Lest we forget: Cold-boot attacks on scrambled DDR3 memory. (29th March 2016)

Record Type:
Journal Article
Title:
Lest we forget: Cold-boot attacks on scrambled DDR3 memory. (29th March 2016)
Main Title:
Lest we forget: Cold-boot attacks on scrambled DDR3 memory
Authors:
Bauer, Johannes
Gruhn, Michael
Freiling, Felix C.
Abstract:
Abstract: As hard disk encryption, RAM disks, persistent data avoidance technology and memory-only malware become more widespread, memory analysis becomes more important. Cold-boot attacks are a software-independent method for such memory acquisition. However, on newer Intel computer systems the RAM contents are scrambled to minimize undesirable parasitic effects of semiconductors. We present a descrambling attack that requires at most 128 bytes of known plaintext within the image in order to perform full recovery. We further refine this attack using the mathematical relationships within the key stream to at most 50 bytes of known plaintext for a dual memory channel system. We therefore enable cold-boot attacks on systems employing Intel's memory scrambling technology.
Is Part Of:
Digital investigation. Volume 16(2015)Supplement 1
Journal:
Digital investigation
Issue:
Volume 16(2015)Supplement 1
Issue Display:
Volume 16, Issue 1 (2015)
Year:
2015
Volume:
16
Issue:
1
Issue Sort Value:
2015-0016-0001-0000
Page Start:
S65
Page End:
S74
Publication Date:
2016-03-29
Subjects:
Cold-boot memory acquisition -- Scraping -- Scrambling -- Whitening -- Decryption
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285
Journal URLs:
http://www.sciencedirect.com/science/journal/17422876
http://www.elsevier.com/journals
DOI:
10.1016/j.diin.2016.01.009
Languages:
English
ISSNs:
1742-2876
Deposit Type:
Legaldeposit
View Content:
Available online (eLD content is only available in our Reading Rooms)
Physical Locations:
British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store
Ingest File:
7518.xml