On the Practicability of Cold Boot Attacks
- 1 September 2013
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2013 International Conference on Availability, Reliability and Security
- p. 390-397
- https://doi.org/10.1109/ares.2013.52
Abstract
Even though a target machine uses full disk encryption, cold boot attacks can retrieve unencrypted data from RAM. Cold boot attacks are based on the remanence effect of RAM which says that memory contents do not disappear immediately after power is cut, but that they fade gradually over time. This effect can be exploited by rebooting a running machine, or by transplanting its RAM chips into an analysis machine that reads out what is left in memory. In theory, this kind of attack is known since the 1990s. However, only in 2008, Halderman et al. have shown that cold boot attacks can be well deployed in practical scenarios. In the work in hand, we investigate the practicability of cold boot attacks. We verify the claims by Halderman et al. independently in a systematic fashion. For DDR1 and DDR2, we provide results from our experimental measurements that in large part agree with the original results. However, we also point out that we could not reproduce cold boot attacks against modern DDR3 chips. Our test set comprises 17 systems and system configurations, from which 5 are based on DDR3.Keywords
This publication has 5 references indexed in Scilit:
- Cold Boot Key Recovery by Solving Polynomial Systems with NoiseLecture Notes in Computer Science, 2011
- ForenscopePublished by Association for Computing Machinery (ACM) ,2010
- Reconstructing RSA Private Keys from Random Key BitsLecture Notes in Computer Science, 2009
- BootJackerPublished by Association for Computing Machinery (ACM) ,2008
- Low-temperature operation of silicon dynamic random-access memoriesIEEE Transactions on Electron Devices, 1989