Wipe RAM on shut down to prevent Cold Boot Attack

My system is encrypted using Full Disk Encryption, i.e. everything except /boot is encrypted using dmcrypt/luks. I am concerned about Cold Boot Attacks, where researchers demonstrated, that content could be extracted for about 5 minutes.

Can you please provide instructions on:

how to trigger kexec into a new kernel at the very last steps of the shutdown/reboot process (to ensure clean dismount, to prevent file system corruption, to ensure the old kernel gets overwritten)
how to create that kernel, which wipes all the ram

i.e. Can you explain please, how to do the same on Ubuntu?

How to detect the shutdown? How to start the RAM Wipe? The RAM should be wiped upon the user clicks "shutdown" or if he starts a "panic script".

Thanks for your efforts!

Prior work:

If you want to see the feature become reality, vote on Ubuntu Brainstorm!

http://brainstorm.ubuntu.com/idea/30076/

James Mitch

Posted 2012-08-21T09:28:51.630

Reputation: 406

6How do you intend to detect the "shutdown"? The power is simply gone, not much you can do about that in software. And since the attacker has physical access, relying on an USV is problematic. To quote the wikipedia article you linkes: "To execute the attack, the machine is cold-booted. Cold-booting refers to when power is cycled “off” and then “on” without letting a computer shut down cleanly, or, if available, pressing the “reset” button. " – CodesInChaos – 2012-08-21T09:51:16.257

1Detect shutdown? User clicks "shutdown" or clicks a panic button. I'll add the clarification to the question. – James Mitch – 2012-08-21T11:05:03.077

Here is the only way I know how to prevent a "Cold Boot Attack" you sit at your desk for 5 minutes after you shut your computer down. Your question still makes no sense, for instance, "Can you port please ..." makes no sense. – Ramhound – 2012-08-21T11:15:49.690

1It makes a lot sense. If it wouldn't make sense, Tails and Liberte Linux wouldn't feature it. It's just a logical step to use it also for desktop operating systems, which are not Live CDs. – James Mitch – 2012-08-21T11:21:31.313

2Use case: it knocks on the door. Current situation: you can shut down but it takes 5 minutes until encryption goes effective (risk of cold boot attack). With a RAM wipe script: press the panic button and everything is almost instantly secure. When the script is ready it could easily be expanded, go active when removing an USB drive. That could even work if someone robs a notebook, if the victim is fast enough to remove the USB drive. – James Mitch – 2012-08-21T11:25:47.297

The "can you port" has now a different formulation. – James Mitch – 2012-08-21T11:27:19.883

Surely you wouldn't need to reboot into a new kernel in order to do this but instead have a kernel module that runs as the last item in the shutdown. IIRC when Linux is shutting down it basically unmounts all disks and surely just after that it is easy to allocate all the system memory, write 0's to it and finish shutting down. Better yet I would have thought this should be a part of the encrypting filesystem, after it gets unmounted and prior to unloading it can easily wipe its keys as it knows where they are stored... Anything more sounds like an extreme case of paranoia. – Mokubai – 2012-08-21T12:27:55.337

4Tell us if you have a RAM DDR2 or DDR3. DDR3 are immune to Cold Boot Attack. They only keep voltage for couple of seconds after forced power off. If you here knocking then pull the plug. If you have older RAM - i would enable TWO things in BIOS - 1. AutoStart after Power loss to last known state. 2. Ram size Check at each boot. This will allow you to Pull the plug, plug it back and go to door while your BIOS will clear the RAM for you and load System after that. This is quicker then you will ever need. – mnmnc – 2012-08-21T13:56:28.380

4It's 2012. There is no Cold Boot Attack anymore unless you are using 10 year old laptop. If i would want to get to your encrypted data i would exploit the system security hole or send you a trojan horse to get your data for me. The same would be done by State agencies. Breaching the door and attempting CBA is too risky in light of currently available encryption algorithms. It would be enough to have a not common screws in your box and anyone attempting CBA would leave empty handed after you pulling the plug. – mnmnc – 2012-08-21T14:19:54.287

@Mokubai that a kernel module or the encryption software wipes the keys is a good start. For good privacy, everything else should be wiped as well. – James Mitch – 2012-08-21T16:52:17.163

