Crypto Talk at 27C3: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, Day 3, 23:00, Saal 2

Cold BootsAs a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key from unauthorized access, computers are locked when the legitimate user is away or the computer has been switched to power-saving-mode. To gain access again, the user needs to type a password or needs to identify himself using a fingerprint reader or any other kind of biometric authorization device. Of course, the key is still in RAM for the whole time.

Here, the cold boot attack kicks in. At 25C3, it has been shown that RAM chips (DRAMs) can be easily removed from a running PC, Server or Laptop Computer, and their content can be extracted afterward. Even if the device has just been turned off, the content of the RAM fades only slowly away, depending on the exact type of RAM and its temperature. Even if some bits are recovered incorrectly, the correct encryption key can still be found an corrected, because many cryptographic algorithms use a lot of redundancy in they keys (round-keys for AES for example).

One way to counter the attack could be to store the keys only in the computer cache, instead of RAM. In contrast to the RAM which is a separate device connected to the computers motherboard, the Cache resides on the CPU die, and cannot easily be extracted or read-out. However, caches are hard to control and one needs to make sure that keys are really frozen in the cache and are never written to the RAM:Frozen Cache

Cold boot attacks are a major risk for the protection that Full-Disk-Encryption solutions provide. FrozenCache is a general-purpose solution to this attack for x86 based systems that employs a special CPU cache mode known as “Cache-as-RAM”. Switching the CPU cache into a special mode forces data to held exclusively in the CPU cache and not to be written to the backing RAM locations, thus safeguarding data from being obtained from RAM by means of cold boot attacks.

Personally, I am interested in this talk, because it might be a good solution to use secure full-disk encryption software, without always having to shutdown your computer when you leave it unattended.

See the talk, Day 3, 23:00, Saal 2!

Autor: Erik Tews

Tags: , , ,

3 Responses to “Crypto Talk at 27C3: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, Day 3, 23:00, Saal 2”

  1. […] talk has been prominently mentioned/described on the CCC events page. Whether that means that resident hackers will skip out on hacker jeopardy (same timeslot) remains […]

  2. Anonymous Reader says:


    All of those “solutions” keep missing the most important point: Disk encryption software decrypts data to RAM and the data stays there until you power off the computer.

    Why? Because text editors, image viewers, spread sheet editors, video players and any other common software does NOT wipe the data. It deallocates the memory and the data stays there!

    So even if you protect the key, the sensitive data is still there in RAM unencrypted!

    The only solution that works is: Prevent the attacker from gaining physical or admin access to a computer while encrypted volumes are opened.

  3. Anonymous Reader says:

    And I even did not mention states when the programs are actually working with the data! The sensitive data is unencrypted in RAM.

    If you want to prevent the attacker from getting your sensitive data, stay away from these snake-oil solutions, that only induce a false sense of security.