Cold Boot Attack Defense

From Kicksecure
Jump to navigation Jump to search



Ambox warning pn.svg.png Due to the design of modern computers, nearly all the data manipulated during a session is temporarily written to RAM. This can include texts, saved files, passwords, and encryption keys! Data from more recent activities has a greater likelihood of still residing in RAM. [1]

Modern computer architecture poses a significant risk to Kicksecure ™ users. Adversaries with physical access to a computer running Kicksecure ™ may be able to recover all session activities, even if FDE is enabled.

Even when a computer is powered off, the data in RAM does not immediately disappear. Depending on the circumstances, data can survive for up to several minutes. For example, this occurs when a computer loses power abruptly and does not go through the normal shutdown cycle. [2] If an adversary has immediate physical access to a computer, a cold boot attack can be mounted.

Forensic experts have two main methods of extracting data from RAM: [3]

  • The running computer is cold-booted and a lightweight operating system is booted from a removable disk. A tool is used to dump pre-boot physical memory contents to a file.
  • The memory modules are quickly removed from the original system and placed in another computer under the adversary's control. The machine is then booted to access the memory contents.

In both cases, the RAM contents can be analyzed in a computer forensics laboratory. Depending on what is found, the user may be in serious peril. Notably, cold boot attacks have proven effective against Trusted Platform Modules (TPMs), as well as full disk encryption regardless of the vendor or operating system. For certain memory modules, the time window for an attack can be extended to several hours by cooling them with a refrigerant. [3]

Cold boot attacks are thought to be a very uncommon method of recovering data, but high-risk users should be prepared for such a contingency to stay on the safe side. So long as a cold boot attack is not mounted directly after shutdown, then contents of RAM should be emptied within minutes. [4]

Attack Definition[edit]

A cold boot attack is: [5]

... a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used to retrieve encryption keys from a running operating system for malicious and/or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes after power has been removed.

There are two primary methods of performing the attack: [6]

  1. The target computer is reset and booted from an alternative medium like a USB with a minimal operating system. RAM contents are recovered, except for those that have been already overwritten. BIOS passwords can trivially defeat this method.
  2. Ram modules are physically transplanted from the target computer into another which performs image extraction. Most of the content is retained if properly cooled using certain sprays that increase the data remanence.

Research Findings[edit]

The original 2008 cold boot attack research found:

  • Dynamic random access memory (DRAM) in most computers retain their contents for seconds to minutes after power is lost, even when removed from the motherboard.[7]
  • This persistence allows for forensic or malicious access to system memory images.
  • Attackers with physical access can potentially cold boot the machine and use an operating system on a removable disk to write the contents of physical memory to a file.
  • This file can be analyzed for sensitive data like cryptographic (encryption) keys.
  • This technique was able to defeat disk encryption schemes like BitLocker, TrueCrypt and FileVault.

More recent research in 2018 has identified that mechanisms that overwrite RAM contents when power is restored can be bypassed by rewriting the non-volatile memory chip (firmware) that contains these settings. [8] [9] At the time of writing DDR3/4 RAM appears to protect against cold boot attacks (see next section).

Possible Countermeasures[edit]

Literature Summary[edit]

The literature suggests the following possible countermeasures against cold boot attacks.