@mnmnc my BIOS does not have such options. And if it had, it wouldn't be a safe method unless the researched tested that it will really wipe the RAM. – James Mitch – 2012-08-21T16:55:10.437

@mnmnc About your 2012 / DDR3 RAM answer... Commented on it below your answer below. – James Mitch – 2012-08-21T16:58:14.397

6You know, this degree of paranoia will only make the black helicopter guys that much more interested in you. – Daniel R Hicks – 2012-08-21T17:43:19.220

1@DanH More likely fat guys in an NSA datacenter with sunglasses and a 'I 0x3C 0x33 AES' t-shirt – mnmnc – 2012-08-21T17:49:07.960

Answers

If you are not using old RAM like DDR2, 512 MB or 1024 MB then you should not be worried about CBA.

Take a look at original Research here (PDF).

If you will read it carefully, you will find that only DDR2 and older are prone to this attack. DDR3 lose voltage too fast to allow computer case dismount and freeze procedure. So simply pull the plug before answering the door.

Also, this paper confirms that DDR3 is not susceptible to a CBA. If in fact you want to secure yourself because you have DDR2 RAM then enable in BIOS:

Autostart after Power loss
RAM check at boot time

and do the same as with DDR3 but after pulling the plug, plug it back in. Your computer will start itself and wipe the ram by checking it. If it will not wipe efficiently enough, the boot process will load the system to the RAM again. It will be far too quick to allow for CBA.

From the link you provided in comments:

Therefore, in conclusion, the cold boot attack should not be viewed as the primary method for acquiring a suspect computer system’s memory. Instead, other techniques including both software and hardware-based acquisition (i.e. FireWire) should be attempted prior to carrying out a cold boot attack against said system. However, should a situation occur where the aforementioned techniques are either not available (i.e. lack of FireWire connection or system login console or remote memory acquisition is not possible) or are ineffectual, then the cold boot attack may be administered assuming that the investigator understands both how and where problem may arise and go awry.
As this study has shown, the cold boot attack cannot be established as being particularly forensically sound or reliable since in most of the experiments conducted herein memory-resident encryption keys could not be consistently found or extracted although they should have been. The same can also be said for the various strings and keyword searches which should have turned up far more strings and keywords than were found for most of the experiments. Moreover, as has been demonstrated, merely the act of flash-freezing computer memory does not guarantee the successful acquisition of said memory. Other factors and variables already examined have fully examined these issues and their underlying causes. Thus, it is the opinion of the authors of this study that the cold boot attack can be useful in some cases to acquire a suspect system’s memory but that this method should not be considered a panacea and instead should be used as a last resort when all other avenues have been exhausted.
Finally, even a successful acquisition which has suffered little to no degradation will likely not stand up in a court of law as sound evidence, at least until jurisprudence has occurred and the integrity of the acquired memory can be demonstrated to be intact using a sound and understandable methodology. The search continues to establish a more proper and reliable way of acquiring the memory of a suspect’s computer...

Also if you check the experiment results, you will realize that they successfully extracted the AES keys only in the system 2 and 6 and those were Warm Boot Attacks when you look at the specs of system 2 - 1024 MB RAM 533 MHz - this is old stuff. The other system - system 6 with 256 RAM / 128 RAM - I guess this one is self explanatory.

This is exactly why their conclusion was:

The search continues to establish a more proper and reliable way of acquiring the memory of a suspect’s computer...

Actually i believe that if you have very very very important data you should not only use Full Drive Encryption but also keep it in a separate encrypted file. Encrypted with cascade algorithms and a different password then the one used during disk encryption. You want a secure way of shutting down the PC? Here it is:

Keep secure data in True Crypt cascade algorithm encrypeted file
Use Serpent
Create a script to handle shutdown:

For Windows:

truecrypt.exe /wipecache
shutdown -s -f -t 1

For Linux:

truecrypt /wipecache
shutdown -h now

Wipe cache ensures that no vulnerable data remains in RAM after shutdown. If someone will perform Cold Boot Attack they will have access to your System at best. They will not have data stored in a separately encrypted file.

mnmnc

Posted 2012-08-21T09:28:51.630

Reputation: 3 637

@JamesMitch ike just updated my answer with relevant paper that proves what I stated before about DDR3 being resistant to CBA. – mnmnc – 2015-02-05T15:33:26.640

I found another paper from 2010. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA545078 [PDF] Some bits are also about DD3 but it definitively does not say DD3 is safe against this attack.

