Disk Encryption and Cold-Boot Attacks


Author: InvisibleUser Team

Encryption can be useful for single files in an encrypted volume, but it is often better to encrypt an entire device. Device encryption can be done with both a PC or a smartphone. That way, you do not have to worry about where you save data, because the entire storage is encrypted. Disk encryption is a fantastic method to protect private data, but the devil is in the details. Many of the popular methods have their downfalls.

For encryption in general, we have another article called “Data Encryption protects your Privacy”. There, you will learn how data encryption works and how to protect your data from unauthorised access by criminal hackers, intelligence agencies and law enforcement. We also outline in detail how strong encryption actually is and why it is virtually impossible to crack without quantum computing, which does not exist yet.

Hardware Encryption vs Software Encryption

Software encryption can be done on the file system level or used for software-based full disk encryption. Both methods will use unencrypted executable code that can decrypt data if the right passphrase is entered. For full-disk encryption, the encryption software often creates a bootable section on the hard drive, which is started before the OS. This is called pre-boot authentication (PBA).

The OS is encrypted, so it cannot start without decryption. In such a scenario, the user has to enter the passphrase, after which the system can start normally. Encryption keys are stored in memory and handled by the CPU, which makes them vulnerable to attacks that target those, e.g. a cold-boot attack.

Hardware-encryption uses specialised devices that perform encryption key management within the controller of the disk. On power-up, this encrypted disk can be unlocked with a BIOS password, a software-based method similar to the one used for software encryption or a physical mechanism like entering a PIN on the physical device. Therefore, the encryption keys are not stored in memory all the time, which makes hardware-based full disk encryption safer.

The disadvantages are the high cost of devices, vendor lock-in, proprietary standards and, for many devices, poor documentation. Some companies do not use such disks, due to cost and the fact that you cannot easily manage the disks centrally or migrate data.

Both methods are vulnerable if your PC or the disk is turned on. An unlocked software encryption hard disk can be read normally and an unlocked hardware encryption hard disk can be read if transferred to another PC without cutting power. It is also wise to not put devices into sleep mode, since that does not fully shut down the disk.

Disk Encryption Security

In this section, we will talk about vulnerabilities of encrypted PCs and smartphones.

Cold-Boot Attacks

You should know that all devices we will mention, in this and the following chapters, use a software-based method for full-disk encryption. In contrast to hardware-based solutions, this can at least theoretically be broken by a cold-boot attack (wiki).

This attack requires the attacker to get hold of the device while it is still turned on. The device is then shut down abruptly, e.g. by removing the plug or battery. On most OSs, the contents of the RAM memory are not wiped and only slowly disappear from RAM. The technical term for this is “data remanence”.

The attacker tries to capture the data from RAM, because most OS level device encryption solutions save encryption keys or passwords in memory. The extraction process of RAM contents is done using a minimal OS that is built specifically for this purpose. The special OS has to be very small, otherwise it would overwrite the RAM memory you want to extract. After the PC is shutdown, this OS is immediately booted and the data collection is performed.

Encryption keys or passwords can then be used by the attacker to decrypt the disk drive. Cold-boot attacks are rarely used and require high expertise. You should not worry too much about them. Currently, police and other authorities do not have the equipment or skill for this attack. The attack can fail if the data disappears from memory, before it can be captured. When a cold-boot is performed, the RAM modules are often cooled with freeze spray to slow down the data loss, but sometimes not even that helps.

Situation on different Devices

On Linux (and Android), there is a kernel module patch available that enables developers to store encryption keys in the CPU register. This avoids leaving them in RAM, where they can potentially be extracted.

Windows and macOS also offer full-disk encryption solutions, but they do not have Linux’ cold-boot protection module. We will cover the security of Windows’ BitLocker and macOS’ FileVault in another article.

Devices that are completely immune to cold-boot attacks have to use hardware-based full disk encryption. They are rare, but you can still purchase these specialised hard disks. For maximum security, you should consider them as an option for data storage. Companies that are focused on protecting their own data and customer information use them frequently. Hardware-based full disk encryption is much more common in IT systems of enterprises than on the consumer-grade hardware market.

This guide is, however, written for individual users, so we give a clear recommendation to use encryption hardware. There are physically encrypted hard disks available for quite affordable prices (<250$/<200€ per 500GB). They sometimes have buttons that let you type in a password to physically unlock them.


Data Encryption protects your Privacy