Cold Boot Attack Defense
From Whonix
TODO: write introduction
- What is a cold boot attack.
- What is RAM.
- Explain DDR2 vs DDR3 RAM.
- How is RAM different from mass storage.
- Document how to find out if one is using DDR3 RAM.
Defending Cold Boot Attacks makes most sense for users of Full Disk Encryption and/or Host Live Mode.
To make memory forensics harder, make sure you shutdown your computer normally [2] and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. [3]
Use DDR3 RAM since it might be resistant to this attack. [4]
Development Discussion[edit]
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
Footnotes[edit]
- ↑
- https://www.youtube.com/watch?v=JDaicPIgn9U [archive]
- https://en.wikipedia.org/wiki/Cold_boot_attack [archive]
- https://blog.f-secure.com/cold-boot-attacks/ [archive]
- https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf [archive]
- https://cyberside.planet.ee/docs/fares_coldboot.pdf [archive]
- ↑
so the Linux kernel's memory erasing features (
page_poison
,slub_debug
orinit_on_free
) and/or your firmware reset attack mitigation can kick in - ↑ And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
- ↑
Quote On the Practicability of Cold Boot Attacks [archive]:
we could not reproduce cold boot attacks against modern DDR3 chips.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
LIVE MODE: Host operating system or VM can be booted into Live Mode, using Host Live Mode or VM Live Mode.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.