– James Mitch – 2012-08-21T16:48:57.790

Have you read this document you presented? I will update my answer with my findings after lecture of it. But to be honest they just prove what i have said before. – mnmnc – 2012-08-21T17:22:30.297

The paper was already linked on a site I liked in my original question. It's ok pointing at it. However, it does not say anything about DDR3. PDF's can be searched and the term DDR3 is just not inside. – James Mitch – 2012-08-21T17:30:19.153

@James Mitch DDR3 is mentioned on page 17 (comparison). They were probably using ddr3 on a system 1 and 3 where 2 GB/4 GB RAM per module was used. Those were immune to their attempts to get the keys with CBA/WBA. – mnmnc – 2012-08-21T17:40:26.970

2I don't go with this conclusion. This question was not about avoiding law enforcement. In fact it kills the discussion if the question is about evading law enforcement. Let's not talk about law enforcement. Lets talk about industrial espionage.Someone who has 4 or 16 GB RAM or more and was working one some expensive, important documents, sketches, source code, etc. He will be happy if the encryption keys can not be extracted but can still loose a lot money if his documents are stolen from RAM. – James Mitch – 2012-08-21T17:50:01.357

2While I hate to clarify the use case... Information is not about being accepted in court as a proof or not. Also other people have legitimate reasons to wipe their RAM. Law enforcement wants to hide witness-protection program. Secret service wants to hide their intelligence. Industry wants to hide their business secrets. If the encryption key is safe, fine. The rest of the data still wants to be safe, even bits of it. My original question remains open. – James Mitch – 2012-08-21T17:54:09.090

If you are working on something expensive you should do it on a isolated PC without access to the internet. Regarding RAM you should use devices with tamper detection. This is not new idea. Take a look in here: http://www.cypress.com/?docID=22499. IBM have hard drives with auto destruct ability.

– mnmnc – 2012-08-21T17:57:39.043

@JamesMitch .If Secret Service is not preventing physical access which is the only way to perform attack on RAM then there is no need for encryption. The fragile data should not be moved outside a network isolated data center. The same with Law enforcement and witness-protection data. If they are accessible outside the datacenter or can be moved on a personal laptop - they are not secure not because of lack of encryption but because people are the weakest in the security chain. – mnmnc – 2012-08-21T18:03:25.563

1I could construct more use cases where people travel etc... Many people encrypt their drives and if they were aware that parts of their RAM could be reconstructed they'd prefer to take action to prevent that.If you search a bit old discussions on Google, you'll find out that most people are not aware that RAM contain(ed) data after power got cut. If disk encryption could be substituted with physical security people wouldn't bother with disk encryption. Both concepts encryption and physical encryption have their right to exist. Security is always only working on bits. This one is a missing bit. – James Mitch – 2012-08-21T18:32:59.077

1Well, yes i agree. The level of knowledge among the people is poor. But you won't be able to incorporate the solution that will make them safer. security requires dyscypline. Average Joe will not use Full Disk Encryption because he is afraid someone will stole his credit card number. If you have a fragile data that you want to be absolutely safe - use Truecrypt to create an encrypted file - do not encypt the drive as a whole. Truecrypt has a swich 'wipe' which removes permanently keys from RAM memory by overwriting it. You can place it in a shortuct. Do not hunt flies with cannon. – mnmnc – 2012-08-21T19:15:00.220

You must encrypt whole system, otherwise registry, temporary files and swap can contain sensitive data. 2. "master keys used for system encryption cannot be reliably (and are not) erased from RAM when a computer hibernates, is shut down or restarted" source: http://www.truecrypt.org/docs/?s=unencrypted-data-in-ram 3. TrueCrypt full disk encryption is only available for Windows. This was a Linux question. 4. This would only wipe the encryption key. The documents you worked on before may still be retrieved from RAM.

