文章基本信息

标题：Prevention of Cold Boot Attacks on Linux Systems
本地全文：下载
作者：Siddhesh Patil ; Ekta Patel ; Yogini Bazaz 等
期刊名称：International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN：2320-9798
电子版ISSN：2320-9801
出版年度：2017
卷号：5
期号：4
页码：6687
DOI：10.15680/IJIRCCE.2017.0504016
出版社：S&S Publications
摘要：Contrary to the popular belief, DDR type RAM modules retain stored memory even after power is cutoff. Provided physical access to the cryptosystem, a hacker or a forensic specialist can retrieve information stored in theRAM by installing it on another system and booting from a USB drive to take a RAM dump. With adequatedisassembly and analytic tools, this information stored in the RAM dump can be deciphered. Hackers thrive on suchspecial-case attack techniques to gain access to systems with sensitive information. An unencrypted RAM module willcontain the decryption key used to access an encrypted file system. Bits of data are stored in capacitors where a chargeor a discharge denotes a 0 or a 1. Even on withdrawal of power from the RAM module, the capacitors still retain theirvalues for a certain time frame. This window of time is highly vulnerable to a cold boot attack, and it can be extendedby using proper cooling techniques. Cold boot attacks have been widely demonstrated even on modern Androidhandsets with the use of a custom recovery. We go through various flaws present in modern RAM technology and takea look at some of the counter-measures that ensure safety. We present an approach to design a preventive technique thatwill reduce the possibility of a cold boot attack.
关键词：Cold Boot Attack; Data remanence; Random Access memory