Concept

Cold boot attack

Summary
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off. An attacker with physical access to a running computer typically executes a cold boot attack by cold-booting the machine and booting a lightweight operating system from a removable disk to dump the contents of pre-boot physical memory to a file. An attacker is then free to analyze the data dumped from memory to find sensitive data, such as the keys, using various forms of key finding attacks. Since cold boot attacks target random-access memory, full disk encryption schemes, even with a trusted platform module installed are ineffective against this kind of attack. This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. However, malicious access can be prevented by limiting physical access and using modern techniques to avoid storing sensitive data in random-access memory. DIMM memory modules gradually lose data over time as they lose power, but do not immediately lose all data when power is lost. Depending on temperature and environmental conditions, memory modules can potentially retain at least some data for up to 90 minutes after power loss. With certain memory modules, the time window for an attack can be extended to hours or even weeks by cooling them with freeze spray. Furthermore, as the bits disappear in memory over time, they can be reconstructed, as they fade away in a predictable manner. Consequently, an attacker can perform a memory dump of its contents by executing a cold boot attack.
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.