– James Mitch – 2012-08-23T11:49:44.677

1About the DDR2 vs DDR3 thing: you won't find a research paper claiming that the situation improved because of DDR3. That's just an unproven claim. Mail the research paper authors, they won't tell DD3 is more secure. Yes, I've done that... – James Mitch – 2012-08-23T11:58:16.333

Ok then create a C++ program that will create an object and store it on the heap. Place the loop in the program that will create a copy of this object and store it on the heap as well. The loop will systematically fill your RAM overwriting previous content. The shutdown script will have 1. /wipecache 2. call for program to fill the RAM. 3. shutdown procedure. The bigger the object the faster it will fill the RAM. Use threads to make the program work faster. But it will not erase the RAM occupied by System and you will not be able to do this in a system shutdown procedure. – mnmnc – 2012-08-23T11:59:07.673

1@JamesMitch at this point if proposed coutermeasures are not satisfying your needs, i think you should first of all think about Faraday Cage for your PC - because there are ways of echoing your screen remotely by specialized electrical field trackers that the State agencies have access to. If they will suspect you have encryption of any kind they will use it as a first attempt probably. – mnmnc – 2012-08-23T12:20:28.823

1"Ok then create a C++ program that will create an object and store it on the heap. [...]" > That won't work well. Existing RAM won't get overwritten. Would fill up the swap file. It won't overwrite everything. A secure and clean way to do it would be kexec combined with smem or memtest. Answer by ultrasawblade was so far the only one which went into the right direction. – James Mitch – 2012-08-24T20:36:11.140

"@JamesMitch at this point if proposed coutermeasures are not satisfying your needs, i think you should first of all think about Faraday Cage for your PC - because there are ways of echoing your screen remotely by specialized electrical field trackers that the State agencies have access to. If they will suspect you have encryption of any kind they will use it as a first attempt probably. – mnmnc" > One issue at the time. One issue per question. You might be laughing, people are discussing (and working on?) anti tempest. – James Mitch – 2012-08-24T20:42:02.067

Peter A. H. Peterson at UCLA wrote a proof of concept technology and developed the theory for securely running your system with encrypted RAM, and the solution is expressly designed to prevent cold boot attacks. The name of his paper is Cryptkeeper. I don't know if he makes the software available for download or if it is possible to license it from UCLA. However, it is apparently possible, at least in principle, to design a cryptosystem for RAM that is secure even if the entire contents of RAM is disclosed.

The measured performance impact of this solution is between a 9% overhead and a slowdown by a factor of 9, depending on how "pathological" the scenario is. The 9% figure is cited as applying to browsing the web with Firefox, but they didn't state what use case would slow down the performance by a factor of 9.

Peterson's solution does not "wipe" the RAM as you suggest. Rather, it uses a "secure key-hiding mechanism" to prevent the decryption key from being disclosed just by virtue of obtaining the contents of RAM. I am not sure of the details of the implementation, but I assume it is explained in the paper.

The paper was published in 2010.

It is available for purchase on IEEE's ieeexplore website. It is also available for direct download as a PDF without charge from someone's website; it is up there on the google search results for "cryptkeeper RAM"... but I'm not sure how long that result will stay up there.

I was tempted to make this a comment rather than an answer, because this solution does not "wipe" RAM as you asked. However, I believe that if Peterson's research is technically correct, this will have the same practical effect -- or possibly even a "better" effect -- than wiping the RAM. The reason is that a skilled physical attacker could probably interrupt your system program's attempt to wipe the RAM if they were expecting such an operation to occur -- for example, pulling the battery out of the unit or holding down the power button before the operation can complete. Peterson's solution is more secure because it is not based upon a necessary time window under which the computer is permitted to continue executing instructions in order to complete the wipe. Instead, memory is constantly protected, even if the CPU itself is instantaneously killed by some incredible feat of technology before you even have a chance to react to the attacker.

