5

It was demonstrated that dram modules can retain information up to 10 min after power off in certain conditions. My question - are there memory types which will retain data 10 sec at max even if being frozen (aka cold boot attack)?

EDIT. I want to secure my code on a colocated server and avoid cold boot attack and perhaps something else which I havent heard of yet :).... My idea is to split my program onto 2 pieces and run one on a separate CPU with its own memory (the example is GPU or FPGA). However I need to find out which type of memory can be erased almost instantaneously on power off before I can take another step.

Pod
  • 103
  • 5
Boppity Bop
  • 245
  • 2
  • 7

3 Answers3

9

I don't think you're going to find a type of RAM that is secure against cold boot attacks.

It may be possible to build application-layer defenses against this, by ensuring that all sensitive data stored in memory is stored in encrypted form. Then when you shut down, you simply need to securely overwrite the decryption key. However, this is likely to have significant performance and implementation costs, and I would question whether it is worth it.

I think you need to do some serious introspection to determine whether the cold boot attack is really a likely attack against your system. Security always needs to be directed by deliberate risk management. With some risks, the best approach is simply to accept the risk. Alternatively, you may be able to mitigate the risk by providing physical security. For instance, if you have super-sensitive data, perhaps you don't want to store it on a machine at a colo facility: perhaps you should keep it on a machine on your own premises.

If you want to tell us more about your specific application needs and scenario, and share the risk analysis you've already done, we may be able to provide more concrete suggestions. But for now, my initial reaction would be to suspect that you're over-thinking it: for most people, the cold boot attack isn't really worth worrying about.

D.W.
  • 98,420
  • 30
  • 267
  • 572
7

Because most manufacturers try and maximise retention at low current draw, their aim is the opposite of yours, so I think your only realistic way to do this if you have to is to add circuitry that forces an overwrite or a wipe when the case is opened.

That said - the conditions in which you can successfully carry out this attack are very limited. I would put more emphasis on prevention through procedural means or other physical controls (secure cabinets etc) - nice and simple, and suitable for most uses.

If you require more security than that, then you shouldn't be in a colocated environment.

Weigh up your real risks. Do you actually need that sort of security? Or is it much more likely someone could compromise your data another way?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
2

There exist DRAM ICs where the power keeps bit lines from shorting to each other when powered. This is done by burning power to keep the "clamps" open if you "unplug" them, you will short all of data together, and this costs space. You burn area to have the feature. Generally speaking this is not done in commercial DRAM because area costs money; however, in the non-commodity market, I know that this is done. The general problem that you are tackling is that when you cool a semiconductor, you start having less current leaking off via the lines and through shallow oxide traps. The assumption is made that there's enough charge remaining on the capacitors to read back the data after a cold attack. If you short all of the lines, all of the data in the rows is the same.

The basic schematic is here: https://electronics.stackexchange.com/questions/244144/is-the-bulk-output-deliberately-used-in-dram-cells/244175#244175

If all of the word lines are pulled high, the death knell when you pull the power is that all of the charges equalizes.

b degnan
  • 536
  • 3
  • 8