cold boot attack

A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.

A cold boot attack is a process for obtaining unauthorized access to a computer's encryption keys when the computer is left physically unattended. 

Researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems discovered that a cold boot attack is possible because dynamic random access memory (DRAM) chips retain data for a brief period of time after a computer is turned off. The amount of time can be increased if the chips are removed from the motherboard and kept at low temperatures; this can be accomplished by spraying them with an inverted can of compressed air. The chips can then be quickly reinserted into the machine and their contents read.

Cold boot attacks demonstrate that disk encryption programs, which are used to protect data on desktops, laptops and various other computing devices, have no reliably secure location in which to store their keys. The attack is carried out by performing a cold boot of the system and dumping the contents of the DRAM to a CD or USB token. The memory image is then scoured for data structures that store the decryption key. With this data, an attacker can obtain encryption keys either by copying the entire encrypted partitions or rebooting the machine and using the computer's encryption software to decrypt it.

This video from the Center for Information Technology Policy demonstrates how a cold boot attack works.

See also: full disk encryption

This was first published in August 2013

Continue Reading About cold boot attack

Glossary

'cold boot attack' is part of the:

View All Definitions

Dig deeper on Disk Encryption and File Encryption

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close