And by "incredible feat of technology" I mean something like Stuxnet.

allquixotic

Posted 2012-08-21T09:28:51.630

Reputation: 32 256

Great find. Definitely +1 from me. But unavailable for confirmation - you need to pay to read the document. Personally i wouldn't trust it - while it is not commonly used it will most likely have implementation bugs all over it. I would feel like building a steel-concrete wall in front of my house while not having even a fence at the back side of it. – mnmnc – 2012-08-23T14:37:32.763

On the other hand, the fact that it's not commonly used makes it less likely to be known to attackers. It's constantly a cat and mouse game between attackers and defenders. The best possible solution is to have a truly robust security system that ALSO benefits from obscurity / unknown-ness. If you can't have that, the second best solution is to have a well-known, publicly-tested solution that is also robust, like TLS. This one isn't widely employed like TLS, so we don't know yet if it is robust. Hm. Schroedinger's Cat or Heisenberg Uncertainty type problem. – allquixotic – 2012-08-23T15:11:37.473

Also, for your information, the top google result for "Cryptkeeper RAM" is a direct download PDF of this graduate researcher's paper, available directly from his own website. His nickname is apparently Pedro and it's hosted on his tastytronic.net domain. See here and here. So that tells me he put the paper on his own website of his own free will, and it's thus public domain? Or at least publicly accessible with a "shhhh don't tell IEEE" ;-)

– allquixotic – 2012-08-23T15:14:17.603

Marvelous. Thank you very much for the link. It will be an interesting lecture. – mnmnc – 2012-08-23T15:53:40.147

Yes, interesting and perhaps more secure than wipe RAM. Unfortunately even more unrealistic to get. Therefore I'd be happy also getting an answer to the original question. Not perfect, but good stopgap. Thanks for sharing. – James Mitch – 2012-08-23T20:52:03.113

The Xbox 360 has some sort of encrypted RAM. – LawrenceC – 2013-10-03T11:38:08.323

I would imagine memtest86 would be pretty good at wiping RAM. I've always wanted to try the below but haven't. If I do try it I will update it.

Read the kexec man page. And don't try to kexec the .iso, but you need to unpack the iso and snag the bootable binary. On the memtest86 site above you can just download the binary.

You have to use a kexec command to load what you're booting into first.

So I think what you can do is:

kexec -l {path-to-memtest86-bootable-binary} --append=console=ttyS0,115200n8

and when you are ready to pull the trigger:

kexec -e

I'm thinking (but could be wrong) that the --append=console=ttyS0,115200n8 gets memtest86 to work over the serial port. So if you have one you can verify it is working even if it does not show up on video output, which is a possibility since memtest86 doesn't perform video initialization. Killing any running instances of X is probably a good idea.

The Debian kexec-tools package (also available on Ubuntu) hooks this into the shutdown scripts, so if you edit /etc/default/kexec you can tell the shutdown process to invoke kexec as the final thing instead of rebooting. That is, if you are interested in a clean shutdown.

In an emergency, a sync; kexec -e would work.

However, it's possible some chipsets, once they are initialized, cause lockups to happen if certain areas of memory are addressed. I don't know how this would work in practice.

A good compromise if kexec does not work is to install memtest86 to your bootloader, put it as the default boot item, and have a 1 second delay until automatic choosing (or no delay and rely on a keypress to bring up the memu). This could get you into memtest86 from a "fresh-boot" condition fairly quickly, but not instantly.

Note that this does not account for video RAM. A solution for that is to setup your video RAM as a block device, and output /dev/random to the block device for a few iterations.

LawrenceC

Posted 2012-08-21T09:28:51.630

Reputation: 63 487

Looked into it and google and so on. According to https://tails.boum.org/bugs/sdmem_does_not_clear_all_memory/memtest86plus/ there is one remaining issue with memtest: "There is still a small amount of memory not wiped." Thanks anyway, the kexec stuff looks useful and easy.

– James Mitch – 2012-08-21T19:00:19.210

This is an old question but I think I can contribute. As said before, a software-based memory wipe isn't the best solution, simply because the power can be suddenly cutted-off, so the wipe software will not be executed.

I can imagine the best scenario to illustrate the problem: You run illegal business on your computer in your home. One day, the electric power suddenly disappear, and then a FBI squad storms the door of your house, arrest you and then a nerd technician quickly opens the case of your computer and use inside it a cold gas to freeze the memory state to buy some time to do a Cold Boot Attack.

