk) 18:13, 3 March 2009 (UTC)
Mitigations: Use advanced encryption
[edit]The mitigations section contained a paragraph describing a feature of the BitLocker Drive Encryption product, however this paragraph does not relate specifically to cold-boot attacks. A cold-boot attack relies on the ability for RAM to retain its data for a few seconds after a cold reboot which is performed while the computer is on (or immediately after it is turned off). The paragraph below describes security methods which, while definitely notable, do not relate to cold boot attacks, because the key is still stored in RAM while in use. Use of hibernation and off modes to clear the RAM are already covered in other sections. This information could perhaps be relocated to an article on whole disk encryption security.
Use two-factor authentication, such as a pre-boot PIN and/or a removable USB device containing a startup key together with a TPM.[1][2] In this mode, a PIN or startup key is required when turning the machine on or when waking from hibernation mode (a power off mode). The result is that once the computer has been turned off for a few minutes, the data in RAM will no longer be accessible without a secret; the attack can only be completed if the device is obtained while still powered on. No additional protection is offered during sleep mode (a low power mode) as the key typically remains in memory with full disk encryption products and does not have to be re-entered when the machine is resumed. mmj (talk) 03:17, 8 January 2009 (UTC)
- I've reverted your edit, because this paragraph covers Microsoft's "official" answer to the Cold Boot Attack. A disk encryption application such as Bitlocker can be configured to work in a "transparent" mode where no user interaction (PIN) or external key is required to obtain the keys from the TPM and decrypt the disk. This default mode is susceptible to the Cold Boot attack (because the machine automatically retrieves keys from the TPM into RAM when powered on) unless Bitlocker is also configured to use a PIN and/or external key in addition to the TPM key. Socrates2008 (Talk) 04:40, 8 January 2009 (UTC)
- I'm sorry, but I still do not understand how this is relevant to a Cold Boot attack, given how a cold boot attack works. I cannot see how requiring additional PINs or keys at bootup is relevant to preventing cold boot attacks, because a cold boot attack is not performed on a computer which has been off and when that computer requires a key from the user is irrelevant. It is performed on a computer while it is running and has encryption keys in RAM. The attack you describe appears to not be a cold boot attack but a "attack exploiting the system's behaviour of keeping the key in the TPM while powered off". Perhaps this is an indication that your paragraph needs to be rewritten so as to better explain how this applies to a cold boot attack. mmj (talk) 01:00, 9 January 2009 (UTC)
- I've looked into it some more and suggested some edits - see article page. I've placed the section underneath the power management section as it provides further information on the safety of hibernate and power off modes for systems using a TPM security device. Feel free to modify or expand. mmj (talk) 01:17, 9 January 2009 (UTC)
- I'm sorry, but I still do not understand how this is relevant to a Cold Boot attack, given how a cold boot attack works. I cannot see how requiring additional PINs or keys at bootup is relevant to preventing cold boot attacks, because a cold boot attack is not performed on a computer which has been off and when that computer requires a key from the user is irrelevant. It is performed on a computer while it is running and has encryption keys in RAM. The attack you describe appears to not be a cold boot attack but a "attack exploiting the system's behaviour of keeping the key in the TPM while powered off". Perhaps this is an indication that your paragraph needs to be rewritten so as to better explain how this applies to a cold boot attack. mmj (talk) 01:00, 9 January 2009 (UTC)
- I think this is a relevant mitigation to cold-boot attacks, because the attack it mitigates is a two-step one: first, take the powered-off device and power it on, loading the keys into RAM; second, perform a cold-boot attack to obtain the keys without having to overcome TPM defenses. An alternative attack would be to access the persistent storage where the keys are stored directly; this attack is also mitigated, but is irrelevant to this article. Dcoetzee 04:41, 9 January 2009 (UTC)
- Kindly stop deleting this section because you don't understand it - discuss and clarify here. To explain further: If a machine running Vista is stolen while completely powered off, then in a default Bitlocker configuration that uses the TPM it can simply be turned on and booted to the point of the CNL-ALT-DEL screen before the Cold Boot Attack is executed. i.e. Contrary to common logic, the TPM with Bitlocker offers NO PROTECTION in a default configuration against a cold boot attack when the machine is powered off (no keys in memory) when stolen. A TPM is designed specifically to protect keys when a machine is off - which it does correcly - however as soon as the keys are retrieved from the TPM into memory during the boot process, they are immediately vulnerable to the Cold Boot Attack. So, to FULLY protect a machine against a Cold Boot Attack, a boot PIN or external key needs to be configured together with the TPM key so that an attacker cannot simply turn a TPM-protected machine on then hack it. More questions, then ask here, but kindly do not delete this content again. Thank you. Socrates2008 (Talk) 10:31, 9 January 2009 (UTC)
