As more of modern life becomes dependent on computing systems, different attack mechanisms for gaining unauthorized access to a computing system and/or its data continue to raise security concerns. One particular attack technique is a so-called cold boot attack, in which an attacker has physical access to a target system and is able to read contents of main memory without having the appropriate administrative level privileges. The basis of this attack is an inherent hardware issue of memories (such as dynamic random access memories and static random access memories), which retain information for a period of time even after power has been removed from them. During this period of time, an attacker can read all remaining data and thus expose any stored secrets. Note further that this period of time directly depends the temperature of the memory module, and the time for data to become non-retrievable decreases exponentially as temperature rises. To this end, attackers may use a cooling mechanism to extend the lifetime of data. Then the attack may proceed by either rebooting the system with another operating system (OS) under the attacker's control or by physically removing the memory and inserting it into another system that is under the attacker's control.
This attack can dramatically impact security of the system, as main memory often contains secrets such as disk encryption keys, usernames and passwords to bypass boot authentication, to then retrieve privileged code and configuration data. Current techniques to protect against security attacks include encrypting parts or all of the memory. However, encryption does not prevent an attacker from retrieving encrypted and unencrypted memory alike. Other techniques suffer from complexity and the possibility of false positive attack detections.