5

My system is protected by Full Disk Encryption.

The weak point of my computer is RAM which lives a bit after computer is off,
containing some important safety information I would like to clean up.
And that's the point, I want to clean or overwrite RAM and shut down my computer just when Ctrl+Alt+Shift+C is pressed.

How to do that?

David Foerster
  • 36,264
  • 56
  • 94
  • 147
Krzysiek Witkowski
  • 318
  • 1
  • 3
  • 13
  • 1
    Can you at least specify against which information you want to defend against what kind of attacker? Cold boot attacks are very difficult to pull off outside of a lab and the post-mortem analysis for valuable information requires a lot of effort. I doubt that someone would try that against you before they try less difficult and expensive attacks (relevant xkcd). – David Foerster Sep 24 '16 at 00:14

2 Answers2

4

Just cut the power from your computer before you let the police in. I assume your machines run at room temperature, so the memory content should degrade within seconds.

There is no panacea against cold boot attacks. How would you suggest to identify which parts of memory contain sensitive information? What happens to the application(s) that reserved such a memory region?

On the positive side, there is no known case of a non-experimental cold boot attack.

P.S.: If you're concerned about master encryption secrets being leaked, get a hardware key store where the actual key never leaves the store and all encryption operations are performed on it.

David Foerster
  • 36,264
  • 56
  • 94
  • 147
  • https://niebezpiecznik.pl/wp-content/uploads/2009/12/Center-for-Information-Technology-Policy-Videos-and-Images.jpg Here You got how RAM degrades in avarage house temperature after 30 sec, 60 sec and 5 min as last pic. I just want to feel safe so is possible instead of "Mona Lisa" to overwrite her with "Da Vinci" there while shutting down? I think so but don't know how to do it yet. – Krzysiek Witkowski Sep 24 '16 at 11:23
  • Again, what information do you want to protect against what kind of attacker? Cold-boot attacks are only really worthwhile to extract cipher keys, but even a few randomly flipped bits make keys practically unusable even if the bit flips would be barely noticeable in an uncompressed image with the naked eye. – David Foerster Sep 24 '16 at 17:27
0

for cleaning cache memory :

sudo sysctl -w vm.drop_caches=3

or

sudo sync && echo 3 | sudo tee /proc/sys/vm/drop_caches

for short-cuts you can make a bash script that do one of these operations.

reference : clean cache memory

as for the ctrl+alt+shift+c i dont know how to do that.

Community
  • 1
Ahmed Al-attar
  • 313
  • 2
  • 13
  • 1
    OP wasn't to clean the main memory from sensitive information, not flush caches. -1 – David Foerster Sep 24 '16 at 00:05
  • ram flushing is possible as i know, but how to flush it with linux that was a new thing to me. as far as i know to over-ride/flood it. at for the cold boot attack i attend one and it was successfully . – Ahmed Al-attar Sep 24 '16 at 08:08
  • 2
    Exactly, freeing caches only deallocates and doesn't clean the associated memory. One would have to overwrite the remaining memory with garbage which isn't possible directly from user space (AFAIK). – David Foerster Sep 24 '16 at 08:25