Defending Against Cold-Boot Attacks

“Up jumped the Swagman and sprang into the billabong
You’ll never catch me alive said he…”

Here’s the security take on that idea.

“You’ll Never Take Me Alive!” keeps an eye on your power and ethernet connections when you lock your laptop’s screen. If either get disconnected, it hibernates the system immediately, to ensure there’s no sensitive data left in RAM for someone to cold-boot extract.

Just how long it takes to re-write the contents of all those memory cells, I’ve no idea. And the John Young maxim (“Crypto is a trap”) holds as well as ever.

Still, this is a software approach to the concept of a relocker: in safes, the relocker is a component which, if the safe detects an attack, is triggered to further increase the security of the safe and slow down the attacker.

(Unlike the software approach, safe relockers seal the safe until a safe technican can be called. They’re comparatively new in safe history, spurred mostly by the development of better drills.)

“YoNTMA (You’ll Never Take Me Alive!) is a tool designed to enhance the protection of encrypted data. YoNTMA runs as a background service and begins monitoring your computer any time the screen is locked. If the power cable or Ethernet cable is disconnected from the system while your laptop is locked, YoNTMA will immediately hibernate the machine to ensure that the disk encryption keys do not remain in RAM. This ensures that if a thief walks off with your powered-on laptop, your encrypted data stays protected.”

%d bloggers like this: