9

Using Linux, I have system and swap/hibernation partitions encrypted with LUKS, and data partitions encrypted with Truecrypt, and I am wondering when I put my laptop to hibernation if the encryption keys are wiped from the RAM before the computer is shutdown, or if I have to wait a few minutes to be quite immune against cold boot attacks.

Technically I guess it is complicated for the encryption software to do that even if it detects that the laptop is going to hibernate, because if it alters the memory before it is copied to the disk then the encrypted volumes won't be restored on resume.

Probably only the kernel can safely alter the memory and not the memory image on the disk, but it would not know about the encryption keys, and would have to wipe the whole RAM, which is probably not done by default.

But maybe there is a kernel option to do that?

Or maybe it is possible to run some pm-utils script after the hibernation has completed but before the computer shuts down?

Or there is another way to run some program after hibernate but before shutdown?

Or maybe the kernel could have a more advanced option, allowing software to publish to the kernel some memory address ranges that need to be wiped after hibernate but before shutdown?

EDIT

Apparently it is possible to create a shutdownramfs that gets executed after shutdown (see here for an implementation in systemd), so it would become possible to wipe the RAM there for shutdown. However it does not seem to be called for hibernation, and setup seems tricky, at least when not using systemd.

cyril42e
  • 191
  • 3
  • It might be worth your time to look into [TRESOR](http://linuxaria.com/howto/protect-linux-from-cold-boot-attacks-with-tresor) and its features. Haven't played around with it myself, but it is probably what you are looking for. – fantasia Aug 15 '15 at 08:41
  • I had a look into TRESOR and it seemed quite limiting: no standard implementation, losing AES-NI instruction set, and also losing some SSE instruction set... I'm looking for a way to improve the security, even slightly, but without any major cost (if Intel had added some registers to do the same with AES-NI that would have been great). – cyril42e Aug 15 '15 at 09:01
  • Ah, that's too bad. I will follow this thread with interest, for even though the RAM is cleared fast enough for you to be safe a couple of minutes after shutdown (given that liquid nitrogen isn't used), it is a fascinating question and more security without major cost is never a bad thing. – fantasia Aug 15 '15 at 09:12
  • @cyril42e: Good finding for the *shutdownramfs*, however bear in mind that if someone is willing to quickly shutdown your computer to get its hand on the RAM memory content, chances are that he will shutdown it brutally (holding the shutdown button for several seconds for instance) and not using the proper and clean way. – WhiteWinterWolf Aug 16 '15 at 08:18
  • @WhiteWinterWolf Sure, it is in no way a protection against CBA when the computer is running, only a way to ensure that when **I** shutdown or hibernate the computer it is immediately safe. – cyril42e Aug 16 '15 at 20:39
  • Related: [Can RAM retain data after removal?](http://security.stackexchange.com/q/99906/2138) – user Sep 17 '15 at 13:33
  • For the record, Windows BitLocker definitely purges the encryption key from memory at hibernate. If you use a password or a key stored on a flashdrive, you need to enter it every time the computer wakes from hibernation (TPM-only mode does not need anything extra to resume). Suspend/sleep leaves the key in memory, which is dangerous for all the reasons that have been discussed here already. – CBHacking Oct 17 '15 at 09:01

1 Answers1

3
  1. I am wondering when I put my laptop to hibernation if the encryption keys are wiped from the RAM before the computer is shutdown?

No because the master decryption keys are kept in DRAM whatever the encryption tool you use.

  1. or if I have to wait a few minutes to be quite immune against cold boot attacks?

Some authors stated that hibernation during 5 minutes or more makes the machine immune but more authors proved the opposite, including from the article I mentioned below, there is an answer to this question that confirms the no:

Our results show that simply locking the screen of a computer (i.e., keeping the system running but requiring entry of a password before the system will interact with the user) does not protect the con- tents of memory. Suspending a laptop’s state (“sleeping”) is also ineffective, even if the machine enters screen-lock on awakening, since an adversary could simply awaken the laptop, power-cycle it, and then extract its memory state. Suspending-to-disk (“hibernating”) may also be ineffective unless an externally-held secret is required to resume normal operations

An other quotation says hibernation is even more vulnerable since other methods than cold boot attacks:

If people use hibernate or sleep mode, or lock the keyboard, they are potentially vulnerable in other ways. Just bring the computer back up to the login prompt, and start attacking the ports looking for an unpatched vulnerability. So a computer that is not completely shut down effectively bypasses the protection of full disk encryption -- even without the cold boot memory attack.

You said:

Technically I guess it is complicated for the encryption software to do that even if it detects that the laptop is going to hibernate, because if it alters the memory before it is copied to the disk then the encrypted volumes won't be restored on resume.

Yes, because there are other processes that continue to run.

The rest of your question are subject to more efforts and analysis. I can not answer them.

It is proven that:

Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard [operating] temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures

So unless the RAM of your machine is old, you have not to worry about this issue.

This is for the short answer. As the posts of StackExchange websites are intended to last, I forward you to read a more detailed answer to your question that I do not want to reproduce here.

Always quoting from the answer I linked to, you can shut down your machine safely:

- Keep secure data in True Crypt cascade algorithm encrypeted file
-  Use Serpent

- Create a script to handle shutdown:

           truecrypt /wipecache 
           shutdown -h now

/wipecache ensures that no vulnerable data remains in RAM after shutdown. If someone will perform Cold Boot Attack they will have access to your System at best. They will not have data stored in a separately encrypted file.

user
  • 152
  • 9
  • Thanks, there are interesting points in the link you provided, especially that DDR3 is not susceptible to CBA. I have more reading to do. However for the RAM wiping thing, for a normal shutdown the volumes are unmounted and the encryption software should wipe the keys, my question was really specific about hibernation when the volumes are not unmounted. – cyril42e Aug 15 '15 at 09:17
  • @cyril42e I updated my answer. –  Aug 15 '15 at 13:50
  • 1
    @begueradj: Could you be more specific about the origin of the quotation "If people use hibernate or sleep mode, or lock the keyboard, they are potentially vulnerable..."? While it's true for the sleep mode and keyboard lock, it seems wrong for the hibernation mode where the RAM content is stored on the encrypted disk before the computer is shut off (beware to encrypt the Swap partition too!). Upon next start, the disk encryption key is required before the booting process can continue (at least on Linux, maybe Windows do it differently but I strongly doubt about this). – WhiteWinterWolf Aug 15 '15 at 14:11
  • Researches succeeded to cold boot attack encrypted systems either during hibernation or just after the shutdown. Even if only one person succeeded to do that, the logic answer must be no, *it is not safe*, if you agree with me. There are comments to that article stating that hibernating the system for 5 minutes or so is enough as a security measure but many other comments said no, even if I rely more on the authors of the article (researchers). [here](https://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html) you can find the PDF article and so on ..@WhiteWinterWolf –  Aug 15 '15 at 14:22
  • @begueradj: I'm still not convinced, to avoid out-of-topic discussions here I've created [a new question](https://security.stackexchange.com/q/96915/32746), feel free to bring me some lights on this hibernation issue :)! – WhiteWinterWolf Aug 15 '15 at 15:37
  • About the hibernation vs shutdown I agree with @WhiteWinterWolf and don't understand the quotes: when a computer hibernates, it **is** "completely shut down", and an "externally-held secret **is** required to resume normal operations". However I was partially wrong when I said that the encryption software should unmount the partitions and wipe the key on shutdown, because this is not possible for the system partition (it should be done symmetrically to the mount in the initramfs, in a shutdownfs, which apparently is possible, and would also solve the problem for hibernation). – cyril42e Aug 15 '15 at 19:24