Are cold boot attacks still feasible : a case study on Raspberry Pi with stacked memory
| Autor: | Yoo-Seung Won, Shivam Bhasin |
|---|---|
| Přispěvatelé: | 2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC), Temasek Laboratories @ NTU |
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
Password
User information business.industry Computer science Cold boot attack Cold Boot Attack computer.software_genre Data recovery Raspberry pi Random-Access Storage Computer science and engineering::Data::Data storage representations [Engineering] Disk encryption Operating system business Internet of Things computer |
| Zdroj: | FDTC |
| Popis: | Cold boot attacks are semi-invasive attacks which have threatened computer systems over a decade now to leak sensitive user information passwords, keys and PIN. With internet of things (IoT) finding mass deployment, their security must be well investigated. In this work, we take a look at popular IoT device Raspberry Pi (model B+), which is already deployed in millions. Raspberry Pi features a stacked memory on top of its processor, making it impossible to physically separate the RAM from the processor. We investigate the decay model of a cold boot attack on Raspberry Pi. The results show a decay rate as low as 0.00027\% which is orders of magnitude lower than previous works allowing close to perfect data recovery. We further report successful recovery of secret disk encryption key when using dm-crypt on Raspberry Pi followed by discussion on mitigation strategies. National Research Foundation (NRF) Submitted/Accepted version This research is supported in parts by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001). |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|