- My previous edit did not delete it, but modified it in an attempt to make it clearer how it related to cold boot attacks, and moved it below the section on power management. Your most recent modifications seem to explain it even better than mine did, which is good. I still have a feeling that the heading would be better located below the section on power management rather than above. I feel as the section on power management explains more basic and general concepts which this information on Bitlocker with TPM expand upon. mmj (talk) 04:40, 14 January 2009 (UTC)
- Thanks for the clarification - feel free to re-order the items as I didn't put them in any specific order. Socrates2008 (Talk) 07:00, 14 January 2009 (UTC)
- My previous edit did not delete it, but modified it in an attempt to make it clearer how it related to cold boot attacks, and moved it below the section on power management. Your most recent modifications seem to explain it even better than mine did, which is good. I still have a feeling that the heading would be better located below the section on power management rather than above. I feel as the section on power management explains more basic and general concepts which this information on Bitlocker with TPM expand upon. mmj (talk) 04:40, 14 January 2009 (UTC)
- Kindly stop deleting this section because you don't understand it - discuss and clarify here. To explain further: If a machine running Vista is stolen while completely powered off, then in a default Bitlocker configuration that uses the TPM it can simply be turned on and booted to the point of the CNL-ALT-DEL screen before the Cold Boot Attack is executed. i.e. Contrary to common logic, the TPM with Bitlocker offers NO PROTECTION in a default configuration against a cold boot attack when the machine is powered off (no keys in memory) when stolen. A TPM is designed specifically to protect keys when a machine is off - which it does correcly - however as soon as the keys are retrieved from the TPM into memory during the boot process, they are immediately vulnerable to the Cold Boot Attack. So, to FULLY protect a machine against a Cold Boot Attack, a boot PIN or external key needs to be configured together with the TPM key so that an attacker cannot simply turn a TPM-protected machine on then hack it. More questions, then ask here, but kindly do not delete this content again. Thank you. Socrates2008 (Talk) 10:31, 9 January 2009 (UTC)
References
- ^ "BitLocker Drive Encryption Technical Overview". Microsoft. 2008. Retrieved 2008-11-19.
- ^ Cite error: The named reference
SITG
was invoked but never defined (see the help page).
Automatic memory wiping
[edit]Would it not make cold boot attacks harder if a memory device was equipped with circuitry that would wipe the section of memory which contains keys in case of unclean shutdown? this could be powered by a capacitor. of course the components needed for this would have to be included on the device itself. --Edgjerp (talk) 09:49, 22 May 2009 (UTC)
- The simplest solution would be to make a change to the Power On Self Test (POST) procedure so that the first action after pressing the power button is a memory test that starts with writing a burst of random data to all the RAM. That wouldn't work against pulling the plug then chilling the RAM and installing it into another computer without such protection. There would also have to be a "dying gasp" system using a small amount of stored power (or simply use the CMOS battery to power it) to scramble the RAM upon a sudden power loss. To block attempts to defeat it by removing the CMOS battery with the system running, tie in a zero battery voltage to scramble the RAM using power from the normal power supply. These systems could also be hard wired to a chassis intrusion detection switch. Open the case and *pop*, the RAM gets scrambled. If the computer is running, it'd crash due to memory errors. The protections built into the motherboard would defeat cutting a hole in the case to bypass the intrusion switch. Any chip connections to the protection systems should be inner contacts on surface mounted packages, connected to traces buried inside the circuit board layers, and come to the surface nowhere before connecting to another chip. That would be to completely block any electrical connection to block or inject signals to interfere with the protection. Bizzybody (talk) 11:25, 7 March 2014 (UTC)
Liquid nitrogen
[edit]What's the significance of liquid nitrogen, as mentioned in the "In Popular Media" section? Is it just a construct of TV or does it help preserve data in the memory? Brammers (talk) 09:53, 25 May 2009 (UTC)
- Well, In theory Liquid Nitrogen (Or another sub-zero medium) Would help prevent degradation of the data stored on the RAM module(s) though I believe RAM taken HOT from a computer (E.G. when it still HAS it's memory), and dumped into Liquid Nitrogen would cause Thermal Fissures in the casing and PCB, thereby destroying any chance our Would Be Hollywood Hacker had... A more interesting approach I find lacking is Multiple RAM Modules, and also Hardwired RAM (As in the Early Asus EEEpcs) The first, would make a Cold Boot attack less likely too succeed as Multiple Modules tend too fall out of sync the moment Power is disrupted, Also the Modules would have to be in the same order, and enumerated in the same order as the Host they were taken from. The Latter is a Physical form of protection, as applying heat too the contacts too lift the module is both time consuming and risky, As one could easily short the memory, making an Attack impossible, and Heat will cause an increased degradation of data. the one way you wouldn't need too worry so much is if you're computer had a SIMM (Single Input Memory Module) RAM module instead of the standard DIMM (Dual Input Memory Module). But the SIMM modules are becoming increasingly Rare. Gartral (talk) 22:18, 7 February 2011 (UTC)
Terminology quibble
[edit]"Cold booting the machine - cycling the power off then on, or, if available, using the reset switch..."
