Definition

cold boot attack

A cold boot attack is a process for obtaining unauthorized access to a computer's encryption keys when the computer is left physically unattended. 

Researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems discovered that a cold boot attack is possible because dynamic random access memory (DRAM) chips retain data for a brief period of time after a computer is turned off. The amount of time can be increased if the chips are removed from the motherboard and kept at low temperatures; this can be accomplished by spraying them with an inverted can of compressed air. The chips can then be quickly reinserted into the machine and their contents read.

Cold boot attacks demonstrate that disk encryption programs, which are used to protect data on desktops, laptops and various other computing devices, have no reliably secure location in which to store their keys. The attack is carried out by performing a cold boot of the system and dumping the contents of the DRAM to a CD or USB token. The memory image is then scoured for data structures that store the decryption key. With this data, an attacker can obtain encryption keys either by copying the entire encrypted partitions or rebooting the machine and using the computer's encryption software to decrypt it.

This video from the Center for Information Technology Policy demonstrates how a cold boot attack works.

See also: full disk encryption

Contributor(s): Crystal Bedell
This was last updated in August 2013
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: