Lest we remember: Cold boot attacks on encryption keys

Proceedings of the 17th USENIX Security Symposium

Volumn , Issue , 2008, Pages 45-58

  Alex Halderman, J ^a   Schoen, Seth D ^b   Heninger, Nadia ^a   Clarkson, William ^a   Paul, William ^c   Calandrino, Joseph A ^a   Feldman, Ariel J ^a   Appelbaum, Jacob ^d   Felten, Edward W ^a  

^a PRINCETON UNIVERSITY   (United States)

^b Electronic Frontier Foundation   (United States)

^c Wind River Systems   (United States)

^d NONE

Author keywords

[No Author keywords available]

Indexed keywords

PUBLIC KEY CRYPTOGRAPHY; REMANENCE;

COOLING TECHNIQUE; CRYPTOGRAPHIC KEY; ENCRYPTION KEY; ENCRYPTION SYSTEM; SPECIAL DEVICES; SYSTEM MEMORY;

DYNAMIC RANDOM ACCESS STORAGE;

EID: 85077701725     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (46)

1. Advanced Encryption Standard. National Institute of Standards and Technology, FIPS-197, Nov. 2001.
2. ANDERSON, R. Security Engineering: A Guide to Building Dependable Distributed Systems, first ed. Wiley, Jan. 2001, p. 282.
3. ANVIN, H. P. SYSLINUX. http://syslinux.zytor.com/.
4. ARBAUGH, W., FARBER, D., AND SMITH, J. A secure and reliable bootstrap architecture. In Proc. IEEE Symp. on Security and Privacy (May 1997), pp. 65–71.
5. BAR-LEV, A. Linux, Loop-AES and optional smartcard based disk encryption. http://wiki.tuxonice.net/EncryptedSwapAndRoot, Nov. 2007.
6. BARRY, P., AND HARTNETT, G. Designing Embedded Networking Applications: Essential Insights for Developers of Intel IXP4XX Network Processor Systems, first ed. Intel Press, May 2005, p. 47.
7. BLÖMER, J., AND MAY, A. New partial key exposure attacks on RSA. In Proc. CRYPTO 2003 (2003), pp. 27–43.
8. BOILEAU, A. Hit by a bus: Physical access attacks with Firewire. Presentation, Ruxcon, 2006.
9. BONEH, D., DURFEE, G., AND FRANKEL, Y. An attack on RSA given a small fraction of the private key bits. In Advances in Cryptology – ASIACRYPT’98 (1998), pp. 25–34.
10. CALIFORNIA STATUTES. Cal. Civ. Code §1798.82, created by S.B. 1386, Aug. 2002.
11. CANETTI, R., DODIS, Y., HALEVI, S., KUSHILEVITZ, E., AND SAHAI, A. Exposure-resilient functions and all-or-nothing transforms. In Advances in Cryptology – EUROCRYPT 2000 (2000), vol. 1807/2000, pp. 453–469.
12. CARRIER, B. D., AND GRAND, J. A hardware-based memory acquisition procedure for digital investigations. Digital Investigation 1 (Dec. 2003), 50–60.
13. CHOW, J., PFAFF, B., GARFINKEL, T., AND ROSENBLUM, M. Shredding your garbage: Reducing data lifetime through secure deallocation. In Proc. 14th USENIX Security Symposium (Aug. 2005), pp. 331–346.
14. COPPERSMITH, D. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10, 4 (1997), 233–260.
15. DORNSEIF, M. 0wned by an iPod. Presentation, PacSec, 2004.
16. DORNSEIF, M. Firewire – all your memory are belong to us. Presentation, CanSecWest/core05, May 2005.
17. DWOSKIN, J., AND LEE, R. B. Hardware-rooted trust for secure key management and transient trust. In Proc. 14th ACM Conference on Computer and Communications Security (Oct. 2007), pp. 389–400.
18. DYER, J. G., LINDEMANN, M., PEREZ, R., SAILER, R., VAN DOORN, L., SMITH, S. W., AND WEINGART, S. Building the IBM 4758 secure coprocessor. Computer 34 (Oct. 2001), 57–66.
19. ECKSTEIN, K., AND DORNSEIF, M. On the meaning of ‘physical access’ to a computing device: A vulnerability classification of mobile computing devices. Presentation, NATO C3A Workshop on Network-Enabled Warfare, Apr. 2005.
20. ELSON, J., AND GIROD, L. Fusd – a Linux framework for user-space devices. http://www.circlemud.org/jelson/software/fusd/.