Correct me if I'm either imagining things, or just desperately behind the times (daddio...), but isn't "hitting the reset button" generally one of the definitions of a warm boot? Ctrl-alt-del only really restarts the OS, where that's even what happens when you press that key combination. Reset zeroes out the CPU and forces a full restart from POST, but doesn't affect the memory, drives, etc unless there's particular motherboard circuitry to do so. For a proper cold boot, you have to remove main power at least long enough for all the main chips (other than RAM, I guess...) to naturally reset when it's restored as they sense a coming-up-from-power-off situation.
Certainly back in't day, when multitasking was a word you'd only hear from the mouth of someone high on LSD watching a herd of walruses and not all platforms had a C-A-D type shortcut, frobbing the reset switch was a universal cognate for warm booting (and was the safer choice if you were leaving a disc in the boot drive, and the preferred option if you wanted to do a bit of surrepitous poking-around in RAM, maybe with the aid of a cartridge / bus port / ISA slot debugger), and power cycling (preferably with a 30+ second supply interruption) was the only "cold" option...
(Which I guess actually makes Hibernation a "colder" option than an actual system restart...) 193.63.174.115 (talk) 15:26, 26 November 2015 (UTC)
- That's some kind of a gray area, please see the Reboot (computing) § Cold vs. warm reboot section for more details and associated references. — Dsimic (talk | contribs) 00:32, 23 December 2015 (UTC)
External links modified
[edit]Hello fellow Wikipedians,
I have just modified 2 external links on Cold boot attack. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20120113062139/http://www1.informatik.uni-erlangen.de/tresorfiles/tresor.pdf to http://www1.informatik.uni-erlangen.de/tresorfiles/tresor.pdf
- Added archive https://web.archive.org/web/20080516212552/http://mcgrewsecurity.com/projects/msramdmp/ to http://mcgrewsecurity.com/projects/msramdmp/
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 10:02, 10 August 2017 (UTC)
Mitigation: eDRAM (memory on the processor) ?
[edit]I would be interested in any research or PoC code that keeps encryption keys in eDRAM. To my understanding, this might be a defense against cold-boot attacks, DMA siphoning, etc; partly because it would take far longer to transplant a cpu than dimms, but especially if (by chance) eDRAM is programmatically cleared by the processor upon power-up. --Osndok (talk) 19:19, 16 February 2018 (UTC)
Contradiction
[edit]"For example, a cold boot attack is used in situations where a system is secured and it is not possible to access the computer."
But the very first paragraph says physical access is required and all the descriptions about freezing the RAM, putting it in another machine, resetting and booting from a USB drive, etc. describe things that require physical access. 2600:1700:D0A0:21B0:8981:FEBD:4662:A3B0 (talk) 01:57, 31 March 2022 (UTC)
- C-Class Cryptography articles
- Low-importance Cryptography articles
- C-Class Computer science articles
- Low-importance Computer science articles
- WikiProject Computer science articles
- WikiProject Cryptography articles
- C-Class Computer Security articles
- Low-importance Computer Security articles
- C-Class Computer Security articles of Low-importance
- C-Class Computing articles
- Low-importance Computing articles
- All Computing articles
- All Computer Security articles