In this article, we will learn how sensitive cryptographic key material can be taken away from DRAMs, which are used in most modern operating systems through an attack known as cold boot attack.

Introduction

Though it is believed by many that a computer’s memory gets erased as soon it loses power and thus there is no threat to the information, this assumption is incorrect. DRAMs, which are used in most modern operating systems today, can lose their content gradually over a period of time. Keeping DRAMs a at lower room temperature, say -50 degrees C, the content of DRAM can last from about several minutes to even hours. This property of DRAM chips can play a destructive role and can lead to compromise of sensitive cryptographic materials like cryptographic keys.

What is a Cold Boot Attack?

Cold boot attack is a type of attack in which the power supply to a computer is cycled off and on without letting the operating system shut down properly. The DRAM cells which are used in most operating systems today can retain data due to their data remanence property, and thus sensitive cryptographic material stored in the DRAM cell can be stolen.

For any software to perform encryption, the software must load the encryption keys onto the system’s main memory before it is being run by the processor. Thus, to get the encryption keys, all one needs is to fetch the contents of the computer’s main memory. So what made the DRAM retain the contents? A DRAM cell is essentially a capacitor. Each cell encodes the capacitor conductor with a 0 or 1 bit. At room temperature, the cell can lose this material pretty quickly, even under a cold boot attack. Experiments have revealed that if the cell is maintained under a lower room temperature under the cold boot attack, the DRAM cell can hold the value of cells for a longer period of time. Also, the decay pattern of the DRAM cell can be predicted at a fixed room temperature. After the state of the main memory is retained, when the system boots up again, BIOS usually rewrites a small portion of the memory. Thus, during boot-up it is necessary to dump the memory content to an external medium such a USB device that a computer can boot up externally.

Understanding Virtual Address Space

Before we go further in to the nitty-gritty of this attack, it is important for us to understand the memory management of a particular operating system. For this article, will take into consideration the memory management of a Windows 32 bit operating system.

Whenever a processor performs a read or write operation, it uses a virtual address. The virtual address is translated back to the physical address through a page table, which acts like an index to the memory. The virtual address of a 32 bit Windows OS is 4 GB in size and is divided into 2 partitions. These 2 partitions are termed as user mode and kernel mode.

User Mode

In this mode, the process’s execution code has no accessibility to the underlying hardware. To access underlying hardware and memory, the process in this mode refers to the system APIs to make a call. User mode has no accessibility to the kernel mode space as well. This mode can be adjusted in the OS as per the needs.

Kernel Mode

In kernel mode, the process’s execution code has complete access to the underlying hardware. Processes run in kernel mode have access to user mode space a well. Lower level functions of an operating system run in kernel mode, and any CPU instruction can be executed in the kernel mode space. A crash in kernel mode usually brings down the whole system.

Reducing the Scope of Search in Virtual Address Space

If we are going to analyze the whole memory that is being dumped into a bootable device, it will be very difficult to get the relevant and accurate material out of it, as the memory usually contains gigabytes of data. So we should reduce the scope of the search around the main memory, so that it will be easy to fetch out the cryptographic keys out of the main memory.

Cryptographic keys reside in the kernel mode space of the virtual address space, but before we get into the details of this, let’s first review the concept of page file. Page file is the space to which, if we are running low on RAM, our system moves the least recently used pages from the memory. For example, let’ say a user has opened multiple applications in the system, and after some time, the user has minimized some applications. If there is need of more RAM by the active applications, the system will move the minimized applications in the pagefile.sys in the root of drives so that more RAM is available for the running applications. This pagefile.sys is encrypted by default.

Coming back to our scenario in reducing the scope of the virtual address space, we have eliminated the user mode, and out of the kernel mode we can also eliminate the page allocated as the pool for paged contents, because this space is encrypted and it will lead to more computation to extract the keys out from this space for the vendor itself. So we are left with the non-paged memory pool of the kernel mode space where most likely the cryptographic keys can be present.

Key Identification

After the memory is dumped to an external device or a complete DIMM module is being shifted, identification of keys in the memory is the most important and difficult task to do. A simple approach to identify the keys in the memory is to test every sequence of bytes or to check whether that chunk of bits can be used to decrypt any plain text, and one should also make sure to cover the error bit rate, as even a small error rate in the sequence of bits can result in failure.

Best Practices

Below are other best practices that should be practiced as countermeasures to prevent this type of attack.

Storage of keys

Memory where keys are stored should be overwritten when the residing keys are no longer in use, and keys should be protected from being paged to disk. Also, systems should be configured to clear RAM before startup though techniques like Power-On-Self-Test (POST). With the help of POST, imaging a memory locally will not be possible.

Booting from removable Media

This type of attack can be controlled from checking or restricting the type of device a computer can boot from, as this attack is mostly supported trough a removable media boot-up. Computers can be configured to require an admin password to boot from these sources.

Gracefully shutdown of a system

Systems should be properly shutdown and reawakening of the machine should be protected with a password. The password chosen must be strong and resistant to password guessing attack. The system can also be made to encrypt only those pages or regions which contain encryption keys.

Physical Security

The above mentioned POST can only protect the imaging of memory from locally installed software, but it cannot protect if the attacker could physically move the memory chips from one system to another. DRAM chips should have limited physical access .DRAM chips should be placed inside a machine, and the machine should be locked. Active sensor systems should be deployed to respond to low temperatures or opening of computer’s case by attempting to overwrite memory.

Key Reconstruction

Another defense mechanism which can be used to prevent this type of attack is to transform the key so that it is difficult to reconstruct the key. Keys should be recomputed when in use and deleted immediately after use.

Avoid key pre-computation

Pre-computation of keys certainly helps in improving performance, but it leads to storage of keys’ information which can be used to reconstruct keys. Thus pre-computation of keys should be avoided.

Trusted Platform Module

Trusted Platform module which is used in most computers today can be used to decide whether it is safe to store the key in RAM or not. Thus it can restrict software to use the keys from RAM and also protect the keys from being loaded into the memory itself.

References