PGP Corporation Logo
select United States productsPurchasedownloadssupportpartnersnewsroomcompanycareerscontact
.
/ Home / Newsroom /
.
Newsroom
Media Releases
In The News
Overview
Awards & Reviews
Events
Article Reprints
CEO Blog
CTO Corner
Executive Briefs
Government Regulations
Webcasts
Newsletter
  

Cold Boot Attack

In a paper published Thursday February 21st, a team of security researchers affiliated with Princeton University announced they had discovered a way to leverage the inherent characteristics of DRAM found in all computers to circumvent various disk encryption products. It is significant to note that this is a hardware attack, not an attack on the encryption tools themselves. The “Cold Boot Attack,” as its known, is dependant upon the attacker having physical access to the computer either while it is running or within a few minutes of shutting down. The attack centers on compromising encryption products that store their key(s) in DRAM. The details of how the Cold Boot Attack works are well summarized on C|Net and can be viewed on YouTube. The entire paper is available here.

This announcement highlights the fact that all security tools and techniques, from firewalls to physical security methods, are designed to address specific threat models. Achieving comprehensive security in any given environment requires using a combination of security measures that addresses all of the potential threats to which the information in question may be subject. This is particularly true when protecting confidential information that is resident on complex modern computing devices.

Obviously information that is stored on desktop or laptop systems that are powered on and left unattended are vulnerable to a broad range of attacks far simpler than the Cold Boot Attack technique. What is unique about the Cold Boot Attack is that it also works during the period between powering off a computer and a few minutes after shut-down when the information stored in DRAM is actually gone. The attack is based on the insight that information stored in modern DRAM chips does not disappear the instant a computer is powered off.

While the report’s authors did not attempt to breach any PGP Corporation products, the technique could theoretically be used to attack all current generation full disk encryption products including PGP Corporation’s Whole Disk Encryption (WDE). In practical use, however, it is unlikely most users would be subject to this type attack. Even in those cases where a user is subject to this class of attack, there are simple ways to mitigate attacks on data protected using PGP® WDE.

PGP Corporation advises the use of both WDE and PGP® Virtual Disk features to mitigate the broadest range of attacks on confidential information resident on desktop and laptop computers. All users that have purchased WDE installed also have PGP Virtual Disk and file encryption features available within PGP Desktop. We advise users concerned about this class of threat to utilize PGP WDE and keep confidential information in a PGP Virtual Disk encrypted volume and to unmount that volume when it is not in use. PGP Virtual Disk not only erases the key used from memory, but prevents that key from being readable in any way once the PGP volume is unmounted. Consequently, if a user utilizes PGP Virtual Disk encryption and unmounts the volume when it is not in use, the information on the volume will not be subject to the Cold Boot Attack as described in the Princeton research paper. For further perspective on this issue see Jon Callas CTO Corner.

If you have further questions, please see http://support.pgp.com.

Cold Boot Attack Q&A

Q: Who is the group that developed the Cold Boot Attack?
A: The paper was published by a respected group of security researchers led by a team at Princeton’s Center for Information Technology Policy.

Q: Who does this affect?
A: The Cold Boot Attack approach could potentially impact users of a broad range of encryption products that store their key(s) in DRAM and don't proactively delete those keys when not in use on systems that are left unattended while powered on or during the first few minutes after the computer is shut down.

Q: Are PGP® products subject to the Cold Boot Attack approach?
A: The authors of the Cold Boot Attack technique did not attempt to breach any PGP Corporation products. However, this approach could theoretically be used to attack PGP® Whole Disk Encryption and under certain circumstances the key used by PGP WDE could be compromised.

Q: Is there anything a PGP® WDE user can do to mitigate the Cold Boot Attack?
A: Yes, there a number of steps that PGP WDE users and PGP Universal administrators may take to mitigate the Cold Boot Attack:

  • When possible, place computers in hibernation instead of sleep mode. Hibernation mode removes encryption keys from DRAM.
  • Prevent anyone other than an authorized user from having physical access while the computer is on or during the few minutes after shut down when it might be susceptible to this type of attack.
  • PGP® Virtual Disk, which is bundled with WDE, can be used to blunt the Cold Boot Attack. This Cold Boot Attack is ineffective against data in an unmounted PGP Virtual Disk encrypted volume.
  • Keep sensitive data on encrypted storage with products like PGP® NetShare. Like PGP Virtual Disk, NetShare does not leave encryption keys in DRAM when NetShare volumes are unmounted.
  • Configure PGP® Desktop to unmount PGP® Virtual Disks if the computer goes to sleep. The control of this feature may be found in Preferences: Disk: PGP Disk Unmounting. PGP Universal administrators may also implement such a policy for all associated PGP Desktop users in the PGP Universal console

Q: Why does PGP Virtual Disk encryption mitigate this type of attack?
A: PGP Virtual Disk encryption only stores the encryption key it uses while the volume in question is actively mounted. When the encrypted volume is unmounted the key is deleted from memory in such a way that it is not vulnerable to the Cold Boot Attack as described in the paper.

Q: Will PGP Corporation address this class of attack to prevent it working against PGP WDE?
A: We are currently researching additional methods that could potentially mitigate this type of attack. Additionally, we have reached out to the authors of this report to discuss ways in which this type of attack can be best addressed as a part of PGP Corporation’s ongoing efforts to work with the best security experts globally to develop the most effective data security solutions.

Q: Is there a hardware solution to this type of attack?
A: PGP Corporation is willing to work with hardware manufacturers that make CPUs, chipsets, or DRAM to develop ways to solve the issue. This is an attack on the hardware itself, and consequently, a complete solution must include hardware vendors. 

.