Lest we remember : cold boot attacks on encryption keys

J.A. Halderman; S.D. Schoen; N. Heninger; W. Clarkson; W. Paul; J.A. Calandrino; A.J. Feldman; Jacob Appelbaum; E.W. Felten

Lest we remember : cold boot attacks on encryption keys

J.A. Halderman, S.D. Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Feldman, Jacob Appelbaum, E.W. Felten

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAM becomes less reliable when it is not refreshed, it is not immediately erased, and its contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine. It poses a particular threat to laptop users who rely on disk encryption: we demonstrate that it could be used to compromise several popular disk encryption products without the need for any special devices or materials. We experimentally characterize the extent and predictability of memory retention and report that remanence times can be increased dramatically with simple cooling techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for mitigating these risks, we know of no simple remedy that would eliminate them.

Original language	English
Title of host publication	Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA
Pages	45-60
Number of pages	16
Publication status	Published - 2008
Externally published	Yes
Event	17th USENIX Security Symposium (USENIX Security 2008) - San Jose, United States Duration: 29 Jul 2008 → 2 Aug 2008 Conference number: 17 https://www.usenix.org/legacy/events/sec08/

Conference

Conference	17th USENIX Security Symposium (USENIX Security 2008)
Abbreviated title	USENIX Security 2008
Country/Territory	United States
City	San Jose
Period	29/07/08 → 2/08/08
Internet address	https://www.usenix.org/legacy/events/sec08/

Access to Document

http://www.usenix.org/events/sec08/tech/full_papers/halderman/halderman.pdf

Best Student Paper
Appelbaum, Jacob R. (Recipient), 2008
Prize: Other › Career, activity or publication related prizes (lifetime, best paper, poster etc.) › Scientific
Most Innovative Research
Appelbaum, Jacob R. (Recipient), 2008
Prize: Other › Career, activity or publication related prizes (lifetime, best paper, poster etc.) › Scientific

Cite this

Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., Feldman, A. J., Appelbaum, J., & Felten, E. W. (2008). Lest we remember : cold boot attacks on encryption keys. In Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA (pp. 45-60) http://www.usenix.org/events/sec08/tech/full_papers/halderman/halderman.pdf

@inproceedings{47043f940b364b8393a71e8ba6d5699e,

title = "Lest we remember : cold boot attacks on encryption keys",

abstract = "Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAM becomes less reliable when it is not refreshed, it is not immediately erased, and its contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine. It poses a particular threat to laptop users who rely on disk encryption: we demonstrate that it could be used to compromise several popular disk encryption products without the need for any special devices or materials. We experimentally characterize the extent and predictability of memory retention and report that remanence times can be increased dramatically with simple cooling techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for mitigating these risks, we know of no simple remedy that would eliminate them.",

author = "J.A. Halderman and S.D. Schoen and N. Heninger and W. Clarkson and W. Paul and J.A. Calandrino and A.J. Feldman and Jacob Appelbaum and E.W. Felten",

year = "2008",

language = "English",

pages = "45--60",

booktitle = "Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA",

note = "17th USENIX Security Symposium (USENIX Security 2008), USENIX Security 2008 ; Conference date: 29-07-2008 Through 02-08-2008",

url = "https://www.usenix.org/legacy/events/sec08/",

}

Halderman, JA, Schoen, SD, Heninger, N, Clarkson, W, Paul, W, Calandrino, JA, Feldman, AJ, Appelbaum, J & Felten, EW 2008, Lest we remember : cold boot attacks on encryption keys. in Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA. pp. 45-60, 17th USENIX Security Symposium (USENIX Security 2008), San Jose, United States, 29/07/08. <http://www.usenix.org/events/sec08/tech/full_papers/halderman/halderman.pdf>

TY - GEN

T1 - Lest we remember : cold boot attacks on encryption keys

AU - Halderman, J.A.

AU - Schoen, S.D.

AU - Heninger, N.

AU - Clarkson, W.

AU - Paul, W.

AU - Calandrino, J.A.

AU - Feldman, A.J.

AU - Appelbaum, Jacob

AU - Felten, E.W.

N1 - Conference code: 17

PY - 2008

Y1 - 2008

N2 - Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAM becomes less reliable when it is not refreshed, it is not immediately erased, and its contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine. It poses a particular threat to laptop users who rely on disk encryption: we demonstrate that it could be used to compromise several popular disk encryption products without the need for any special devices or materials. We experimentally characterize the extent and predictability of memory retention and report that remanence times can be increased dramatically with simple cooling techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for mitigating these risks, we know of no simple remedy that would eliminate them.

AB - Contrary to widespread assumption, dynamic RAM (DRAM), the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard. Although DRAM becomes less reliable when it is not refreshed, it is not immediately erased, and its contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine. It poses a particular threat to laptop users who rely on disk encryption: we demonstrate that it could be used to compromise several popular disk encryption products without the need for any special devices or materials. We experimentally characterize the extent and predictability of memory retention and report that remanence times can be increased dramatically with simple cooling techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for mitigating these risks, we know of no simple remedy that would eliminate them.

M3 - Conference contribution

SP - 45

EP - 60

BT - Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA

T2 - 17th USENIX Security Symposium (USENIX Security 2008)

Y2 - 29 July 2008 through 2 August 2008

ER -

Lest we remember : cold boot attacks on encryption keys

Abstract

Conference

Access to Document

Fingerprint

Prizes

Best Student Paper

Most Innovative Research

Cite this