So, the best way to solve this problem is to make the computer case safer, by making it difficult to open (something like a vault), or even destroying the memory by heating the board using a battery-powered resistance, ignited by a tamper switch in the case. Few seconds at high temperatures can destroy the data, or even destroy the chips, witch isn't a big problem in this situation.

Daniel Ribeiro

Posted 2012-08-21T09:28:51.630

Reputation: 21

I always thought about thermite here :-) – Konrad Gajewski – 2015-08-29T18:24:16.513

1Thermite is indeed a nice solution... Easy to ignite and impossible to stop the reaction. You just need to make a safe activator circuit... Because if it starts the reaction by accident, you'll have a really hard time. – Daniel Ribeiro – 2015-09-08T19:17:19.117

What no-one else has mentioned yet is that 0xPoly on GitHub coded a Linux/OSx tool for this 6 years ago. It's called Centry. From the page we have features:

Features

User-friendly GUI interface
When in panic mode, Centry can:
- Lock the screen
- Unmount all Truecrypt disks and clear the password/keyfile cache
- Write zeros to RAM using sdmem (on UNIX-like systems)
- Force an ACPI shutdown (equivilent holding down the power button)
- Propogate the panic signal to all other nodes in the network
Settings to improve security on ECC-enabled systems
Extensively customizable
Compatable with Linux and Mac OS; with significantly more security in Linux.

xendi

Posted 2012-08-21T09:28:51.630

Reputation: 113

The problem is if your computer is running and the screen is locked. At this point, the AES key is stored in RAM, and the user is away from the computer. An intruder could open the computer case and remove the RAM modules, while keeping them powered, and placing them in a separate device that reads their content. There is no need to shut down the system or freeze the modules before extraction. RAM is not trustable to hold the AES key, but the processor's cache is, like the solution named TRESOR. Unfortunately that requires an old Linux kernel, and advanced knowledge of patching and compiling the kernel.

Derek

Posted 2012-08-21T09:28:51.630

Reputation: 11

This shows you do not understand how ram works, you also need to have a ram controller to refresh it every N ms to retain the data. – Geoffrey – 2015-07-24T11:41:54.363

any claim to support ram holds the aes key? – BlueBerry - Vignesh4303 – 2013-10-03T11:27:45.860

-2

Sorry, but you are being paranoid. First, as other users indicated, apparently the Cold Boot Attack only works on older hardware.

If you still think that it is a threat, wiping is not the solution.

The Cold Boot Attack involves:

cold booting the machine
booting a lightweight OS to scavenge the encryption keys from memory

If someone manages to perform the cold-boot then obviously your wiper won't have the opportunity to run. So it makes no sense to install one.

This is the main case of the attack. Let's now assume that the attacker doesn't want to cold-boot herself the running server (e.g. because that would trigger a monitoring alert), instead she waits to perform the attack within 5' of a clean shutdown. In this case:

A generic RAM wiper won't do you any good either. Since the attacker is assumed to be physically present in order to power-on the machine and scavenge the keys, she can also cold boot the machine just before the wiper starts running. (Monitoring alerts at this point are expected.)
A specialized program that first wipes the exact location of the FS encryption keys before wiping the rest of the RAM (e.g. truecrypt /wipecache mentioned by mnmnc) could make attacker's job more difficult. Still:
- The attacker would still be able to scavenge some of the RAM contents by not letting the wiper run through the whole RAM. But at least the bulk of the data on the FS would be safe.
- The solution would not be 100% foolproof - it only makes it harder for the attacker to time the cold-boot.

So, if you are really worried about this attack, I'd suggest that you learn kung-fu and stand guard for 5' next to the machine each time you shut it down. Or maybe use a boot password in your BIOS? Both the suggested measures do not need to be 100% effective: attackers may still beat you and read the BIOS password from your MB using technical means. You just need to delay them for 5' so that the attack time-window expires.

