5

Assume the user has a full disk encrypted HDD in which their OS and files reside. They also have made attaching USB or any other device without first allowing it cause an automatic shutdown which subsequently wipes the RAM clean (the same way Tails OS does).

The adversary in this case decides to go for a hardware attack, specifically opening the computer/laptop case and removing the RAM to then dump the contents before searching for the password.

What would be the easiest (free) way to cause an automatic shutdown if the case is opened while the computer is turned on?

I also know basic OpSec is to never leave your machine unattended. Lots of other things could happen, user could even melt the screws to make opening the case extremely difficult... but this is not the question! Please focus on this one issue.

Be nice and play ball with this question. Yes it is a "tinfoil hat" question, but this kind of stuff is interesting for some of us :-). Thank you!

Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
user5510281
  • 81
  • 4
  • 1
    Some cases have chassis intrusion alert/detection system, which can log or prevent the system from booting if the case was opened until the alarm is reset. It might be possible to rewire the chassis intrusion switch to the power switch, or to write custom BIOS that switches off the machine when the switch is triggered. – Lie Ryan Jan 18 '16 at 22:58
  • How you think you can dump the RAM from a running machine? If you remove the RAM it is going to corrupt in milliseconds completely: https://en.wikipedia.org/wiki/Memory_refresh#Types_of_refresh_circuits - For example, the current generation of chips (DDR SDRAM) has a refresh time of 64 ms and 8,192 rows, so the refresh cycle interval is 7.8 μs – flohack Jan 19 '16 at 10:42
  • 3
    @flohack like this: https://en.wikipedia.org/wiki/Cold_boot_attack – Steve Sether Jan 20 '16 at 04:59
  • 1
    Ok I read through this. So your original question, how to cause automatic shutdown, does not apply IMHO, as the RAM is still compromisable after shutdown. The attacker will himself shut down the machine forcefully after opening the case, so it just will happen a bit earlier. As stated in WIkipedia, better thing would be to use this Linux TRESOR approach, so that keys are in CPU and not RAM. – flohack Jan 20 '16 at 08:43
  • @flohack You can tell your computer what to do when the power button is pressed. In my case it would be a simple case of run the shutdown script which ALSO wipes the RAM. I would copy Tails OS. – user5510281 Jan 21 '16 at 21:37
  • @user5510281, three potentially relevant links: (1) [Chassis Intrusion API?](http://stackoverflow.com/a/7134037), (2) [Emergency shutdown if intrusion is detected](https://ubuntuforums.org/archive/index.php/t-2011128.html), (3) [freeipmi_interpret_sel.conf man page](http://manpages.ubuntu.com/manpages/yakkety/man5/freeipmi_interpret_sel.conf.5.html). – sampablokuper Mar 31 '17 at 10:28
  • @user5510281, also: [How can the impact of cold boot attacks be minimized?](https://security.stackexchange.com/questions/7299/how-can-the-impact-of-cold-boot-attacks-be-minimized) – sampablokuper Mar 31 '17 at 10:53
  • @user5510281, and [Mitigating forensic memory acquisition when an attacker has physical access to a workstation](https://security.stackexchange.com/questions/7299/how-can-the-impact-of-cold-boot-attacks-be-minimized). – sampablokuper Mar 31 '17 at 11:25

2 Answers2

3

I've seen this done on old Compaq servers. The side panel had a pin that fit inside the power switch. When the panel was opened, the pin came with it, shutting off power. In fact, the system would not even power on without that side panel (more specifically, the pin) in place.

It was quite a surprise when I was called in to service a server off-hours and I was unfamiliar with this mechanism. I was hoping to diagnose a problem without any server downtime, but I was foiled.

Short description: PC Mag article

schroeder
  • 123,438
  • 55
  • 284
  • 319
2

The adversary in this case decides to go for a hardware attack, specifically opening the computer/laptop case and removing the RAM to then dump the contents before searching for the password.

So, the only way for this to work would be if the computer / laptop is turned on, and the drive / volume has been decrypted. If you are actually dealing with sensitive information, and need to make sure that nobody can access it other than yourself, do not walk away from a computer that has been decrypted. Shut it off first, then walk away. There is no reason to walk away from your computer if there is a very important volume to you that is currently decrypted. It's like walking away from an open safe that holds 100.000 usd. Close the safe before randomly doing something else.

I also know basic OpSec is to never leave your machine unattended. Lots of other things could happen, user could even melt the screws to make opening the case extremely difficult... but this is not the question! Please focus on this one issue.

But leaving your machine unattended winds up being the core issue nonetheless. You are asking for problems by walking away from a decrypted machine.

If for some reason you really want to have a blow up switch, you would have to make some kind of hardware modification with a simple circuit, ie if laptop computer opened up and certain button is not pressed within 5 seconds set the RAM and drive on fire.

Be nice and play ball with this question. Yes it is a "tinfoil hat" question, but this kind of stuff is interesting for some of us :-). Thank you!

Well, if one has a tinfoil hat on, my question is how did some random attacker manage to gain access to one's computer while he is away in the first place? Shouldn't that person also invest something into physical security? Better locks on doors, fully alarmed house with back up generator, things like that? Worst case scenario is giving someone access to a decrypted computer.

Don't let that happen.

Figure out every possible step it would take to reach the computer, and ensure that there are no mistakes. Don't have a rigged out house? Pay a contractor to rig out your house with the best security possible, claim that your old home was invaded and you don't intend for it to ever happen again if you think that it might bring up weird questions. You could also go the route of claiming you want to add something different to your house to make it stand out on the market. Some people really like having lots of cameras that watch all possible entry points.

Last thing: Do not decrypt anything sensitive in public unless absolutely necessary. Just look at mr. dredd and see how that worked for him.

CryptoAllDay
  • 71
  • 3
  • Down vote sorry. Look at Dead Pirate Roberts of Silk Road, what is to stop that from happening, or maybe I get shot in head while logged in and someone walks off with laptop. It is impossible to be covered from all angles. My adversary cannot copy RAM with a USB as it will trigger reboot, so might as well protect from hardware attacks! – user5510281 Jan 21 '16 at 21:39
  • @user5510281 The threat model stated in the question did not include elongenated metallic objects going through heads at high speed. It's not fair to downvote answers because they do not cater to extreme cases that weren't even included in the question. – user Apr 16 '16 at 21:34