One or more aspects relate, in general, to data processing systems, and in particular, to protecting contents of storage in a computer system from unauthorized access.
In cryptography, a cold boot attack, or to a lesser extent, a platform reset attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve valuable data, such as encryption keys, from a running operating system after using a cold reboot to restart the machine. The attack relies on the data remanence property of DRAM (dynamic random access memory) and SRAM (static random access memory) to retrieve memory contents that remain readable in the seconds to minutes after power has been removed.
To execute the attack, a running computer is cold-booted. Cold-booting refers to when power is cycled “off” and then “on” without letting the operating system shut down cleanly, or, if available, pressing the “reset” button. A removable disk with a special boot sector might then be immediately booted (e.g., from a USB (universal serial bus) flash drive), and used to dump the contents of pre-boot memory to a file. Alternatively, the memory modules are removed from the original system and quickly placed in a compatible machine under the attacker's control, which is then booted to access the memory. Further analysis can then be performed against the information that was dumped from memory to find various sensitive data, such as the keys contained in it. Automated tools are now available to perform this task for attacks against some popular encryption systems.
Such an attack is a hardware (insecure memory) and not a software issue. Any sensitive data held in memory is vulnerable to the attack.
Other attacks allow encryption keys to be read from memory. For example, a DMA (direct memory access) attack allows physical memory to be accessed via a 1394 DMA channel.
The ability to execute the cold boot attack successfully varies considerably across different systems, types of memory, memory manufacturers and motherboard properties.