Finally, if you are worried about someone performing the whole feat remotely, you are already pwned hard.

m000

Posted 2012-08-21T09:28:51.630

Reputation: 846

2That it works only on older hardware is unproven. I posted this in a security forum! Paranoid or not. If you have nothing constructive to add, don't reply. Let the paranoid people discuss their paranoid stuff. There are a lot people discussing this, I am going to add a few more links to the original question. – James Mitch – 2012-08-21T19:31:09.717

What you mean nothing constructive? I detailed you how memory wiping is an inefficient countermeasure for this attack. People discussing your proposal to wipe the memory does not make it a valid countermeasure to the attack. To be frank it is technically intriguing to add this wiper, but just for the sake of it. Not because it will prevent the cold boot attack. – m000 – 2012-08-21T19:37:30.553

"The Cold Boot Attack involves: cold booting the machine" > Wrong. Ram gets removed and cooled with dry ice.; "booting a lightweight OS to scavenge the encryption keys from memory" > Wrong. After RAM got cooled it can be examined in another machine. Just look into the original question, there is a link to the demonstration with the dry ice. – James Mitch – 2012-08-22T00:54:52.143

1About the DDR2 vs DDR 3 thing: you won't find a research paper claiming that the situation improved because of DDR 3. That's just an unproven claim. Mail the research paper authors, they won't tell DD3 is more secure. – James Mitch – 2012-08-22T01:02:01.350

Let's imagine for fun we already have a panic script, which can wipe the full RAM. The user could sit somewhere in public, a bar or even at home with his notebook. The moment the notebook gets robbed he pulls a trigger. A trigger could be a remote button, react on shaking or a USB pendrive could be plugged into the notebook connected by string to his arm. One way or another, when the notebook is robbed, RAM gets wiped and notebook powers off. Cold boot attack with dry ice is completely defeated. – James Mitch – 2012-08-22T01:08:42.360

Please... Don't tell me about physical security. In security you don't always mitigate risks by avoiding activities. You don't substitute one technique with another. Optimally they are combined. Example: Users asking questions how to prevent eavesdropping in a hotspot? Good Answer: use https, vpn maybe, etc. Bad answer: do not use hotspots. Another example: User wants no one else is reading its data. Good answer: use encryption. Bad answer: do not use a computer. And this one is no different: How to wipe RAM? Good answer: ??? Bad answer: you don't need it, you are paranoid, learn kung-fu. – James Mitch – 2012-08-22T01:14:21.960

@JamesMitch "you won't find a research paper claiming that the situation improved because of DDR 3" maybe you will not find any paper but i think if TrueCrypt authors claims to be that way - we can trust. Take a look in here: http://www.truecrypt.org/docs/?s=unencrypted-data-in-ram and read the first asterisk * at the bottom. Quote: "New types of memory modules allegedly exhibit a much shorter decay time (e.g. 1.5-2.5 seconds) than older types (as of 2008)." That means that since 2008 somethings have changed in RAM...

– mnmnc – 2012-08-22T06:30:12.493

@JamesMitch First, let's clarify that somehow I understood your question as regarding some server and not a laptop. If someone can reach your server like that, you apparently have a physical security problem and the wiper won't do you much good. – m000 – 2012-08-23T20:52:33.620

@JamesMitch For the laptop scenario you describe, I agree that the wiper could save you from a random thief who steals the laptop and realizes in the process that your data are much more $$ than the actual hardware. – m000 – 2012-08-23T20:58:29.010

@JamesMitch Still, if you are worried about a targeted stealing of your laptop with the adversaries having a van waiting in the corner to open it, freeze the RAM and get the data, you have very determined and very well equiped adversaries. In which case improving physical security and policies (why walk around with that laptop?) should be the first thing to consider. Installing the wiper won't do you any harm, but depending solely on it may do (your adversaries may already be prepared for you having one). Anyway, good luck! Hope I was (even a tiny bit) helpful. – m000 – 2012-08-23T21:24:36.443

@m000 "First, let's clarify that somehow I understood your question as regarding some server and not a laptop. If someone can reach your server like that, you apparently have a physical security problem and the wiper won't do you much good." > Question is about anything. – James Mitch – 2012-08-27T18:56:00.807

@m000 Of course. The RAM wiper is just one piece in a whole security concept, which consists of several other pieces. – James Mitch – 2012-08-27T18:58:44.327