Documente Academic
Documente Profesional
Documente Cultură
Seth Schoen Electronic Frontier Foundation LinuxWorld Conference and Expo 2008 San Francisco, California http://citp.princeton.edu/memory/
J. Alex Halderman (Princeton) Seth D. Schoen (Electronic Frontier Foundation) Nadia Heninger (Princeton) William Clarkson (Princeton) William Paul (Wind River Systems) Joseph A. Calandrino (Princeton) Ariel J. Feldman (Princeton) Jacob Appelbaum Edward W. Felten (Princeton)
Lest We Remember: Cold Boot Attacks on th Encryption Keys (in Proceedings of the 17 USENIX Security Symposium, San Jose, CA, 2008) Home page: http://citp.princeton.edu/memory/ (including PDF of paper, video, images, and source code)
DRAM is supposed to be refreshed in order to be reliable DRAM under refresh has extremely low probability of uncommanded bit flips... DRAM without refresh has a noticeable probability of experiencing uncommanded bit flips over time but probability of such flips after many seconds is nowhere near certainty Yet we sometimes wrongly speak as though RAM were designed to clear itself on power loss
SRAMs are like flip-flops DRAMs are like capacitors SRAMs are faster, DRAMs are cheaper Both retain some data without power at room temperature; both retain more data longer at lower temperatures (cf. Skorobogatov) DRAMs typically used for PC main memory There are also long-term burn-in effects (cf. Gutmann); this research is not about those
Chow et al. Shredding Your Garbage: Reducing Data Lifetime Through Secure th Deallocation (in Proc. 14 USENIX Security Symposium, Baltimore) Tried to measure how long disused data structures typically persisted in memory Accidentally found intact data structures in RAM from previous system boots (!?!?) Torbjrn Pettersson: this could be a means of acquiring forensic memory images
E.g., Link & May (1979) (early commercial DRAM availability) does low-temperature (LN2) tests with no power, finds week-long retention! Typically considered a feature (low temperatures increase reliability, high temperatures decrease it) common to many logic devices, not a security problem Software people are often unaware of the physical characteristics of devices they use!
Deliberately crash a PC with interesting data in RAM; then restore power to RAM and dump its contents to a permanent storage medium
Or wake up sleeping/hibernated laptop (to a password prompt), then crash it and dump RAM
Operating system memory protection policies are bypassed because operating system is no longer running (nor can OS clear RAM!) Nearly complete state of previously-running system is available; passwords not required
Our attacks
USB stick (or external hard drive or iPod) Network boot (e.g. PXE)
Very tiny dumping application (< 10K) Dump onto same medium
USB key photo 2007 User:AIMare CC-BY-SA
Our attacks
Canned air may achieve temperatures around 50 C Invert can when discharging (caution!)
Our attacks
New cryptographic techniques to detect key schedules automatically and correct bit errors
Previous techniques for finding private key material in memory didn't work well for us, especially in the presence of bit errors
Source code for this and associated memory dumpers is now available at http://citp.princeton.edu/memory/code/ Implementations of decryption for particular disk encryption systems
Can be booted from USB or network (e.g. PXE) Save entire contents of RAM to same medium Leave no trace behind on target machine A proof of concept; other vectors are possible
More on cooling
Most relevant if RAM must be removed: if target machine has a policy preventing booting from external media without a password or if BIOS clears RAM on boot (e.g. ECC)
Cooling with canned air produces extremely low temperatures and good retention times RAM could be unpowered, even when removed from the computer, for over a minute with minimal loss of data sufficient time to transfer to another machine
In our experience, cooling was never necessary except when RAM chips had to be physically removed from a PC Just restarting laptops at room temperature never caused enough data loss to prevent reconstruction of keys in our experiments Chips can be removed if BIOS is unfriendly
If BIOS clears RAM or prevents memory dumping In our experiments, canned air was always sufficient for this; liquid nitrogen was never needed
Cryptographic keys are intended to be random; even a few bit errors could make them useless But in practice, keys actively being used are stored in memory in usefully redundant ways These redundancies can be used to find keys
And also to correct bit errors A variety of powerful, practical mathematical techniques developed by Nadia Heninger
Even fully at rest with computer powered off! In typical scenarios where computer was running, sleeping, or hibernating In particular, attackers can bypass locked screen or login prompt
Fully automated attack on BitLocker basic mode via live CD (because of BitLocker basic mode's trust in the TPM, this attack does not even require that laptop was powered on) Automated RAM dumpers run via USB stick or network boot; we even demonstrated using an innocuous-looking iPod as an attack vector Some laptops will not require any cooling; for cooling, canned air spray was always sufficient (liquid nitrogen never required)
Threat models
Some people suggest that our attack doesn't count because hard drive encryption isn't supposed to protect against attackers with physical access to laptops
But why do users encrypt laptop hard drives? If RAM were really volatile users with suspended/hibernated laptops and full-disk encryption would be safe: and they probably believe they are safe
Countermeasures
Turn laptops all the way off when they could be out of your control (left unattended in public, while traveling) Require a password to boot external media (but simply moving chips into another machine still works unless your DRAMs are non-removable)
Destroy all key material at screen lock or screensaver activation, suspend, hibernate
This could require significant software changes; also, user would have to re-authenticate on return
Countermeasures
Harder to attack with off-the-shelf PCs, but probably easier to attack with specialized hardware or BIOS
There is also room for research on different representations of key material in RAM (e.g. exposure-resistant functions, modified key schedules) Not a countermeasure: locating keys in low memory can't protect against removing RAM; cf. http://www.coreboot.org/Coreinfo BIOS image
Conclusions
Many recent security attacks exploit physical hardware properties that users and developers may be unaware of to break abstractions Emanations security examples: CRTs (and all digital hardware) are radio transmitters on (at least) the refresh/clock frequencies they use internally; recent attacks on light and sound emitted by CRTs, LCDs, and keyboards (perhaps akin to research in natural sciences) Security and privacy are pretty hard!
Thanks
Seth Schoen schoen@eff.org
9B36 BCFA 4DE0 8ADE 8A17 D091 56B0 315F 0167 CA38