A Proof of Concept on Defending Cold Boot Attack

Joo Guan Ooi and Kok Horng Kam
Intel Microelectronics Sdn Bhd


Abstract

DRAM is an essential memory of a modern computer. Microprocessor loads the data which the user requested into DRAM before processing the data. Hence, DRAM contains important information in a computer. Recently, security researchers disclosed that DRAM is vulnerable to attack. Through Cold Boot Attack, DRAM contents can be recovered even after the computer has been powered off for several minutes. The information obtained can be used to circumvent popular disk encryption system such as FileVault and Bit Locker. In this paper, we proposed an enhanced memory architecture which adds a data scrambling / descrambling layer between the microprocessor and DRAM controller to prevent the original data to be stored as cleartext in the DRAM. The original data will be scrambled before writing to DRAM and hence preventing the Cold Boot Attack. This new layer consists of XOR circuit, Galois Field Multiplication of order 128 and a Pseudo Random Number Generator. The scrambling scheme was selected in this proposal due to its simplicity for proof of concept. Any other cryptography scheme can replace the scrambling / descrambling blocks according to the required level of data protection. The designed blocks were implemented and tested on the Altera DE2 FPGA board using Nios II system. The results confirm that the use of the scrambling / descrambling blocks provides an easy solution with additional level of protection to secure the contents in the DRAM.