Practical Cold boot attack on IoT device - Case study on Raspberry Pi -

Won, Yoo-Seung; Park, Jong Yeon; Han, Dong‐Guk; Bhasin, Shivam

doi:10.1109/ipfa49335.2020.9260613

Cited by 9 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unauthorised access to SRAM data through cold boot attacks can lead to serious security breach in the target system. The practicality of cold boot attacks have been widely demonstrated on platforms like laptop [7], desktop [9], scrambled RAM [10], smartphones [11] and IoT device [12]. Depending on the temperature of the memory, the data stored in memory can potentially retain even though losing the power.…”

Section: A Cold Boot Attackmentioning

confidence: 99%

“…desktop and laptop), the adversary can remove the victim memory and connect to another machine for recovering the data. If the memory cannot be separated due physical constraints (like stacked memory in chip package), a vulnerable boot sequence can be exploited to recover the sensitive data from cold boot [12]. In this paper, we concentrate on the vulnerability of Raspberry Pi against cold boot attack in order to investigate the ML model recovery.…”

Section: A Cold Boot Attackmentioning

confidence: 99%

“…To perform the attack, we need to identify the boot sequence of Raspberry Pi. Won et al [12] showed an attack on Raspberry Pi for recovery of memory content which was image data in their use case. We use a similar approach in the following.…”

Section: Practical Details On Cold Boot Attackmentioning

confidence: 99%

See 2 more Smart Citations

DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device

Won

Chatterjee

Jap

et al. 2021

2021 IEEE/ACM International Conference on Computer Aided Design (ICCAD)

Self Cite

View full text Add to dashboard Cite

EdgeML accelerators like Intel Neural Compute Stick 2 (NCS) can enable efficient edge-based inference with complex pre-trained models. The models are loaded in the host (like Raspberry Pi) and then transferred to NCS for inference. In this paper, we demonstrate practical and low-cost cold boot based model recovery attacks on NCS to recover the model architecture and weights, loaded from the Raspberry Pi. The architecture is recovered with 100% success and weights with an error rate of 0.04%. The recovered model reports maximum accuracy loss of 0.5% as compared to original model and allows high fidelity transfer of adversarial examples. We further extend our study to other cold boot attack setups reported in the literature with higher error rates leading to accuracy loss as high as 70%. We then propose a methodology based on knowledge distillation to correct the erroneous weights in recovered model, even without access to original training data. The proposed attack remains unaffected by the model encryption features of the OpenVINO and NCS framework.

show abstract

Section: A Cold Boot Attackmentioning

confidence: 99%

Section: A Cold Boot Attackmentioning

confidence: 99%

See 1 more Smart Citation

DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device

Won

Chatterjee

Jap

et al. 2021

2021 IEEE/ACM International Conference on Computer Aided Design (ICCAD)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although the devices used in IoT are low-cost, they do come in complex packaging adopting methods like stacked memory, package on package etc. Won et al [7] presented a first vulnerability investigation of modern IoT devices with stacked memory against cold boot attacks and reported high recovery rate from stacked RAM. While [7] explores the feasibility of cold boot attacks, the work is done in simple setting with no encryption enabled.…”

Section: Introductionmentioning

confidence: 99%

“…Won et al [7] presented a first vulnerability investigation of modern IoT devices with stacked memory against cold boot attacks and reported high recovery rate from stacked RAM. While [7] explores the feasibility of cold boot attacks, the work is done in simple setting with no encryption enabled. In this work, we investigate practical cold boot attacks to recover encryption keys from IoT devices.…”

Section: Introductionmentioning

confidence: 99%

Are Cold Boot Attacks Still Feasible: A Case Study on Raspberry Pi With Stacked Memory

Won

Bhasin

2021

2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)

Self Cite

View full text Add to dashboard Cite

Cold boot attacks are semi-invasive attacks which have threatened computer systems over a decade now to leak sensitive user information passwords, keys and PIN. With internet of things (IoT) finding mass deployment, their security must be well investigated. In this work, we take a look at popular IoT device Raspberry Pi (model B+), which is already deployed in millions. Raspberry Pi features a stacked memory on top of its processor, making it impossible to physically separate the RAM from the processor. We investigate the decay model of a cold boot attack on Raspberry Pi. The results show a decay rate as low as 0.00027% which is orders of magnitude lower than previous works allowing close to perfect data recovery. We further report successful recovery of secret disk encryption key when using dm-crypt on Raspberry Pi followed by discussion on mitigation strategies.

show abstract

On recovering block cipher secret keys in the cold boot attack setting

Banegas

Villanueva-Polanco

2023

Cryptogr. Commun.

View full text Add to dashboard Cite

This paper presents a general strategy to recover a block cipher secret key in the cold boot attack setting. More precisely, we propose a key-recovery method that combines key enumeration algorithms and Grover’s quantum algorithm to recover a block cipher secret key after an attacker has procured a noisy version of it via a cold boot attack. We also show how to implement the quantum component of our algorithm for several block ciphers such as AES, PRESENT and GIFT, and LowMC. Additionally, since evaluating the third-round post-quantum candidates of the National Institute of Standards and Technology (NIST) post-quantum standardization process against different attack vectors is of great importance for their overall assessment, we show the feasibility of performing our hybrid attack on Picnic, a post-quantum signature algorithm being an alternate candidate in the NIST post-quantum standardization competition. According to our results, our method may recover the Picnic private key for all Picnic parameter sets, tolerating up to 40% of noise for some of the parameter sets. Furthermore, we provide a detailed analysis of our method by giving the cost of its resources, its running time, and its success rate for various enumerations.

show abstract

Practical Cold boot attack on IoT device - Case study on Raspberry Pi -

Cited by 9 publications

References 4 publications

DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device

DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device

Are Cold Boot Attacks Still Feasible: A Case Study on Raspberry Pi With Stacked Memory

On recovering block cipher secret keys in the cold boot attack setting

Contact Info

Product

Resources

About