21. FERGUSON, N. AES-CBC + Elephant diffuser: A disk encryption algorithm for Windows Vista. http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555, Aug. 2006.
22. GUTMANN, P. Secure deletion of data from magnetic and solid-state memory. In Proc. 6th USENIX Security Symposium (July 1996), pp. 77–90.
23. GUTMANN, P. Data remanence in semiconductor devices. In Proc. 10th USENIX Security Symposium (Aug. 2001), pp. 39–54.
24. IEEE 1619 SECURITY IN STORAGE WORKING GROUP. IEEE P1619/D19: Draft standard for cryptographic protection of data on block-oriented storage devices, July 2007.
25. INTEL CORPORATION. Preboot Execution Enviroment (PXE) specification version 2.1, Sept. 1999.
26. KENT, C. Draft proposal for tweakable narrow-block encryption. https://siswg.net/docs/LRW-AES-10-19-2004.pdf, 2004.
27. LEE, R. B., KWAN, P. C., MCGREGOR, J. P., DWOSKIN, J., AND WANG, Z. Architecture for protecting critical secrets in microprocessors. In Proc. Intl. Symposium on Computer Architecture (2005), pp. 2–13.
28. LIE, D., THEKKATH, C. A., MITCHELL, M., LINCOLN, P., BONEH, D., MITCHELL, J., AND HOROWITZ, M. Architectural support for copy and tamper resistant software. In Symp. on Architectural Support for Programming Languages and Operating Systems (2000), pp. 168–177.
29. LINK, W., AND MAY, H. Eigenschaften von MOS-EinTransistorspeicherzellen bei tiefen Temperaturen. Archiv für Elektronik und Übertragungstechnik 33 (June 1979), 229–235.
30. LISKOV, M., RIVEST, R. L., AND WAGNER, D. Tweakable block ciphers. In Advances in Cryptology – CRYPTO 2002 (2002), pp. 31–46.
31. MACIVER, D. Penetration testing Windows Vista BitLocker drive encryption. Presentation, Hack In The Box, Sept. 2006.
32. NATIONAL CONFERENCE OF STATE LEGISLATURES. State security breach notification laws. http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm, Jan. 2008.
33. PETTERSSON, T. Cryptographic key recovery from Linux memory dumps. Presentation, Chaos Communication Camp, Aug. 2007.
34. PTACEK, T. Recover a private key from process memory. http://www.matasano.com/log/178/recover-a-private-keyfrom-process-memory/.
35. ROGAWAY, P. Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In Advances in Cryptology – ASIACRYPT 2004 (2004), pp. 16–31.
36. RSA LABORATORIES. PKCS #1 v2.1: RSA cryptography standard. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf.
37. SCHEICK, L. Z., GUERTIN, S. M., AND SWIFT, G. M. Analysis of radiation effects on individual DRAM cells. IEEE Transactions on Nuclear Science 47 (Dec. 2000), 2534–2538.
38. SEAGATE CORPORATION. Drivetrust technology: A technical overview. http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf.
39. SHAMIR, A., AND VAN SOMEREN, N. Playing “hide and seek” with stored keys. Lecture Notes in Computer Science 1648 (1999), 118–124.
40. SKOROBOGATOV, S. Low-temperature data remanence in static RAM. University of Cambridge Computer Laborary Technical Report No. 536, June 2002.
41. SMITH, S. W. Trusted Computing Platforms: Design and Applications, first ed. Springer, 2005.
42. TRUSTED COMPUTING GROUP. Trusted Platform Module specification version 1.2, July 2007.
43. VIDAS, T. The acquisition and analysis of random access memory. Journal of Digital Forensic Practice 1 (Dec. 2006), 315–323.
44. WEINMANN, R.-P., AND APPELBAUM, J. Unlocking FileVault. Presentation, 23rd Chaos Communication Congress, Dec. 2006.
45. WEINMANN, R.-P., AND APPELBAUM, J. VileFault. http://vilefault.googlecode.com/, Jan. 2008.
46. WYNS, P., AND ANDERSON, R. L. Low-temperature operation of silicon dynamic random-access memories. IEEE Transactions on Electron Devices 36 (Aug. 1989), 1423–1428.