Table: Cold Boot Attack Countermeasures

Category Description
Scrubbing memory Software should try to avoid storing keys in memory. For example, software should overwrite keys when unneeded, keys should be prevented from being paged to disk, and memory cleared at boot time. [10] Unfortunately this cannot protect against keys that remain in memory while in active use, such as encrypted disk keys. Further, researchers demonstrated in 2018 that mechanisms that overwrite RAM contents when power is restored can be bypassed by rewriting the non-volatile memory chip (firmware) that contains these settings. [8] [9] [11]
Limiting booting from network or removable media Administrative passwords can be configured in order to boot from these sources. This is an imperfect defense because the drive can still be swapped out or the computer's NVRAM can be reset to allow for booting from removable media.
Safe system suspension Usually locking the computer screen or suspending a laptop's state is ineffective, because the computer can be awakened, power-cycled, and then have its memory extracted. It is far safer to just completely power off systems when they are not in use, with the computer guarded for a few minutes afterward. Suspension is made safer by necessitating a strong password or external secret to awaken the computer, with memory contents encrypted by a key related to the password.
Avoiding precomputation Although precomputation speeds up cryptographic operations, it makes keys more vulnerable because there is redundant storage of key information.
Key expansion Theoretically the application of a transform to keys when it is stored in memory can make it more difficult to reconstruct. Operating systems could also identify memory locations that decay more quickly, and utilize those to store key material.
Physical defenses Since some cold boot attacks rely on access to DRAM chips/modules, the physical memory can be protected by locking them inside the machine, soldering memory to the motherboard or encasing chips in epoxy so they cannot be removed/accessed.
Future architectural changes DRAM can be designed that loses their state more quickly or future hardware might have key-store hardware that erases the state during power-up, reset and shutdown. Another possibility is the routine encryption of memory contents, so long as they are destroyed after a reset or power loss.
Disk controller encryption Data in the hard disk controller hardware can be encrypted. Unlike normal disk encryption systems, both encryption and decryption are performed by the disk controller which store the main encryption keys. This means encryption/decryption is not performed by software in the main CPU, along with the main encryption keys stored in DRAM.
DDR3 and DDR4 RAM The literature generally suggests that a proper solution to cold boot attacks may be later generation DDR3 and DDR4 RAM which utilizes memory scrambling via the memory controllers. This also retains memory for a shorter period of time than DDR1 and DDR2 RAM. In summary, there does not appear to be any way to perform real-world cold boot attacks on scrambled DDR3 and DDR4 memory, however it should be noted that researchers have shown it is possible to descramble DDR3 memory in laboratory conditions. [12] Further, "warm reset attacks" where power is not cut are effective against DDR3 systems. [13] [14]

It should be noted that Trusted Platform Modules (TPMs) are ineffective against cold boot attacks. The reason is TPMs can prevent keys from being loaded into memory for use, but cannot prevent their capture once they are in memory.


Kicksecure ™ does not yet provide an analogous feature to Tails, which wipes RAM on shutdown by overwriting it with random data. Possible interim solutions include:

Cold boot attacks are a clear and present danger for high-risk users due to the limited countermeasures available. In the purely hypothetical situation where an adversary is knocking earnestly on the door, safest would be pressing the panic button on the host, leading to the contents of RAM being quickly wiped. Failing that, the computer should be immediately shut down and access to the computer delayed as long as possible.

Based on the research findings, practical countermeasures for the majority of users involves never leaving the computer unattended and always ensuring the computer is completely shut down when not in use or when in high-risk situations like traveling. [20] After shutdown, it is safer to completely remove the machine from any power source by removing the power plug. In the case of notebooks, the battery should be removed after powering off. [21] [22] A final simple recommendation is to rely on later computer hardware that holds encryption keys in hardware separate from the HDD/SSD and utilizing systems that have DDR3/4 RAM installed; see the footnote for how to determine the RAM type. [23]

See Also[edit]

Development Discussion[edit]


  3. 3.0 3.1
  8. 8.0 8.1
  9. 9.0 9.1
  10. The last measure cannot prevent the physical removal of memory chips to another computer for analysis.
  11. In summary, researchers were able to disable memory overwriting and enable booting from external devices. This allowed cold boot attacks via a special program on a USB stick.
  12. While the scrambling algorithm could be broken, researchers only found DDR3 memory retention for around 10 seconds before it totally decayed.
  14. The researchers also concluded that cold boot attacks were not possible against modern DDR3 (and later) RAM chips.
  15. Unfortunately, an upstream script does not yet exist to implement this feature, so Kicksecure ™ is currently unable to provide a solution for this attack.
  16. Tails and Liberte Linux have partially solved this problem.
  17. Instead of waiting for an upstream solution, see the user would need to implement a panic button which will wipe RAM. Please contribute by coding this feature.
  20. So the Linux kernel's memory erasing features (page_poison, slub_debug or init_on_free) and/or your firmware reset attack mitigations are instituted.
  21. And/or the memory should be wiped upon shutdown. This is a theoretical concern at present because it is undocumented.
  22. See: Is RAM Wipe possible inside Whonix? Cold Boot Attack Defense
    • In Linux, launch a terminal and run.
      sudo dmidecode --type memory
    • In Windows, select the PC Task Manager after pressing Ctrl + Alt + Delete. Click "more details" and navigate to the performance tab. Then select the memory option.
    • In macOS, click the Apple logo and select "About This Mac". For additional information, click the "More Info..." button and navigate to the "Memory" tab.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.