Practical cold boot attack on IoT device - Case study on Raspberry Pi -

Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist f...

Full description

Saved in:
Bibliographic Details
Main Authors: Won, Yoo-Seung, Park, Jong-Yeon, Han, Dong-Guk, Bhasin, Shivam
Other Authors: 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits
Format: Conference or Workshop Item
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/147144
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-147144
record_format dspace
spelling sg-ntu-dr.10356-1471442021-03-27T20:11:30Z Practical cold boot attack on IoT device - Case study on Raspberry Pi - Won, Yoo-Seung Park, Jong-Yeon Han, Dong-Guk Bhasin, Shivam 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits Temasek Laboratories Engineering::Computer science and engineering::Information systems::Information systems applications Cold Boot Attack IoT Device Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist for several seconds, allowing recovery through cold boot attacks. In this work, we investigate the vulnerability of IoT device such as Raspberry Pi against cold boot attack for the first time. Our study found that even though the boot sequence is different from laptop, personal computer, and smartphone, we demonstrate that it is still possible to steal the RAM data, even when the bootloader is not public. The net cost of the attack was under 10 dollars and 99.99% of the RAM data was successfully recovered. National Research Foundation (NRF) Accepted version This research is supported in parts by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber- Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001). 2021-03-24T01:58:11Z 2021-03-24T01:58:11Z 2020 Conference Paper Won, Y., Park, J., Han, D. & Bhasin, S. (2020). Practical cold boot attack on IoT device - Case study on Raspberry Pi -. 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits. https://dx.doi.org/10.1109/IPFA49335.2020.9260613 https://hdl.handle.net/10356/147144 10.1109/IPFA49335.2020.9260613 en © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/IPFA49335.2020.9260613 application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering::Information systems::Information systems applications
Cold Boot Attack
IoT Device
spellingShingle Engineering::Computer science and engineering::Information systems::Information systems applications
Cold Boot Attack
IoT Device
Won, Yoo-Seung
Park, Jong-Yeon
Han, Dong-Guk
Bhasin, Shivam
Practical cold boot attack on IoT device - Case study on Raspberry Pi -
description Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist for several seconds, allowing recovery through cold boot attacks. In this work, we investigate the vulnerability of IoT device such as Raspberry Pi against cold boot attack for the first time. Our study found that even though the boot sequence is different from laptop, personal computer, and smartphone, we demonstrate that it is still possible to steal the RAM data, even when the bootloader is not public. The net cost of the attack was under 10 dollars and 99.99% of the RAM data was successfully recovered.
author2 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits
author_facet 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits
Won, Yoo-Seung
Park, Jong-Yeon
Han, Dong-Guk
Bhasin, Shivam
format Conference or Workshop Item
author Won, Yoo-Seung
Park, Jong-Yeon
Han, Dong-Guk
Bhasin, Shivam
author_sort Won, Yoo-Seung
title Practical cold boot attack on IoT device - Case study on Raspberry Pi -
title_short Practical cold boot attack on IoT device - Case study on Raspberry Pi -
title_full Practical cold boot attack on IoT device - Case study on Raspberry Pi -
title_fullStr Practical cold boot attack on IoT device - Case study on Raspberry Pi -
title_full_unstemmed Practical cold boot attack on IoT device - Case study on Raspberry Pi -
title_sort practical cold boot attack on iot device - case study on raspberry pi -
publishDate 2021
url https://hdl.handle.net/10356/147144
_version_ 1695706155093852160