Practical cold boot attack on IoT device - Case study on Raspberry Pi -
Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist f...
Saved in:
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/147144 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-147144 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1471442021-03-27T20:11:30Z Practical cold boot attack on IoT device - Case study on Raspberry Pi - Won, Yoo-Seung Park, Jong-Yeon Han, Dong-Guk Bhasin, Shivam 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits Temasek Laboratories Engineering::Computer science and engineering::Information systems::Information systems applications Cold Boot Attack IoT Device Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist for several seconds, allowing recovery through cold boot attacks. In this work, we investigate the vulnerability of IoT device such as Raspberry Pi against cold boot attack for the first time. Our study found that even though the boot sequence is different from laptop, personal computer, and smartphone, we demonstrate that it is still possible to steal the RAM data, even when the bootloader is not public. The net cost of the attack was under 10 dollars and 99.99% of the RAM data was successfully recovered. National Research Foundation (NRF) Accepted version This research is supported in parts by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber- Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001). 2021-03-24T01:58:11Z 2021-03-24T01:58:11Z 2020 Conference Paper Won, Y., Park, J., Han, D. & Bhasin, S. (2020). Practical cold boot attack on IoT device - Case study on Raspberry Pi -. 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits. https://dx.doi.org/10.1109/IPFA49335.2020.9260613 https://hdl.handle.net/10356/147144 10.1109/IPFA49335.2020.9260613 en © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/IPFA49335.2020.9260613 application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering::Information systems::Information systems applications Cold Boot Attack IoT Device |
spellingShingle |
Engineering::Computer science and engineering::Information systems::Information systems applications Cold Boot Attack IoT Device Won, Yoo-Seung Park, Jong-Yeon Han, Dong-Guk Bhasin, Shivam Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
description |
Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist for several seconds, allowing recovery through cold boot attacks. In this work, we investigate the vulnerability of IoT device such as Raspberry Pi against cold boot attack for the first time. Our study found that even though the boot sequence is different from laptop, personal computer, and smartphone, we demonstrate that it is still possible to steal the RAM data, even when the bootloader is not public. The net cost of the attack was under 10 dollars and 99.99% of the RAM data was successfully recovered. |
author2 |
2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits |
author_facet |
2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits Won, Yoo-Seung Park, Jong-Yeon Han, Dong-Guk Bhasin, Shivam |
format |
Conference or Workshop Item |
author |
Won, Yoo-Seung Park, Jong-Yeon Han, Dong-Guk Bhasin, Shivam |
author_sort |
Won, Yoo-Seung |
title |
Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
title_short |
Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
title_full |
Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
title_fullStr |
Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
title_full_unstemmed |
Practical cold boot attack on IoT device - Case study on Raspberry Pi - |
title_sort |
practical cold boot attack on iot device - case study on raspberry pi - |
publishDate |
2021 |
url |
https://hdl.handle.net/10356/147144 |
_version_ |
1695706155093852160 |